Jump to content


Photo

Problem removing spyware!!!


  • This topic is locked This topic is locked
22 replies to this topic

#1 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 15 June 2007 - 12:00 PM

Hello everybody!!

I have a problem. Some time ago i dowloaded a crack from suspicious site, and of course i got spyware into my computer. Since then i have tried to get rid of it. First i tried to search internet for programs who cuold fix the problem but the problem got worse. Then i found a site who had som advises. I downloaded Vundofix and that solved the problem for a while. Before that i had scanded my computer with Adawere who didn´t found anything. Instead i tried SuperAntiSpyware and the program found a lot of things. But everytime i run the program there i still som Trojans wo dont be deleted. Please help my. I would be thankful for all the help i can get.

Here´s the logfile

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:45:30, on 2007-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\kgyfwnka.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\McAfee\Common Framework\FrameworkService.exe
C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\McAfee\Common Framework\UdaterUI.exe
C:\Program\iTunes\iTunesHelper.exe
D:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\McAfee\Common Framework\McTray.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Nikon\PictureProject\NkbMonitor.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
D:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
D:\Program\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Markus & Pia\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] D:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bredbandsbolaget] "C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\klacktto.dll",realset
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = D:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &HTPE - C:\Program\hattriX\HTPE.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hattrick Organizer Extension support - D:\ho_136\lineups\support.htm
O8 - Extra context menu item: Hattrick Organizer Lineups - D:\ho_136\lineups\hoe.htm
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\TRUST\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?1ef7195c11ac4a1fb249b6945e4f3f29
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?1ef7195c11ac4a1fb249b6945e4f3f29
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Hattrick Organizer - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\ho_136\lineups\hoe.exe
O9 - Extra 'Tools' menuitem: Hattrick Organizer - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\ho_136\lineups\hoe.exe
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170513251250
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program\TRUST\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\kgyfwnka.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 12159 bytes

Edited by theswede78, 15 June 2007 - 12:24 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 18 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 21 June 2007 - 12:17 PM

The spyware is back. Heres the new log file.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:02:15, on 2007-06-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\kgyfwnka.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\McAfee\Common Framework\FrameworkService.exe
C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\McAfee\Common Framework\UdaterUI.exe
C:\Program\iTunes\iTunesHelper.exe
D:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Nikon\PictureProject\NkbMonitor.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
D:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
C:\Program\McAfee\Common Framework\McTray.exe
C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Markus & Pia\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] D:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bredbandsbolaget] "C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = D:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &HTPE - C:\Program\hattriX\HTPE.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hattrick Organizer Extension support - D:\ho_136\lineups\support.htm
O8 - Extra context menu item: Hattrick Organizer Lineups - D:\ho_136\lineups\hoe.htm
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\TRUST\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?1ef7195c11ac4a1fb249b6945e4f3f29
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?1ef7195c11ac4a1fb249b6945e4f3f29
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Hattrick Organizer - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\ho_136\lineups\hoe.exe
O9 - Extra 'Tools' menuitem: Hattrick Organizer - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\ho_136\lineups\hoe.exe
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerfoot...PowerLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170513251250
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program\TRUST\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\kgyfwnka.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 11959 bytes

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 21 June 2007 - 01:41 PM

Hi,

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Next:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 21 June 2007 - 04:29 PM

Here´s the log from Dr.Web

mirc.exe;C:\Program Files\mIRC;Program.mIRC.616;Incurable.Moved.;
Update.dll;C:\Program\Bredbandsbolaget\Servicecenter\modules;Probably DLOADER.Trojan;Incurable.Moved.;
A0000134.DLL;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP1;Trojan.Virtumod;Deleted.;
A0002168.dll;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15;Trojan.Virtumod;Deleted.;
A0002174.dll;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15;Trojan.Virtumod;Deleted.;
A0002175.dll;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15;Trojan.Virtumod;Deleted.;
A0002177.dll;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15;Trojan.Virtumod;Deleted.;
A0002178.dll;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15;Trojan.Virtumod;Deleted.;
A0002181.dll;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15;Trojan.Virtumod;Deleted.;
A0002182.dll;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15;Trojan.Virtumod;Deleted.;
A0002184.DLL;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15;Trojan.Virtumod;Deleted.;
A0002344.exe;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP17;Trojan.MulDrop.6428;Deleted.;
A0002350.exe;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP17;Adware.NewDotNet;Incurable.Moved.;
A0002351.exe;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP17;Adware.NewDotNet;Incurable.Moved.;
A0002352.exe;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP17;Trojan.DownLoader.17676;Deleted.;
A0002353.DLL;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP17;Trojan.Mezzia;Deleted.;
A0002354.DLL;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP17;Trojan.Virtumod;Deleted.;
A0003389.DLL;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP24;Trojan.Juan;Deleted.;
A0003393.EXE;C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP24;Trojan.EzulaAd;Deleted.;
lrrwpbcg.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ninlvweh.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
quariekx.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
tfaslqgv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

#6 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 21 June 2007 - 04:35 PM

ComboFix 07-06-18.2 - C:\Documents and Settings\Markus
"Markus & Pia" - 2007-06-21 23:29:36 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\MARKUS~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\9EPDKEUV\www.broadcaster.com
C:\DOCUME~1\MARKUS~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\MARKUS~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\MARKUS~1\SKRIVB~1.\internet explorer.lnk
C:\Program\Delade filer\Yazzle1162OinUninstaller.exe
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\helptip.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\powerup.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\timerup.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\warning.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\warning2.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\bar.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\chamber0.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\chamber1.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\circledoor.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\help-bb_large.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\help-bb_small.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\hexfield.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\trifield.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetlehover1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetlehover2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetlehover3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetlehover4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetleshock1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetleshock2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetleshock3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetleshock4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetletatoo.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\dirt.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\scarabpost.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\scarabpostovr.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\tritop.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowdown_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowdown_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowdown_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowup_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowup_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowup_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\checkdown.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\checkup.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\long_button_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\long_button_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\long_button_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\orange-button_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\orange-button_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\orange-button_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\simplebutton_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\simplebutton_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\simplebutton_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\sliderknob.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\sliderknobover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\sliderrail.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\characters\bast\look\bl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\crackedstopper.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\cursor.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\doorlights.txt
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\fonts\lithos.mvec
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\greybomb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\helptips\arrowkeys.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\helptips\helptip.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\levels\levels.dat
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\disk.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\equilateraltriangle.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\flattri.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\pyramid.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\quad.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\rotatingpyramid.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\scarabpanel.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\p1icon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\scenes\page1-0.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\scenes\page1-1.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\scenes\panel1-0-1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\scenes\panel1-1-1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\scorecloud.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\setup.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\areashockwave.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_starter.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_tail.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\flash.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\rubble.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\smoke.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\smoke2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\smoke3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\statues\statue1\mask01_1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\stopper.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\timer.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\timerglow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\timericon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\tm.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseblue1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseblue2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseblue3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousegreen1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousegreen2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousegreen3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousered1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousered2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousered3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseyellow1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseyellow2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseyellow3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\areabomb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\areabombrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\blue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\bluerollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\boardfill.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\brick.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\brick1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\brick2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\brick3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\bricktip.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\eye1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\eye2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\eye3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\eye4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\green.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\greenrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-blue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-green.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-red.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\red.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\redrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\wild.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\wildrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\yellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\yellowrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\upsell\image0.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\upsell\image1.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\upsell\image2.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\upsell\image3.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\bluebucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\buckettriangle.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\chainlink.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\chaintip.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\genericbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\greenbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\redbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\smallblue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\smallgreen.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\smallred.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\smallyellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\urnglow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\urnplatform.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\yellowbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\warning.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\error.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\game.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\gameover.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\hiscore.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\instructions.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\leveldesign.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\levelover.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\mainarcade.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\mainconfirm.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\maincontinue.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\maingames.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\mainpuzzle.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\maphelptip.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\options.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\pause.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\quitconfirm.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\start.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\storyplayer.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\style.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\upsell.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\strings.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\TriJinx.exe
C:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-21 23:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 22:07 <KAT> d-------- C:\DOCUME~1\MARKUS~1\DoctorWeb
2007-06-17 22:33 <KAT> d-------- C:\DOCUME~1\MARKUS~1\APPLIC~1\dvdcss
2007-06-15 19:32 <KAT> d-------- C:\Program\PowerChallenge
2007-06-15 17:10 <KAT> d-------- C:\Program\SUPERAntiSpyware
2007-06-15 17:10 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-06-15 17:10 <KAT> d-------- C:\DOCUME~1\MARKUS~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-15 17:10 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-13 21:09 <KAT> d-------- C:\VundoFix Backups
2007-06-04 17:46 <KAT> d-------- C:\QUARANTINE
2007-06-02 23:57 <KAT> d-------- C:\DOCUME~1\MARKUS~1\APPLIC~1\Softplicity
2007-06-02 16:16 <KAT> d-------- C:\Program\iTunes
2007-06-02 16:16 <KAT> d-------- C:\Program\iPod
2007-06-02 16:13 <KAT> d-------- C:\Program\Apple Software Update
2007-06-02 16:09 <KAT> d-------- C:\Program\QuickTime
2007-05-31 20:05 <KAT> d-------- C:\Program\Joost
2007-05-31 20:05 <KAT> d-------- C:\DOCUME~1\MARKUS~1\APPLIC~1\Joost
2007-05-30 20:06 <KAT> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-29 23:14 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-05-29 23:14 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-29 23:14 <KAT> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-29 22:04 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-05-29 22:04 <KAT> d-------- C:\Program\Delade filer\Cisco Systems
2007-05-29 22:03 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-05-29 22:03 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-05-29 22:03 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-05-29 22:03 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-05-29 22:03 168,776 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-05-29 22:03 <KAT> d-------- C:\Program\Delade filer\McAfee
2007-05-29 21:44 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys
2007-05-29 21:44 43,648 -ra------ C:\WINDOWS\system32\drivers\jraid.sys
2007-05-29 21:38 466,944 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2007-05-29 21:38 35,840 -ra------ C:\WINDOWS\system32\NVCOI.DLL
2007-05-29 21:38 289,792 -ra------ C:\WINDOWS\system32\idecoiins.dll
2007-05-29 21:38 289,792 -ra------ C:\WINDOWS\system32\idecoi.dll
2007-05-29 21:38 208,896 -ra------ C:\WINDOWS\system32\nvusmb.exe
2007-05-29 21:38 208,896 --------- C:\WINDOWS\system32\nvuide.exe
2007-05-29 21:38 100,736 -ra------ C:\WINDOWS\system32\drivers\nvata.sys
2007-05-29 21:38 <KAT> d-------- C:\WINDOWS\NV40644072.TMP
2007-05-29 21:37 495,616 -ra------ C:\WINDOWS\system32\AsusSetup.exe
2007-05-27 23:39 <KAT> d-------- C:\WINDOWS\system32\Lang
2007-05-27 23:34 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-05-27 23:33 9,709,568 -ra------ C:\WINDOWS\RTLCPL.EXE
2007-05-27 23:33 86,016 -ra------ C:\WINDOWS\SoundMan.exe
2007-05-27 23:33 4,225,920 -ra------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-05-27 23:33 2,879,488 -ra------ C:\WINDOWS\SkyTel.exe
2007-05-27 23:33 1,183,744 -ra------ C:\WINDOWS\RtlUpd.exe
2007-05-27 23:33 <KAT> d-------- C:\WINDOWS\system32\RTCOM
2007-05-27 23:32 69,632 -ra------ C:\WINDOWS\Alcmtr.exe
2007-05-27 23:32 2,808,832 -ra------ C:\WINDOWS\ALCWZRD.EXE
2007-05-27 23:32 2,157,568 -ra------ C:\WINDOWS\MicCal.exe
2007-05-27 23:32 16,270,848 -ra------ C:\WINDOWS\RTHDCPL.EXE
2007-05-27 23:32 <KAT> d-------- C:\Program\Realtek
2007-05-27 22:43 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-05-27 22:35 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-27 22:17 <KAT> d-------- C:\WINDOWS\VirtualEar
2007-05-27 22:17 <KAT> d-------- C:\Program\Analog Devices
2007-05-24 18:23 <KAT> d-------- C:\DOCUME~1\MARKUS~1\APPLIC~1\SecuROM
2007-05-23 20:39 <KAT> d-------- C:\WINDOWS\nview
2007-05-23 20:24 <KAT> d-------- C:\WINDOWS\JM
2007-05-23 20:20 <KAT> d-------- C:\WINDOWS\ASUSInstAll
2007-05-23 20:19 499,712 -r------- C:\WINDOWS\RtlExUpd.dll
2007-05-23 20:18 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2007-05-23 20:18 9,728 --a------ C:\WINDOWS\system32\bdco1(2).dll
2007-05-23 20:18 9,728 --------- C:\WINDOWS\system32\bdco1.dll
2007-05-23 20:18 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-05-23 20:18 35,840 --a------ C:\WINDOWS\system32\nvconrm(2).dll
2007-05-23 20:18 35,840 --------- C:\WINDOWS\system32\nvconrm.dll
2007-05-23 20:18 34,176 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2007-05-23 20:18 305,152 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2007-05-23 20:18 222,592 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2007-05-23 20:18 204,288 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2007-05-23 20:18 204,288 --a------ C:\WINDOWS\system32\fdco1(2).dll
2007-05-23 20:18 204,288 --------- C:\WINDOWS\system32\fdco1.dll
2007-05-23 20:18 159,232 -ra------ C:\WINDOWS\system32\fdco_l1036.dll
2007-05-23 20:18 159,232 -ra------ C:\WINDOWS\system32\fdco_l1034.dll
2007-05-23 20:18 159,232 -ra------ C:\WINDOWS\system32\fdco_l1031.dll
2007-05-23 20:18 158,720 -ra------ C:\WINDOWS\system32\fdco_l1046.dll
2007-05-23 20:18 158,720 -ra------ C:\WINDOWS\system32\fdco_l1040.dll
2007-05-23 20:18 156,672 -ra------ C:\WINDOWS\system32\fdco_l1042.dll
2007-05-23 20:18 156,672 -ra------ C:\WINDOWS\system32\fdco_l1041.dll
2007-05-23 20:18 155,648 -ra------ C:\WINDOWS\system32\fdco_l1028.dll
2007-05-23 20:18 155,136 -ra------ C:\WINDOWS\system32\fdco_l2052.dll
2007-05-23 20:18 13,056 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2007-05-23 20:18 101,632 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-05-23 20:18 <KAT> d-------- C:\WINDOWS\NV40922020.TMP
2007-05-23 20:16 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2007-05-23 19:45 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-05-23 18:40 <KAT> d-------- C:\Program\Joost(2)
2007-05-23 18:40 <KAT> d-------- C:\DOCUME~1\MARKUS~1\APPLIC~1\Joost(2)
2007-05-23 16:11 <KAT> d-------- C:\Program\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 20:05:22 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-05-29 21:16:44 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-05-29 19:54:32 65,084 ----a-w C:\WINDOWS\system32\perfc01D.dat
2007-05-29 19:54:32 389,376 ----a-w C:\WINDOWS\system32\perfh01D.dat
2007-05-16 15:20:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 16:06:22 -------- d-----w C:\DOCUME~1\MARKUS~1\APPLIC~1\iid
2007-04-25 14:22:56 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:40 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-22 08:50:00 958,464 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-03-22 08:50:00 928,096 ----a-w C:\WINDOWS\system32\nvucode.bin
2007-03-22 08:50:00 815,104 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-03-22 08:50:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-03-22 08:50:00 81,920 ------w C:\WINDOWS\system32\nvmctray.dll
2007-03-22 08:50:00 8,425,472 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-03-22 08:50:00 6,660,096 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-03-22 08:50:00 5,718,016 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-03-22 08:50:00 5,445,888 ------w C:\WINDOWS\system32\nv4_disp.dll
2007-03-22 08:50:00 5,251,072 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-03-22 08:50:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-03-22 08:50:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-03-22 08:50:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-03-22 08:50:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-03-22 08:50:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-03-22 08:50:00 36,352 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-03-22 08:50:00 36,352 ------w C:\WINDOWS\system32\nvcod.dll
2007-03-22 08:50:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-03-22 08:50:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-03-22 08:50:00 335,872 ------w C:\WINDOWS\system32\nvapi.dll
2007-03-22 08:50:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-03-22 08:50:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-03-22 08:50:00 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-03-22 08:50:00 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-03-22 08:50:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-03-22 08:50:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-03-22 08:50:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-03-22 08:50:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-03-22 08:50:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-03-22 08:50:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-03-22 08:50:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-03-22 08:50:00 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-03-22 08:50:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-03-22 08:50:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-03-22 08:50:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-03-22 08:50:00 3,620,864 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-03-22 08:50:00 3,391,488 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-03-22 08:50:00 3,235,840 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-03-22 08:50:00 3,145,728 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-03-22 08:50:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-03-22 08:50:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-03-22 08:50:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-03-22 08:50:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-03-22 08:50:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-03-22 08:50:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-03-22 08:50:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-03-22 08:50:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-03-22 08:50:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-03-22 08:50:00 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-03-22 08:50:00 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-03-22 08:50:00 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-03-22 08:50:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-03-22 08:50:00 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-03-22 08:50:00 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-03-22 08:50:00 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-03-22 08:50:00 274,432 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-03-22 08:50:00 270,336 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-03-22 08:50:00 266,240 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-03-22 08:50:00 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-03-22 08:50:00 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-03-22 08:50:00 262,144 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-03-22 08:50:00 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-03-22 08:50:00 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-03-22 08:50:00 253,952 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-03-22 08:50:00 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-03-22 08:50:00 253,952 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-03-22 08:50:00 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-03-22 08:50:00 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-03-22 08:50:00 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-03-22 08:50:00 245,760 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-03-22 08:50:00 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-03-22 08:50:00 245,760 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-03-22 08:50:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-03-22 08:50:00 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-03-22 08:50:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-03-22 08:50:00 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-03-22 08:50:00 2,379,776 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-03-22 08:50:00 2,113,536 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-03-22 08:50:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-03-22 08:50:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-03-22 08:50:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-03-22 08:50:00 163,908 ------w C:\WINDOWS\system32\nvsvc32.exe
2004-12-26 16:04:32 56 --sh--r C:\WINDOWS\system32\B4434F4C25.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=C:\Program\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-30 08:50]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program\google\googletoolbar3.dll [2007-01-19 23:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-12 14:31]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll [2005-07-07 16:21]
{E5A1691B-D188-4419-AD02-90002030B8EE}=C:\Program\FlashFXP\IEFlash.dll [2004-07-29 19:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2006-04-27 19:49]
"ShStatEXE"="C:\Program\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-04-27 09:41]
"McAfeeUpdaterUI"="C:\Program\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"HPHUPD08"="D:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35]
"HP Software Update"="D:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"Bredbandsbolaget"="C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe" [2006-08-08 02:36]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:34 C:\WINDOWS\system32\bthprops.cpl]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 C:\WINDOWS\RTHDCPL.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 12:43 C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 14:31]
"WMPNSCFG"="C:\Program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:49]
"msnmsgr"="C:\Program\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32]
winrvc32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Markus & Pia^Start-meny^Program^Autostart^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net iD]
C:\WINDOWS\system32\iid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
"C:\Program\Analog Devices\SoundMAX\smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60da0787-b524-11d8-a11c-806d6172696f}]
AutoRun\command- F:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-06-18 15:24:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 23:32:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Files hidden from API:
C:\WINDOWS\Fj„drar.bmp
C:\WINDOWS\Žrgad koppar.bmp
C:\WINDOWS\Solfj„drar.bmp
C:\WINDOWS\™kensand.bmp

Completion time: 2007-06-21 23:34:09
C:\ComboFix-quarantined-files.txt ... 2007-06-21 23:32

--- E O F ---

#7 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 22 June 2007 - 03:12 AM

Hi again,

Ok, that worked well.

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32]




Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Next:

Download GMER from here:
http://www.majorgeek...GMER_d5198.html

Unzip it to desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, apart from ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Please also post a fresh HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#8 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 22 June 2007 - 05:00 AM

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-22 11:59:05
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT a347bus.sys ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT a347bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C40 805039F4 16 Bytes [ 00, 0B, 78, BA, F0, C1, C7, ... ]
.text ntkrnlpa.exe!ZwYieldExecution 80503FC8 7 Bytes JMP A89AA398 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0A7E 7 Bytes JMP A89AA3AE \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B188C 5 Bytes JMP A89AA3C4 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6E52 7 Bytes JMP A89AA36E \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwRenameKey 80621B2A 7 Bytes JMP A89AA308 \SystemRoot\system32\drivers\mfehidk.sys
? srescan.sys Det går inte att hitta filen.
? C:\WINDOWS\System32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006A0F4D
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006A0F68
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006A0036
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006A0F79
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006A001B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006A0F17
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006A0F32
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006A008B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006A0EFC
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 006A00A6
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 006A0F94
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 006A0FCA
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 006A005D
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 006A0000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 006A0FAF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 006A007A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00690047
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00690095
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00690036
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 0069001B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00690084
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00690069
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00690000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00690058
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[604] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 00670000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CE0F72
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CE0071
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CE0056
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CE0F97
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CE002F
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CE0F33
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CE0F50
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CE0F00
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CE0F11
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00CE00AA
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00CE0FA8
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00CE000A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00CE0F61
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00CE0FC3
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00CE0F22
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00CD0FDB
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00CD0F94
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00CD002C
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00CD0011
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00CD0FA5
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00CD0FB6
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00CD0000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00CD0047
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[712] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 00CB0000
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01AB0FEF
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01AB0080
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01AB0065
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01AB0F8B
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01AB0FB2
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01AB002F
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01AB0F42
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01AB0F69
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01AB00DB
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01AB00CA
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 01AB00F6
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01AB004A
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 01AB0FDE
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 01AB0F7A
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 01AB0FCD
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 01AB0014
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 01AB00A5
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 01AA0FCA
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01AA0F7C
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 01AA001B
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 01AA000A
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01AA0F8D
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 01AA0F9E
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 01AA0FE5
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 01AA0FB9
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE[768] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 01A80FE5
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FEF
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070067
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F72
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070F83
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F94
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070036
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070098
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F46
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000700BA
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F21
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00070F06
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00070FA5
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070FD4
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00070F57
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070025
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0007000A
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 000700A9
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00060FB9
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00060F8A
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00060FD4
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00060FE5
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00060047
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00060036
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00060000
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00060025
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[856] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 00040FEF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE000A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CE0F69
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CE0F7A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CE0F97
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CE0FA8
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CE008F
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CE0F3D
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CE0F2C
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CE00BB
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00CE0F1B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00CE0FB9
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00CE0F4E
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00CE0040
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00CE0025
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00CE00AA
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00CD0039
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00CD008A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00CD001E
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00CD0FDE
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00CD0FC3
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00CD0065
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00CD004A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1032] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A50FB7
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A500AC
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A50FC8
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A50091
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A5005B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A50FA6
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A500E2
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A50F70
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A50F81
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A5011A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A5006C
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A50014
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A500C7
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A50040
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A5002F
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A50109
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00A40FB9
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00A4005B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00A40FCA
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00A4000A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00A40F94
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00A40040
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00A40FE5
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00A40025
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1088] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0315000A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 03150089
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 03150078
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 03150F9E
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 03150051
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 03150FCA
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 03150F4B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 03150F68
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 031500E4
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 031500C9
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 03150F30
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 03150FB9
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0315001B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 03150F79
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 03150036
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 03150FDB
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 031500B8
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 03040FCA
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 03040F8A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 03040FDB
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 03040011
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 03040047
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 03040FA5
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 03040000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 03040036
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 03010000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 03020FDE
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 03020FEF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 03020FC1
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1184] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 03020FA6
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00830000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0083007D
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00830062
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00830051
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00830F9E
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0083001B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00830098
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00830F52
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00830F10
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00830F2B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008300CE
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00830036
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00830FDB
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00830F6D
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00830FAF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00830FCA
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008300A9
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00820036
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 0082006C
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00820025
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00820FE5
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00820FA5
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00820FC0
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00820000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00820047
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1272] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 00800FEF
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E60FEF
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E60F83
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E60078
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E6005B
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E60F9E
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E60FAF
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E600C1
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E600A4
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E60F39
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E600D2
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00E60F1E
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00E60040
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00E6000A
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00E60093
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00E6001B
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00E60FCA
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00E60F54
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00E50FDB
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00E50F9E
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00E50036
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00E50025
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00E50FB9
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00E50051
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00E5000A
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00E50FCA
.text C:\PROGRAM\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE[1292] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 00E30000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01150FEF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0115006C
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0115005B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01150F83
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01150F9E
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01150040
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01150F3F
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01150F50
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011500AC
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01150F13
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 011500C7
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01150FAF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0115000A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0115007D
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 01150FD4
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0115001B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 01150F24
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 01140FCA
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 0114005B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 0114001B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 0114000A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01140F9E
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 01140040
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 01140FE5
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 01140FAF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1320] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 01120000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D30F77
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D30076
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D30065
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D3004A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D30FA8
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D300AE
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D30F66
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D300DA
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D30F41
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00D300F5
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00D30039
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00D30FD4
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00D30087
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00D30014
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00D30FB9
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00D300BF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] ADVAPI32.dll!RegOpenKeyExW 77DC6A78 5 Bytes JMP 00D20FE5
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00D20F83
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] ADVAPI32.dll!RegOpenKeyExA 77DC761B 5 Bytes JMP 00D20036
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] ADVAPI32.dll!RegOpenKeyW 77DC770F 5 Bytes JMP 00D2001B
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00D20F94
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] ADVAPI32.dll!RegCreateKeyW 77DE8F7D 5 Bytes JMP 00D20FAF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] ADVAPI32.dll!RegOpenKeyA 77DEC41B 5 Bytes JMP 00D20000
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] ADVAPI32.dll!RegCreateKeyA 77DED5BB 5 Bytes JMP 00D20FCA
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] WS2_32.dll!socket 71AA3B91 5 Bytes JMP 00CF000A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00D0000A
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1356] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00D00FC8
.text

#9 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 22 June 2007 - 05:02 AM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:01:23, on 2007-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\McAfee\Common Framework\FrameworkService.exe
C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\McAfee\Common Framework\UdaterUI.exe
C:\Program\iTunes\iTunesHelper.exe
D:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\McAfee\Common Framework\McTray.exe
C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Nikon\PictureProject\NkbMonitor.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
D:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
D:\Program\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Markus & Pia\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] D:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bredbandsbolaget] "C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = D:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &HTPE - C:\Program\hattriX\HTPE.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hattrick Organizer Extension support - D:\ho_136\lineups\support.htm
O8 - Extra context menu item: Hattrick Organizer Lineups - D:\ho_136\lineups\hoe.htm
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\TRUST\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?1ef7195c11ac4a1fb249b6945e4f3f29
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?1ef7195c11ac4a1fb249b6945e4f3f29
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Hattrick Organizer - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\ho_136\lineups\hoe.exe
O9 - Extra 'Tools' menuitem: Hattrick Organizer - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\ho_136\lineups\hoe.exe
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerfoot...PowerLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170513251250
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program\TRUST\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 11621 bytes

#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 22 June 2007 - 05:10 AM

Hi again,

OK, it's looking good, please run this scan to see if there are any leftovers:

Please do the following:
Run a BitDefender Online scan Here and post the results.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 22 June 2007 - 07:16 AM

Hi again Jedi!

Started the BitDefender scan. When I came back to the computer the scan had been terminated and McFee had a dilogwindow that it had taken action against som Vundo program. I just started a new BitDefender scan. Do you want a new HiJack report?

#12 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 22 June 2007 - 07:44 AM

Heres part of the logfile from McFee. The last messages from today. The Bit defender scan was terminated again! What to do now?

2007-06-22 11:42:36 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\OR49E9S3\InboxLight[1].aspx\InboxLight[1]
2007-06-22 11:42:39 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\6BMBU1GJ\ReadMessageLight[1].aspx\ReadMessageLight[1]
2007-06-22 11:42:44 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\OR49E9S3\index[1].php\index[1]
2007-06-22 11:49:12 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\4LMDOV8L\GMER_d5198[1].html\GMER_d5198[1]
2007-06-22 11:49:14 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\OR49E9S3\show_ads[1].js\show_ads[1]
2007-06-22 11:49:16 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\4LMDOV8L\textlinks[1].js\textlinks[1]
2007-06-22 11:49:17 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\4LMDOV8L\urchin[1].js\urchin[1]
2007-06-22 11:49:51 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\4LMDOV8L\download[1].php\download[1]
2007-06-22 11:59:54 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\O8HDGU77\index[1].php\index[1]
2007-06-22 12:00:34 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\6BMBU1GJ\index[1].php\index[1]
2007-06-22 12:01:59 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\OR49E9S3\index[1].php\index[1]
2007-06-22 12:02:33 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\4LMDOV8L\index[1].php\index[1]
2007-06-22 12:03:06 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\O8HDGU77\index[1].php\index[1]
2007-06-22 12:50:29 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\4LMDOV8L\InboxLight[1].aspx\InboxLight[1]
2007-06-22 12:50:32 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\6BMBU1GJ\ReadMessageLight[1].aspx\ReadMessageLight[1]
2007-06-22 12:50:37 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\4LMDOV8L\index[1].php\index[1]
2007-06-22 12:51:01 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\OR49E9S3\ie[1].html\ie[1]
2007-06-22 13:27:32 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\4LMDOV8L\InboxLight[1].aspx\InboxLight[1]
2007-06-22 13:28:51 1025 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe c:\system volume information\_restore{dc677c6b-6d8e-4c93-a398-b87d3c0401f7}\rp8\a0001407.dll Vundo ()
2007-06-22 13:28:51 1027 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\SYSTEM VOLUME INFORMATION\_RESTORE{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP8\A0001407.DLL Vundo ()
2007-06-22 13:28:51 1027 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP8\A0001407.dll Vundo ()
2007-06-22 13:56:28 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\4LMDOV8L\InboxLight[1].aspx\InboxLight[1]
2007-06-22 13:56:33 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\6BMBU1GJ\ReadMessageLight[1].aspx\ReadMessageLight[1]
2007-06-22 13:56:38 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\O8HDGU77\index[1].php\index[1]
2007-06-22 14:03:53 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\6BMBU1GJ\InboxLight[1].aspx\InboxLight[1]
2007-06-22 14:03:56 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\O8HDGU77\ReadMessageLight[1].aspx\ReadMessageLight[1]
2007-06-22 14:04:02 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\OR49E9S3\index[1].php\index[1]
2007-06-22 14:13:01 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\4LMDOV8L\index[1].php\index[1]
2007-06-22 14:16:24 1051 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temporary Internet Files\Content.IE5\O8HDGU77\index[1].php\index[1]
2007-06-22 14:32:47 1027 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\SYSTEM VOLUME INFORMATION\_RESTORE{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15\A0002176.EXE AllowCookie ()
2007-06-22 14:32:48 1027 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15\A0002176.exe AllowCookie ()
2007-06-22 14:32:48 1027 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\SYSTEM VOLUME INFORMATION\_RESTORE{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15\A0002185.EXE AllowCookie ()
2007-06-22 14:32:48 1027 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP15\A0002185.exe AllowCookie ()
2007-06-22 14:33:07 1278 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Markus & Pia\Lokala inställningar\Temp\tmp0000350e\tmp000fcc12 New Poly Win32 ()
2007-06-22 14:33:46 1025 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe c:\system volume information\_restore{dc677c6b-6d8e-4c93-a398-b87d3c0401f7}\rp24\a0003371.dll Vundo ()
2007-06-22 14:33:46 1027 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\SYSTEM VOLUME INFORMATION\_RESTORE{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP24\A0003371.DLL Vundo ()
2007-06-22 14:33:46 1027 MARKUS\Markus & Pia C:\Program\Internet Explorer\iexplore.exe C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP24\A0003371.DLL Vundo ()

Edited by theswede78, 22 June 2007 - 07:45 AM.


#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 22 June 2007 - 08:30 AM

Hi again,

Let's try something else.

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
Select the following:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

Next:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#14 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 22 June 2007 - 09:15 AM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:14:04, on 2007-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\McAfee\Common Framework\FrameworkService.exe
C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\McAfee\Common Framework\UdaterUI.exe
C:\Program\iTunes\iTunesHelper.exe
D:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\McAfee\Common Framework\McTray.exe
C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Nikon\PictureProject\NkbMonitor.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
D:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
D:\Program\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Markus & Pia\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] D:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bredbandsbolaget] "C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = D:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &HTPE - C:\Program\hattriX\HTPE.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hattrick Organizer Extension support - D:\ho_136\lineups\support.htm
O8 - Extra context menu item: Hattrick Organizer Lineups - D:\ho_136\lineups\hoe.htm
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\TRUST\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?1ef7195c11ac4a1fb249b6945e4f3f29
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?1ef7195c11ac4a1fb249b6945e4f3f29
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Hattrick Organizer - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\ho_136\lineups\hoe.exe
O9 - Extra 'Tools' menuitem: Hattrick Organizer - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\ho_136\lineups\hoe.exe
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerfoot...PowerLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170513251250
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program\TRUST\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 11907 bytes





VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 21:09:14 2007-06-13

Listing files found while scanning....

C:\windows\system32\jkkhefg.dll
C:\windows\system32\kjvtlaaj.exe
C:\windows\system32\lrrwpbcg.dll
C:\WINDOWS\system32\ninlvweh.dll
C:\WINDOWS\system32\pmnnlmm.dll
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\qqstv.tmp
C:\windows\system32\quariekx.dll
C:\windows\system32\tfaslqgv.dll
C:\windows\system32\vgqlsaft.ini
C:\WINDOWS\system32\vtsqq.dll
C:\windows\system32\yqmfchys.exe

Beginning removal...

Attempting to delete C:\windows\system32\jkkhefg.dll
C:\windows\system32\jkkhefg.dll Has been deleted!

Attempting to delete C:\windows\system32\kjvtlaaj.exe
C:\windows\system32\kjvtlaaj.exe Has been deleted!

Attempting to delete C:\windows\system32\lrrwpbcg.dll
C:\windows\system32\lrrwpbcg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ninlvweh.dll
C:\WINDOWS\system32\ninlvweh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnlmm.dll
C:\WINDOWS\system32\pmnnlmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\qqstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqstv.tmp
C:\WINDOWS\system32\qqstv.tmp Has been deleted!

Attempting to delete C:\windows\system32\quariekx.dll
C:\windows\system32\quariekx.dll Has been deleted!

Attempting to delete C:\windows\system32\tfaslqgv.dll
C:\windows\system32\tfaslqgv.dll Has been deleted!

Attempting to delete C:\windows\system32\vgqlsaft.ini
C:\windows\system32\vgqlsaft.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqq.dll Has been deleted!

Attempting to delete C:\windows\system32\yqmfchys.exe
C:\windows\system32\yqmfchys.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 11:22:03 2007-06-15

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 17:44:15 2007-06-15

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 16:10:02 2007-06-22

Listing files found while scanning....

No infected files were found.


Beginning removal...

#15 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 22 June 2007 - 09:18 AM

Hi Jedi!

I´ll be gone this evning and tomorrow before none. I´m going visit some friends out of town.

Just telli´n you if wounder if i don´t reply.

We´ll romove that f*"##ing vundo tommorw!!!

Edited by theswede78, 22 June 2007 - 09:19 AM.


#16 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 23 June 2007 - 05:12 AM

Hi again,

Well, it looks like VundoFix did its' job, your log looks clean. How's your PC running now?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#17 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 23 June 2007 - 02:20 PM

Hello Jedi!

I´m back now. My computer i running pretty well now except that when i´m going to turn the computer off windows take really long time to shut down. When i start the computer the system want to do a diskcheck. This appeared last time i had vundo. When the vundo was gone the shut down and turn on worked fine. BUt Vundo came back. May Vundo come back again. Or am I safe now?

I´ll try to scan with BitDefender again. It was really strange that the scan got terminated. I think it got terminated when it tried to clean out the vundo.

Edited by theswede78, 23 June 2007 - 02:30 PM.


#18 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 23 June 2007 - 03:45 PM

Ok let me know what happens, if BitDefender won't run we'll try another one.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#19 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 23 June 2007 - 04:46 PM

BitDefender scan went good this time and finiched. Cleaned out some viruses that i other virusprograms did´nt found. Do you think my comuter i completley clean now?

BitDefender report:

C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP25\A0003544.exe
Detected with: Application.ErrorGuard.A

C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP25\A0003544.exe
Disinfection failed

C:\System Volume Information\_restore{DC677C6B-6D8E-4C93-A398-B87D3C0401F7}\RP25\A0003544.exe
Deleted

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\Autorun.exe=>(CAB Sfx r)=>rundll32.exe
Infected with: Backdoor.Rbot.0659.A

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\Autorun.exe=>(CAB Sfx r)=>rundll32.exe
Disinfection failed

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\Autorun.exe=>(CAB Sfx r)=>rundll32.exe
Deleted

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\Autorun.exe=>(CAB Sfx r)
Update failed

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\CDSetup.exe=>(CAB Sfx r)=>rundll32.exe
Infected with: Backdoor.Rbot.0659.A

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\CDSetup.exe=>(CAB Sfx r)=>rundll32.exe
Disinfection failed

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\CDSetup.exe=>(CAB Sfx r)=>rundll32.exe
Deleted

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\CDSetup.exe=>(CAB Sfx r)
Update failed

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\en-US\Install.exe=>(CAB Sfx r)=>rundll32.exe
Infected with: Backdoor.Rbot.0659.A

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\en-US\Install.exe=>(CAB Sfx r)=>rundll32.exe
Disinfection failed

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\en-US\Install.exe=>(CAB Sfx r)=>rundll32.exe
Deleted

K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\en-US\Install.exe=>(CAB Sfx r)
Update failed

K:\Torrents\Finniched\XoftSpySE 4.31 + Crack\CRACK\ParetoLogic_Slayer_v1.2.exe
Infected with: Backdoor.Hupigon.BV

K:\Torrents\Finniched\XoftSpySE 4.31 + Crack\CRACK\ParetoLogic_Slayer_v1.2.exe
Disinfection failed

K:\Torrents\Finniched\XoftSpySE 4.31 + Crack\CRACK\ParetoLogic_Slayer_v1.2.exe
Deleted

K:\Torrents\Finniched\XoftSpySE 4.31 + Crack\XoftSpySE 4.31 + Crack.zip=>CRACK/ParetoLogic_Slayer_v1.2.exe
Infected with: Backdoor.Hupigon.BV

K:\Torrents\Finniched\XoftSpySE 4.31 + Crack\XoftSpySE 4.31 + Crack.zip=>CRACK/ParetoLogic_Slayer_v1.2.exe
Disinfection failed

K:\Torrents\Finniched\XoftSpySE 4.31 + Crack\XoftSpySE 4.31 + Crack.zip=>CRACK/ParetoLogic_Slayer_v1.2.exe
Deleted

K:\Torrents\Finniched\XoftSpySE 4.31 + Crack\XoftSpySE 4.31 + Crack.zip
Updated



***********************************************

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:50:42, on 2007-06-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\McAfee\Common Framework\FrameworkService.exe
C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\McAfee\Common Framework\UdaterUI.exe
C:\Program\iTunes\iTunesHelper.exe
D:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\McAfee\Common Framework\McTray.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Nikon\PictureProject\NkbMonitor.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
D:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
D:\Program\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program\internet explorer\iexplore.exe
C:\Documents and Settings\Markus & Pia\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] D:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bredbandsbolaget] "C:\Program\Bredbandsbolaget\Servicecenter\servicecenter.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = D:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &HTPE - C:\Program\hattriX\HTPE.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hattrick Organizer Extension support - D:\ho_136\lineups\support.htm
O8 - Extra context menu item: Hattrick Organizer Lineups - D:\ho_136\lineups\hoe.htm
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\TRUST\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?1ef7195c11ac4a1fb249b6945e4f3f29
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?1ef7195c11ac4a1fb249b6945e4f3f29
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Hattrick Organizer - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\ho_136\lineups\hoe.exe
O9 - Extra 'Tools' menuitem: Hattrick Organizer - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\ho_136\lineups\hoe.exe
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerfoot...PowerLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170513251250
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program\TRUST\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 12067 bytes

Edited by theswede78, 23 June 2007 - 04:51 PM.


#20 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 24 June 2007 - 08:52 AM

Hi again,

Well, your log does look clean now, apart from I suggest you remove ViewPointPlayer:
http://fileforum.bet...er/1131474922/1

You probably don't need telling, but cracks are a bad idea, you never know what you are getting, and for Malware writers it's an easy way of getting to you. Have a look at these entries:
K:\Download\Program\Mcafee Virus Scan Plus 2007 Full Iso CRACKED\add-mv07\Autorun.exe=>(CAB Sfx r)=>rundll32.exe
Infected with: Backdoor.Rbot.0659.A

and
K:\Torrents\Finniched\XoftSpySE 4.31 + Crack\XoftSpySE 4.31 + Crack.zip=>CRACK/ParetoLogic_Slayer_v1.2.exe
Infected with: Backdoor.Hupigon.BV

Ironically, you got infected trying to download cracked security programs. If you want extra security on your PC
there are many very good freeware programs out there that will do that for you, I'm happy to suggest some if you wish.

jedi :)
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#21 theswede78

theswede78

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 24 June 2007 - 09:11 AM

Hello Jedi!

Removed the the programs that was infected. Thanks for all the help you been given me.

And thos freewere security programs would be intresting to know about. I already have McAffe wich i get free from my work. As firewallprogrami run ZoneAlarm, but if you know about any firewall program that is better i´m open for suggestions. I also run SuperAntiSpyware.

And thanx again for all the help!!

#22 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 24 June 2007 - 11:41 AM

You're welcome. :D

In order to be better protected in the future, I recommend the following programs:

SpywareBlaster protects against bad ActiveX.
http://www.javacools...areblaster.html

SpywareGuard stops Spyware from being installed.
http://www.javacools...ywareguard.html

Also install the MVPS hosts file:
http://www.mvps.org/...p2002/hosts.htm
which blocks innocent looking sites that are not so innocent.

All three are very small free programs that you run once, and then just occasionally to check for updates.

Also see
How did I get Infected?

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking
here http://v4.windowsupdate.microsoft.com/
and following the prompts.

jedi :wave:
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#23 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 28 June 2007 - 04:10 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button