Member Avatar for BankDJ

Hey everyone.

I got a pretty annoying problem with a nastie, which I would like some help to get rid off.
When I sit on my computer with anything on my screen, it unhiglights everything I've highlighted after a few seconds.
I've followed the steps in the "Read ne before posting a request for assistance"-thread, and I'm going to give you the logs of all the programs.
I got an idea of what is wrong. The command csrss.exe is using my CPU everytime it happends and sometimes if I use alt-tab, then I see an icon of Internet Explorer, even thou I havent opened it. I guess that it maybe has to do with those things, but can you guys help me, please?

1. GMER log one.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-04 00:10:14
Windows 5.1.2600 Service Pack 3
Running: tqy7ysjb.exe; Driver: C:\DOCUME~1\ZREXIO~1\LOKALE~1\Temp\pgtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF7387A92]
SSDT sptd.sys ZwEnumerateValueKey [0xF7387E20]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F631E8
Device \FileSystem\Fastfat \Fat 85748980

---- Processes - GMER 1.0.15 ----

Process C:\Programmer\Internet Explorer\iexplore.exe (*** hidden *** ) 2448

---- EOF - GMER 1.0.15 ----


2. GMER log two.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-04 00:40:27
Windows 5.1.2600 Service Pack 3
Running: tqy7ysjb.exe; Driver: C:\DOCUME~1\ZREXIO~1\LOKALE~1\Temp\pgtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF73820B0]
SSDT sptd.sys ZwEnumerateKey [0xF7387A92]
SSDT sptd.sys ZwEnumerateValueKey [0xF7387E20]
SSDT sptd.sys ZwOpenKey [0xF7382090]
SSDT sptd.sys ZwQueryKey [0xF7387EF8]
SSDT sptd.sys ZwQueryValueKey [0xF7387D78]
SSDT sptd.sys ZwSetValueKey [0xF7387F8A]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F631E8
Device \FileSystem\Fastfat \FatCdrom 85748980
Device \Driver\usbuhci \Device\USBPDO-0 85CB51E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F651E8
Device \Driver\dmio \Device\DmControl\DmConfig 86F651E8
Device \Driver\dmio \Device\DmControl\DmPnP 86F651E8
Device \Driver\dmio \Device\DmControl\DmInfo 86F651E8
Device \Driver\usbuhci \Device\USBPDO-1 85CB51E8
Device \Driver\usbuhci \Device\USBPDO-2 85CB51E8
Device \Driver\usbuhci \Device\USBPDO-3 85CB51E8
Device \Driver\usbehci \Device\USBPDO-4 85C0F540
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD21E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD21E8
Device \Driver\Cdrom \Device\CdRom0 85CCE4F8
Device \Driver\Cdrom \Device\CdRom1 85CCE4F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 85CCE4F8
Device \Driver\Cdrom \Device\CdRom3 85CCE4F8
Device \Driver\Cdrom \Device\CdRom4 85CCE4F8
Device \Driver\Cdrom \Device\CdRom5 85CCE4F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 858721E8
Device \Driver\NetBT \Device\NetbiosSmb 858721E8
Device \Driver\PCI_NTPNP8844 \Device\0000004e sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 85CB51E8
Device \Driver\usbuhci \Device\USBFDO-1 85CB51E8
Device \Driver\usbuhci \Device\USBFDO-2 85CB51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 857E2600
Device \Driver\NetBT \Device\NetBT_Tcpip_{6B8F9B48-53E5-4DAB-90B0-32E4350B8BC7} 858721E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 857E2600
Device \Driver\usbuhci \Device\USBFDO-3 85CB51E8
Device \Driver\usbehci \Device\USBFDO-4 85C0F540
Device \Driver\Ftdisk \Device\FtControl 86FD21E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A397DBAC-CDA7-4F24-850B-1271BACC9228} 858721E8
Device \Driver\a0fu783f \Device\Scsi\a0fu783f1Port3Path0Target0Lun0 85BFD1E8
Device \Driver\a0fu783f \Device\Scsi\a0fu783f1Port3Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1Port2Path0Target4Lun0 86F641E8
Device \Driver\a0fu783f \Device\Scsi\a0fu783f1Port3Path0Target2Lun0 85BFD1E8
Device \Driver\a0fu783f \Device\Scsi\a0fu783f1Port3Path0Target2Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1 86F641E8
Device \Driver\a0fu783f \Device\Scsi\a0fu783f1Port3Path0Target3Lun0 85BFD1E8
Device \Driver\a0fu783f \Device\Scsi\a0fu783f1Port3Path0Target3Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a0fu783f \Device\Scsi\a0fu783f1Port3Path0Target1Lun0 85BFD1E8
Device \Driver\a0fu783f \Device\Scsi\a0fu783f1Port3Path0Target1Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a0fu783f \Device\Scsi\a0fu783f1 85BFD1E8
Device \Driver\a0fu783f \Device\Scsi\a0fu783f1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 85748980
Device \FileSystem\Cdfs \Cdfs 857597C0

---- Processes - GMER 1.0.15 ----

Process C:\Programmer\Internet Explorer\iexplore.exe (*** hidden *** ) 2448

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 549741722
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 552213645
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x22 0x61 0xD5 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmer\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0x31 0xEB 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9F 0xE5 0x45 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x33 0x47 0xC5 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9B 0xCF 0xA4 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xBE 0x50 0x72 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x22 0x61 0xD5 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmer\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0x31 0xEB 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9F 0xE5 0x45 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x33 0x47 0xC5 0x2C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9B 0xCF 0xA4 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xBE 0x50 0x72 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x22 0x61 0xD5 0x21 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmer\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0x31 0xEB 0xF4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x0A 0x7F 0x1F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x33 0x47 0xC5 0x2C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9B 0xCF 0xA4 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xBE 0x50 0x72 0xB5 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\LocalService\Cookies\system@adnxs[2].txt 0 bytes

---- EOF - GMER 1.0.15 ----


I won't post the MBA-M log because it is in Danish.
Anyone of you got an idea of what is wrong?

Mbr.
BankDJ

  • 2 Contributors
  • 7 Replies
  • 162 Views
  • 17 Hours Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 7 Replies

Member Avatar for BankDJ

I just ran HiJackThis, and here's that log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:43, on 04-08-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Logitech\G-series Software\LGDCore.exe
C:\Programmer\Logitech\G-series Software\LCDMon.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDClock.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pandasecurity.com/homeusers/solutions/activescan/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Programmer\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] C:\Programmer\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparhim.dk
O15 - Trusted Zone: http://www.sparhim.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/197/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Basics Service - Seagate Technology LLC - C:\Programmer\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6517 bytes

Member Avatar for crunchie

Hi and welcome to the Daniweb forums :).

==========

And DDS?

Member Avatar for BankDJ

Hi, and thank you.
Here are the DDS log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Zrexion^SoD at 12:37:15,46 on 04-08-2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1023.573 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Logitech\G-series Software\LGDCore.exe
C:\Programmer\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDClock.exe
svchost.exe 4
svchost.exe
C:\Programmer\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
svchost.exe 4
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\Microsoft IntelliPoint\ipoint.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zrexion^SoD\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\programmer\windows live\messenger\msnmsgr.exe" /background
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Launch LGDCore] "c:\programmer\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\programmer\logitech\g-series software\LCDMon.exe"
mRun: [QuickTime Task] "c:\programmer\quicktime alternative\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] c:\programmer\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelliPoint] "c:\programmer\microsoft intellipoint\ipoint.exe"
mRunServices: [<NO NAME>] winlog.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: portalbank.dk\www
Trusted Zone: sparhim.dk\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://webnode1.xstream.dk/radiostationer/rawflow/197/Rawflow.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {623E2882-FC0E-11D1-9A77-0000F8756A07} - c:\windows\system32\wkssvc.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zrexio~1\applic~1\mozilla\firefox\profiles\l9cxst67.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/ig?hl=da
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\zrexion^sod\application data\mozilla\firefox\profiles\l9cxst67.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\programmer\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programmer\microsoft\office live\npOLW.dll
FF - plugin: c:\programmer\mozilla firefox\plugins\npDyyno.dll
FF - plugin: c:\programmer\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\programmer\mozilla firefox\plugins\NPnsv_vp3_mp3.dll
FF - plugin: c:\programmer\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\programmer\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\programmer\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\programmer\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\programmer\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\programmer\voiplay\npvoiplay.dll
FF - plugin: c:\programmer\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\programmer\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmer\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmer\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmer\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmer\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmer\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmer\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\programmer\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmer\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmer\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmer\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
c:\programmer\mozilla firefox\defaults\pref\webplayer.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-8-2 28552]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R2 Iprip;Tjenesten RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2001-10-9 14336]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys --> c:\windows\system32\drivers\viasraid.sys [?]
S2 PSTRIP;PSTRIP;\??\c:\windows\system32\drivers\pstrip.sys --> c:\windows\system32\drivers\PSTRIP.SYS [?]

=============== Created Last 30 ================

2010-08-04 10:29:53 27792 ----a-w- c:\windows\system32\drivers\point32.sys
2010-08-04 10:29:39 0 d-----w- c:\programmer\Microsoft IntelliPoint
2010-08-04 10:17:19 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner
2010-08-04 10:16:32 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-08-04 09:59:55 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-08-04 09:55:06 0 d-----w- c:\programmer\Uniblue
2010-08-04 09:54:49 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2010-08-04 09:38:01 0 d-----w- c:\docume~1\zrexio~1\applic~1\Uniblue
2010-08-03 22:42:33 0 d-----w- c:\docume~1\zrexio~1\applic~1\Malwarebytes
2010-08-03 22:42:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 22:42:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 22:42:24 0 d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-08-03 22:42:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-03 21:03:38 0 d-----w- C:\HiJackThis
2010-08-02 20:58:35 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-02 12:51:50 845 ----a-w- c:\windows\ST4UNST.000
2010-08-02 12:51:40 184320 ----a-w- c:\windows\system32\MpqCtl.ocx
2010-08-02 12:51:36 60416 ----a-w- c:\windows\ST4UNST.EXE
2010-07-30 15:08:20 0 ----a-w- c:\documents and settings\zrexion^sod\temp.dat
2010-07-30 14:54:07 0 d-----w- c:\documents and settings\zrexion^sod\.oces
2010-07-18 20:40:44 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-07-17 16:32:53 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-17 16:32:53 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-17 16:32:50 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-14 21:30:40 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 17:49:31 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-07-14 17:49:22 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-14 17:49:17 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-14 17:49:17 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-14 17:49:17 0 ----a-w- c:\windows\system32\nvdrswr.lk
2010-07-14 17:48:55 0 d-----w- c:\programmer\NVIDIA Corporation
2010-07-14 17:48:05 7959 ----a-w- c:\windows\system32\nvinfo.pb
2010-07-14 17:48:05 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-14 17:48:05 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-14 17:48:02 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-07-14 17:48:02 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-14 17:47:55 0 d-----w- C:\NVIDIA

==================== Find3M ====================

2010-07-30 17:08:23 32596 -c--a-w- c:\windows\DIIUnin.dat
2010-06-24 15:13:28 77804 ----a-w- c:\windows\system32\perfc006.dat
2010-06-24 15:13:28 447292 ----a-w- c:\windows\system32\perfh006.dat
2010-06-07 23:57:00 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57:00 600680 -c--a-w- c:\windows\system32\nvudisp.exe
2010-06-07 23:57:00 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57:00 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-05-28 10:58:26 600680 -c--a-w- c:\windows\system32\NVUNINST.EXE

============= FINISH: 12:37:37,42 ===============

Member Avatar for crunchie

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 20 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

============

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Member Avatar for BankDJ

Here are the logs from JavaRa and ComboFix. Sorry for the Danish words.

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Aug 04 14:54:59 2010

Found and removed: C:\Programmer\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\Zrexion^SoD\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Zrexion^SoD\Application Data\Sun\Java\jre1.6.0_13

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

------------------------------------

Finished reporting.

ComboFix 10-08-03.04 - Zrexion^SoD 04-08-2010 15:14:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1023.761 [GMT 2:00]
Kører fra: c:\documents and settings\Zrexion^SoD\Skrivebord\ComboFix.exe

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Zrexion^SoD\Application Data\.#
c:\documents and settings\Zrexion^SoD\Application Data\.#\MBX@E10@3D41A8.###
c:\documents and settings\Zrexion^SoD\Application Data\.#\MBX@E10@3D41D8.###
c:\documents and settings\Zrexion^SoD\Application Data\.#\MBX@E10@3D4208.###
c:\documents and settings\Zrexion^SoD\Skrivebord\[TorrentReactor.to] - Juncker - Pt DK 2007.torrent
c:\documents and settings\Zrexion^SoD\Skrivebord\[TorrentReactor.to] - Juncker - Pt DK 2007.torrent
c:\programmer\winsupdater
c:\programmer\winsupdater\a.zip
c:\windows\dat.txt
c:\windows\system32\AutoRun.inf

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((((((( Filer skabt fra 2010-07-04 til 2010-08-04 )))))))))))))))))))))))))))))))))))
.

2010-08-04 13:03 . 2010-08-04 13:03 503808 ----a-w- c:\documents and settings\Zrexion^SoD\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40b44316-n\msvcp71.dll
2010-08-04 13:03 . 2010-08-04 13:03 499712 ----a-w- c:\documents and settings\Zrexion^SoD\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40b44316-n\jmc.dll
2010-08-04 13:03 . 2010-08-04 13:03 348160 ----a-w- c:\documents and settings\Zrexion^SoD\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40b44316-n\msvcr71.dll
2010-08-04 13:03 . 2010-08-04 13:03 61440 ----a-w- c:\documents and settings\Zrexion^SoD\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7b559a8e-n\decora-sse.dll
2010-08-04 13:03 . 2010-08-04 13:03 12800 ----a-w- c:\documents and settings\Zrexion^SoD\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7b559a8e-n\decora-d3d.dll
2010-08-04 13:02 . 2010-08-04 13:02 -------- d-----w- c:\programmer\Fælles filer\Java
2010-08-04 13:02 . 2010-08-04 13:02 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-04 12:49 . 2007-06-27 12:42 207488 ----a-r- c:\windows\system32\drivers\vinyl97.sys
2010-08-04 12:48 . 2010-08-04 12:49 -------- d-----w- c:\programmer\VIA
2010-08-04 12:38 . 2010-08-04 12:38 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-08-04 12:35 . 2010-08-04 12:36 8258496 ----a-w- c:\documents and settings\Zrexion^SoD\Application Data\Uniblue\DriverScanner\LatestUpdate.exe
2010-08-04 10:29 . 2009-06-01 11:51 27792 ----a-w- c:\windows\system32\drivers\point32.sys
2010-08-04 10:29 . 2010-08-04 10:29 -------- d-----w- c:\programmer\Microsoft IntelliPoint
2010-08-04 10:18 . 2010-08-04 10:28 13614984 ----a-w- c:\documents and settings\Zrexion^SoD\Application Data\Uniblue\DriverScanner\Download\hid_vid_045e_pid_00477_00_258_0.exe
2010-08-04 10:17 . 2010-08-04 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-08-04 10:12 . 2010-08-04 10:12 -------- d-----r- c:\documents and settings\NetworkService\Foretrukne
2010-08-04 10:10 . 2010-08-04 13:06 808960 ----a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-08-04 10:00 . 2008-10-26 05:02 2835262 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
2010-08-04 10:00 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll
2010-08-04 10:00 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe
2010-08-04 10:00 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll
2010-08-04 10:00 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll
2010-08-04 10:00 . 2008-10-29 09:43 364320 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\F4DC5C6B\CACB8439\SUMPBackend.dll
2010-08-04 10:00 . 2008-10-29 09:43 191264 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\67304DB7\CACB8439\PowerSuiteBackendUtils.dll
2010-08-04 10:00 . 2008-10-29 09:43 1194784 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\744435A3\CACB8439\SUMP.exe
2010-08-04 10:00 . 2008-08-26 16:49 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\7A8C224A\CACB8439\IsLicense40.dll
2010-08-04 10:00 . 2008-08-26 16:49 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\D7904F02\CACB8439\IsLicense30.dll
2010-08-04 09:59 . 2010-08-04 10:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-08-04 09:55 . 2010-08-04 10:17 -------- d-----w- c:\programmer\Uniblue
2010-08-04 09:55 . 2008-10-26 04:55 2567159 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
2010-08-04 09:55 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2010-08-04 09:55 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2010-08-04 09:55 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2010-08-04 09:55 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2010-08-04 09:55 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\52CD59C9\6383BC9B\update.dll
2010-08-04 09:55 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2010-08-04 09:55 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2010-08-04 09:54 . 2010-08-04 09:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2010-08-04 09:38 . 2010-08-04 10:17 -------- d-----w- c:\documents and settings\Zrexion^SoD\Application Data\Uniblue
2010-08-03 22:42 . 2010-08-03 22:42 -------- d-----w- c:\documents and settings\Zrexion^SoD\Application Data\Malwarebytes
2010-08-03 22:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 22:42 . 2010-08-03 22:42 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-08-03 22:42 . 2010-08-03 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-03 22:42 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 21:03 . 2010-08-03 21:03 388096 ----a-r- c:\documents and settings\Zrexion^SoD\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-03 21:03 . 2010-08-03 21:03 -------- d-----w- C:\HiJackThis
2010-08-03 14:46 . 2010-08-03 14:46 -------- d-----r- c:\documents and settings\LocalService\Foretrukne
2010-08-02 20:58 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-02 12:51 . 2002-03-25 16:44 60416 ----a-w- c:\windows\ST4UNST.EXE
2010-07-30 15:08 . 2010-07-30 15:08 0 ----a-w- c:\documents and settings\Zrexion^SoD\temp.dat
2010-07-30 14:54 . 2010-07-30 14:54 -------- d-----w- c:\documents and settings\Zrexion^SoD\.oces
2010-07-18 20:47 . 2010-07-18 20:47 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-18 20:46 . 2010-07-18 20:40 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-18 20:46 . 2010-07-18 20:40 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-18 20:46 . 2010-07-18 20:46 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-18 20:46 . 2009-10-18 20:54 530158 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe
2010-07-17 16:32 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-17 16:32 . 2001-10-04 15:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-17 16:32 . 2008-04-14 16:05 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-14 21:30 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 17:49 . 2010-07-14 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-14 17:49 . 2010-07-14 17:49 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-14 17:49 . 2010-07-14 17:49 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-14 17:49 . 2010-07-14 17:49 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-14 17:48 . 2010-07-14 17:49 -------- d-----w- c:\programmer\NVIDIA Corporation
2010-07-14 17:48 . 2010-06-07 23:57 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-14 17:48 . 2010-06-07 23:57 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-14 17:48 . 2010-06-07 23:57 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-07-14 17:48 . 2010-06-07 23:57 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-14 17:47 . 2010-07-14 17:47 -------- d-----w- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 12:55 . 2006-04-09 17:50 -------- d-----w- c:\programmer\Java
2010-08-04 09:59 . 2006-04-09 16:40 27440 -c--a-w- c:\documents and settings\Zrexion^SoD\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 17:45 . 2009-12-18 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-30 17:08 . 2007-11-17 21:49 32596 -c--a-w- c:\windows\DIIUnin.dat
2010-07-28 18:34 . 2006-04-09 17:07 -------- d--h--w- c:\programmer\InstallShield Installation Information
2010-07-28 18:17 . 2006-09-21 19:30 -------- d-----w- c:\programmer\Windows Live Safety Center
2010-07-18 20:46 . 2006-04-11 00:27 -------- d-----w- c:\programmer\DivX
2010-07-18 20:46 . 2010-07-18 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-18 20:46 . 2009-04-08 12:38 -------- d-----w- c:\programmer\Fælles filer\DivX Shared
2010-07-18 20:46 . 2010-07-18 20:46 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-18 20:45 . 2010-07-18 20:45 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-18 20:45 . 2010-07-18 20:45 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-18 20:45 . 2010-07-18 20:45 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-18 20:45 . 2010-07-18 20:45 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-18 20:45 . 2010-07-18 20:45 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-18 20:45 . 2010-07-18 20:45 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-18 20:45 . 2010-07-18 20:45 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-18 20:45 . 2010-07-18 20:45 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-18 20:45 . 2010-07-18 20:45 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-18 20:45 . 2010-07-18 20:45 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-30 09:26 . 2009-08-20 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-24 15:13 . 2001-10-09 12:00 77804 ----a-w- c:\windows\system32\perfc006.dat
2010-06-24 15:13 . 2001-10-09 12:00 447292 ----a-w- c:\windows\system32\perfh006.dat
2010-06-14 14:31 . 2006-04-09 16:15 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-07 23:57 . 2009-02-18 13:44 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57 . 2007-12-05 00:41 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2006-09-03 17:35 600680 -c--a-w- c:\windows\system32\nvudisp.exe
2010-06-07 23:57 . 2006-08-11 19:43 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2006-08-11 19:42 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2006-08-11 19:42 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2006-08-11 19:42 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2006-03-09 13:29 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2006-03-09 13:29 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-05-28 10:58 . 2006-09-03 17:31 600680 -c--a-w- c:\windows\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"Launch LGDCore"="c:\programmer\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\programmer\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"QuickTime Task"="c:\programmer\QuickTime Alternative\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"IntelliPoint"="c:\programmer\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"AudioDeck"="c:\programmer\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
2007-10-09 15:21 169328 -c--a-w- c:\programmer\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 16:05 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\programmer\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\programmer\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-06-07 15:35 13902440 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-06-07 15:35 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
2003-06-20 07:06 118784 -c--a-r- c:\windows\system32\ptipbmf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 -c--a-w- c:\programmer\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy]
2006-05-16 17:15 73728 -c--a-w- c:\windows\copyfstq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-14 10:03 1238352 ----a-w- d:\games\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Games\\Steam\\SteamApps\\acecuber@hotmail.com\\counter-strike\\hl.exe"=
"d:\\Games\\Steam\\SteamApps\\acecuber@hotmail.com\\half-life\\hl.exe"=
"d:\\Games\\Warcraft III CD\\war3.exe"=
"d:\\Games\\Valve\\Non-Steam\\hl.exe"=
"c:\\Programmer\\Hamachi\\hamachi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Games\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"d:\\Games\\Steam\\SteamApps\\acecuber@hotmail.com\\counter-strike source\\hl2.exe"=
"d:\\Games\\Steam\\steam.exe"=
"d:\\Games\\World of Warcraft\\Launcher.exe"=
"c:\\Programmer\\mIRC\\mirc.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Games\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"d:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"21727:UDP"= 21727:UDP:Azureus
"3020:TCP"= 3020:TCP:update.curse.com
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"6891:TCP"= 6891:TCP:League of Legends Launcher
"6891:UDP"= 6891:UDP:League of Legends Launcher

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [02-08-2010 22:58 28552]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06-12-2005 17:11 35328]
R2 Iprip;Tjenesten RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [09-10-2001 14:00 14336]
S0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys --> c:\windows\system32\DRIVERS\viasraid.sys [?]
S2 PSTRIP;PSTRIP;\??\c:\windows\system32\DRIVERS\PSTRIP.SYS --> c:\windows\system32\DRIVERS\PSTRIP.SYS [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27-06-2006 10:26 646392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{623E2882-FC0E-11D1-9A77-0000F8756A07}]
2007-11-16 20:16 2560 ----a-w- c:\windows\system32\wkssvc.exe
.
.
------- Yderligere scanning -------
.
uStart Page = about:blank
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: portalbank.dk\www
Trusted Zone: sparhim.dk\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
FF - ProfilePath - c:\documents and settings\Zrexion^SoD\Application Data\Mozilla\Firefox\Profiles\l9cxst67.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/ig?hl=da
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Zrexion^SoD\Application Data\Mozilla\Firefox\Profiles\l9cxst67.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\programmer\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmer\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npDyyno.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\NPnsv_vp3_mp3.dll
FF - plugin: c:\programmer\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\programmer\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\programmer\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\programmer\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\programmer\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\programmer\VOIPlay\npvoiplay.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmer\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\programmer\Mozilla Firefox\defaults\pref\webplayer.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-nwiz - c:\programmer\NVIDIA Corporation\nView\nwiz.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SunJavaUpdateSched - c:\programmer\Java\jre6\bin\jusched.exe
AddRemove-Euro Truck Simulator - l:\games\Euro Truck Simulator\Uninstal_EuroTruckSimulator.exe
AddRemove-NVIDIA nView Desktop Manager - c:\programmer\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Ship - l:\games\Half-Life\UnInstall_Ship.exe
AddRemove-TmNations_is1 - l:\games\TrackMania Nations ESWC\unins000.exe
AddRemove-Uplink - l:\games\Uplink\Uninst.isu
AddRemove-{8AB8D458-939E-403F-0097-9BA1C1F013D5} - l:\games\EA GAMES\The Sims 2\EAUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 15:22
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\programmer\VIA\VIAudioi\SBADeck\ADeck.exe 1?????????????????????????????????????????????

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1409082233-926492609-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1409082233-926492609-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,29,e4,f5,9e,b3,1d,1b,1c,15,5a,95,13,5f,5f,d1,6a,94,55,65,c8,8a,79,
73,d3,a1,98,bb,be,4f,d5,5d,a2,6c,58,77,af,26,9d,fc,61,74,cc,a9,cd,86,77,7f,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(716)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmer\Seagate\Basics\Service\SyncServicesBasics.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmer\Logitech\G-series Software\Applets\LCDClock.exe
c:\programmer\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Gennemført tid: 2010-08-04 15:25:35 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-08-04 13:25

Pre-Kørsel: 429.563.904 byte ledig
Post-Kørsel: 497.872.896 byte ledig

- - End Of File - - 19E78180275547D0C48C1E23F913FD8D

Member Avatar for BankDJ

Apparently it's gone. If it returns, then I'll write in here again. Thanks for all the help crunchie, you have been very helpful :P

Member Avatar for crunchie

Looks ok to me too. You should get rid of that registry booster too before it bricks your pc.


  • Click START then RUN
  • Now type Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.