[Løst]HJT log - ubeskrivelig treg pc, Combofix feiler

hightow · 14. mars 2009

Kjører Windows XP på en Lenovo T61. Loggen er tatt i safemode.

Flott om noen kunne ha tatt seg bryet og tatt en titt.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:14:51, on 14.03.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

D:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {2aab4bb4-3afa-4572-b96d-22ec7823f15f} - C:\WINDOWS\system32\ci.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199545640837

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: emqsys.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: __c00b14a9 - C:\WINDOWS\system32\__c00B14A9.dat (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Update Service (gupdate1c9826028c4abbe) (gupdate1c9826028c4abbe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace idsvcEventlog (idsvcEventlog) - Unknown owner - C:\WINDOWS\system32\wpv491235998315.cpx.exe (file missing)

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--

End of file - 9165 bytes

Endret 15. mars 2009 av hightow

hightow · 14. mars 2009

Liten oppdatering ...

Kjørte en chkdsk /f /r uten at den fant noe feil

MBAM finner ingenting.

Prøvde Combofix, men den ble kvalt av to prosesser som dukket opp underveis; 'hidec.exe' og 'n.com'. Begge er trojanere ut fra det jeg kan finne ut, men jeg får ikke fjernet de. De blir lagt på en katalog på C-disken med masse tall og tegn, sammen med en rekke andre filer.

Prøver SAS nå

Endret 14. mars 2009 av hightow

snippsat · 14. mars 2009

Du har noe grums ja,se om du får kjør combofix i sikkerhetmodus.

Last ned DDS.scr

Post loggen den lager.

hightow · 15. mars 2009

Jeg var i safemode da jeg prøvde å kjøre combofix...

Her er loggen fra dds.scr, også den er kjørt i safemode. Måtte la den stå over natta.

DDS (Ver_09-02-01.01) - NTFSx86 NETWORK

Run by Administrator at 0:22:51,09 on 15.03.2009

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [soundMax] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [uDC Integration]

mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199545640837

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: LMIinit - LMIinit.dll

AppInit_DLLs: emqsys.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\eq53w0mu.default\

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-03-14 23:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

2009-03-14 22:58 389,120 a------- c:\windows\system32\CF5806.exe

2009-03-14 19:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes

2009-03-14 19:38 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-03-14 19:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-14 19:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-03-14 19:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-03-14 18:53 <DIR> --d----- c:\documents and settings\Administrator

2009-03-12 16:08 <DIR> --d----- c:\windows\LastGood.Tmp

2009-03-12 16:08 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-03-12 16:00 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-03-11 20:35 107,912 a------- c:\windows\system32\drivers\avgtdix.sys

2009-03-11 20:35 10,520 a------- c:\windows\system32\avgrsstx.dll

2009-03-11 20:34 325,640 a------- c:\windows\system32\drivers\avgldx86.sys

2009-03-11 20:34 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-03-11 19:56 <DIR> --d----- c:\windows\pss

2009-03-11 17:32 29,696 a------- c:\windows\system32\emqsys.dll

2009-03-10 16:19 <DIR> --d----- c:\program files\C0C8E5FD-B629-4644-81CD-E8E0FDF6A85D

2009-03-08 21:25 65 a------- C:\xcrashdump.dat

2009-03-08 20:03 99,492 a------- c:\windows\system32\drivers\272e9326.sys

2009-03-08 20:03 32 a--s---- c:\windows\system32\3768877082.dat

2009-03-01 11:03 <DIR> --d----- c:\program files\common files\Lenovo

==================== Find3M ====================

2009-03-01 13:04 356 a------- C:\drmHeader.bin

2008-12-21 00:15 826,368 a------- c:\windows\system32\wininet.dll

2008-01-05 18:51 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

2008-10-22 22:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102220081023\index.dat

============= FINISH: 4:10:06,34 ===============

hightow · 15. mars 2009

Jaggu fikk jeg Combofix til å kjøre også.

Kjørte først Combofix i safemode m/ command prompt.

Etter restart fikk jeg kjørt den i normal oppstart.

Her er loggen:

ComboFix 09-03-14.01 - xxx 2009-03-15 10:13:27.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1405 [GMT 1:00]

Kjører fra: c:\combofix\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-15 til 2009-03-15 )))))))))))))))))))))))))))))))))

.

2009-03-15 08:37 . 2009-03-14 23:25 368,961 --a------ C:\dds.scr

2009-03-14 23:06 . 2009-03-14 23:06 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-03-14 19:42 . 2009-03-14 19:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-03-14 19:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-14 19:36 . 2009-03-14 19:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-14 19:36 . 2009-03-14 19:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-14 19:36 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-14 18:53 . 2009-03-14 18:53 <DIR> d-------- c:\documents and settings\Administrator

2009-03-12 16:08 . 2009-03-12 16:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-03-12 16:00 . 2009-03-12 16:00 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-03-11 20:35 . 2009-03-11 20:35 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-03-11 20:35 . 2009-03-11 20:35 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-03-11 20:34 . 2009-03-14 21:28 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-03-11 20:34 . 2009-03-11 20:34 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-03-11 17:32 . 2009-03-11 17:32 29,696 --a------ c:\windows\system32\emqsys.dll

2009-03-10 16:22 . 2009-03-10 17:01 <DIR> d-------- c:\documents and settings\xxxx\Application Data\Move Networks

2009-03-10 16:19 . 2009-03-11 15:25 <DIR> d-------- c:\program files\C0C8E5FD-B629-4644-81CD-E8E0FDF6A85D

2009-03-08 20:03 . 2009-03-15 10:20 99,492 --a------ c:\windows\system32\drivers\272e9326.sys

2009-03-08 20:03 . 2009-03-10 16:57 32 --a-s---- c:\windows\system32\3768877082.dat

2009-03-01 11:03 . 2009-03-01 11:03 <DIR> d-------- c:\program files\Common Files\Lenovo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-15 09:17 --------- d-----w c:\documents and settings\xxxx\Application Data\Skype

2009-03-15 08:37 --------- d-----w c:\documents and settings\xxxx\Application Data\skypePM

2009-03-15 08:29 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-03-14 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-03-11 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-08 20:10 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-03 19:28 --------- d-----w c:\program files\daTax

2009-03-01 12:04 356 ----a-w C:\drmHeader.bin

2009-03-01 10:03 --------- d-----w c:\program files\Lenovo

2009-02-18 12:22 --------- d-----w c:\documents and settings\xxxx\Application Data\LimeWire

2009-02-17 08:07 --------- d-----w c:\documents and settings\xxxx\Application Data\Image Zone Express

2009-02-12 17:45 --------- d-----w c:\program files\Google

2009-01-28 11:57 --------- d-----w c:\program files\Winamp

2009-01-28 11:57 --------- d-----w c:\documents and settings\xxxx\Application Data\Winamp

2009-01-24 20:33 --------- d-----w c:\program files\Deluxe Ski Jump 3

2009-01-16 16:19 --------- d-----w c:\documents and settings\All Users\Application Data\Winferno

2009-01-16 16:18 --------- d-----w c:\documents and settings\xxxx\Application Data\vlc

2009-01-16 16:17 --------- d-----w c:\program files\VideoLAN

2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll

2008-04-23 12:30 51,968 ----a-w c:\documents and settings\xxxx\Application Data\GDIPFONTCACHEV1.DAT

2008-01-05 17:51 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

2008-10-22 21:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102220081023\index.dat

.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys

2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys

2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys

2008-04-13 20:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys

2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys

2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8495104]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-25 185896]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-11 1932568]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-12 515416]

"nwiz"="nwiz.exe" [2007-12-14 c:\windows\system32\nwiz.exe]

c:\documents and settings\xxxx\Start Menu\Programs\Startup\

Mamut Teamwork.lnk - c:\documents and settings\xxxx\Application Data\Microsoft\Installer\{B1A0C792-C497-44AD-8030-A46A9D4A2792}\_26e91eb.exe [2008-01-08 3638]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-05-21 303104]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-11 20:35 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2007-11-15 18:46 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=emqsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\xxxx\\temp\\TeamViewer3\\TeamViewer.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Documents and Settings\\xxxx\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-12 64160]

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-11 325640]

R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-11 107912]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-11 298264]

R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-08-03 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-01-05 46112]

S2 gupdate1c9826028c4abbe;Google Update Service (gupdate1c9826028c4abbe);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 133104]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e4c2ea-d034-11dd-8413-0013e8ed3433}]

\Shell\AutoRun\command - E:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309c69da-a020-11dd-83c1-0013e8ed3433}]

\shell\autorun\command - G:\Launch.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-03-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-12 16:06]

2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-03-15 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-29 23:17]

2009-03-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 18:45]

2009-03-15 c:\windows\Tasks\PCConfidential.job

- c:\program files\Winferno\PC Confidential\PCConfidential.exe []

.

------- Tilleggsskanning -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\xxxx\Application Data\Mozilla\Firefox\Profiles\infd6dg0.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-15 10:16:58

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\272e9326]

"ImagePath"="\SystemRoot\System32\drivers\272e9326.sys"

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(732)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Tidspunkt ferdig: 2009-03-15 10:24:14

ComboFix-quarantined-files.txt 2009-03-15 09:24:11

Pre-Run: 9,952,067,584 bytes free

Post-Run: 9,939,963,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

198 --- E O F --- 2009-02-26 23:19:18

snippsat · 15. mars 2009

start->kjør->cmd

Skriv.

sc stop dsvcEventlog

sc delete dsvcEventlog

---

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O20 - Winlogon Notify: __c00b14a9 - C:\WINDOWS\system32\__c00B14A9.dat (file missing)

O23 - Service: Windows CardSpace idsvcEventlog (idsvcEventlog) - Unknown owner - C:\WINDOWS\system32\wpv491235998315.cpx.exe (file missing)

---

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

File::

c:\windows\system32\emqsys.dll

DirLook::

c:\program files\C0C8E5FD-B629-4644-81CD-E8E0FDF6A85D

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=-

---

Scann disse filer her virustotal

c:\windows\system32\drivers\272e9326.sys

c:\windows\system32\3768877082.dat

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

---

hightow · 15. mars 2009

Takk for all hjelp SNIPPSAT! Ting virker å være som normalt igjen.

Etterpå så jeg det var problemer med Windows Update. Med litt leting på nettet var det tjenestene (services) til BITS og Automatic Updates som ikke ville starte. Grunnen var at ImagePath pekte til %fystemRoot%.

Poster siste logg fra Combofix, i tilfellet noen skulle se noe muffens.

ComboFix 09-03-14.01 - xxxx 2009-03-15 16:06:10.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1322 [GMT 1:00]

Kjører fra: c:\documents and settings\xxxx\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-15 til 2009-03-15 )))))))))))))))))))))))))))))))))

.

2009-03-15 15:50 . 2009-03-15 15:50 <DIR> d-------- c:\windows\LastGood

2009-03-15 15:50 . 2009-03-15 15:50 <DIR> d-------- c:\program files\Microsoft Silverlight

2009-03-15 15:36 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

2009-03-15 15:36 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-03-15 15:36 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-03-15 15:36 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

2009-03-15 15:36 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui

2009-03-15 15:02 . 2009-03-15 15:02 67 --a------ c:\windows\wininit.ini

2009-03-15 14:20 . 2008-04-14 02:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll

2009-03-15 14:20 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe

2009-03-15 14:20 . 2001-08-23 13:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls

2009-03-15 14:20 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe

2009-03-15 14:20 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll

2009-03-15 14:20 . 2004-08-03 23:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys

2009-03-15 14:20 . 2008-04-14 02:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll

2009-03-15 14:20 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys

2009-03-15 14:20 . 2004-08-03 23:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys

2009-03-15 14:20 . 2008-04-14 02:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll

2009-03-15 14:20 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe

2009-03-15 14:18 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll

2009-03-15 14:17 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys

2009-03-15 14:16 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys

2009-03-15 14:15 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys

2009-03-15 14:14 . 2001-08-17 13:28 907,456 --a--c--- c:\windows\system32\dllcache\hcf_msft.sys

2009-03-15 14:13 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll

2009-03-15 14:12 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys

2009-03-15 14:11 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys

2009-03-15 14:10 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll

2009-03-15 13:48 . 2009-03-15 15:43 1,374 --a------ c:\windows\imsins.BAK

2009-03-15 10:43 . 2009-03-15 10:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-03-15 10:40 . 2009-03-15 16:04 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-03-15 10:40 . 2009-03-15 16:04 <DIR> d-------- c:\documents and settings\xxxx\Application Data\SUPERAntiSpyware.com