Har slitt med virus og har kjørt hijackthis (log)

DjSlayer · 20. januar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:30:50, on 20.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\NDAS\System\ndasmgmt.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NDAS\System\ndassvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\HPZinw12.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKLM\..\Run: [Windows LoL Layer] llkijcy.exe

O4 - HKLM\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKCU\..\Run: [Windows LoL Layer] llkijcy.exe

O4 - HKCU\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 10855 bytes

Er det noen problemer?

- D.J.

snippsat · 20. januar 2008

Start hjt merk disse,så fixed.

O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKLM\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKCU\..\Run: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKCU\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Last ned kjør SAS

Post logg.

Last ned kjør CCleaner

Restart og så en ny hjt-logg.

DjSlayer · 20. januar 2008

combofix log

ComboFix 08-01-20.1 - Dag J 2008-01-20 22:52:43.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1378 [GMT 1:00]

Running from: C:\Documents and Settings\Dag J\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- Unknown downloads made by BITS: ----

http://go.microsoft.com

.

((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))

.

2008-01-20 22:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-20 22:18 . 2008-01-20 22:18 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007

2008-01-20 22:18 . 2008-01-20 22:18 <DIR> d-------- C:\Documents and Settings\Dag J\Application Data\TuneUp Software

2008-01-20 22:18 . 2008-01-20 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-01-20 22:18 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-01-20 21:25 . 2008-01-20 21:25 <DIR> d-------- C:\Program Files\DVD Shrink

2008-01-20 21:25 . 2008-01-20 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-01-20 20:50 . 2008-01-20 20:50 <DIR> d-------- C:\Program Files\CCleaner

2008-01-20 20:49 . 2008-01-20 20:49 <DIR> d-------- C:\Program Files\Foxit Software

2008-01-20 20:15 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-01-20 20:14 . 2008-01-20 20:14 <DIR> d-------- C:\Program Files\MSBuild

2008-01-20 20:14 . 2008-01-20 20:14 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-01-20 20:14 . 2008-01-20 20:14 <DIR> d-------- C:\Program Files\Microsoft Works

2008-01-20 20:12 . 2008-01-20 20:14 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-01-20 20:11 . 2008-01-20 20:11 <DIR> dr-h----- C:\MSOCache

2008-01-20 20:11 . 2008-01-20 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-01-20 18:30 . 2008-01-20 18:30 <DIR> d-------- C:\Program Files\Winamp

2008-01-20 18:30 . 2008-01-20 18:30 <DIR> d-------- C:\Documents and Settings\Dag J\Application Data\Winamp

2008-01-20 17:30 . 2008-01-20 17:30 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-20 17:06 . 2008-01-20 17:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-01-20 17:06 . 2008-01-20 17:06 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-01-20 17:06 . 2008-01-20 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-01-20 13:57 . 2008-01-20 16:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-01-20 13:19 . 2008-01-20 13:19 <DIR> d-------- C:\WINDOWS\Sun

2008-01-20 13:19 . 2008-01-20 13:56 <DIR> d-------- C:\Documents and Settings\Dag J\.housecall6.6

2008-01-20 12:58 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-01-19 14:47 . 2008-01-19 14:47 <DIR> d-------- C:\Documents and Settings\Dag J\LimeWire Store Purchased

2008-01-19 14:47 . 2008-01-19 14:47 <DIR> d-------- C:\Documents and Settings\Dag J\LimeWire Shared

2008-01-19 14:47 . 2008-01-20 10:32 <DIR> d-------- C:\Documents and Settings\Dag J\LimeWire Saved

2008-01-19 14:46 . 2008-01-20 10:37 <DIR> d-------- C:\Documents and Settings\Dag J\Incomplete

2008-01-19 14:46 . 2008-01-20 10:32 <DIR> d-------- C:\Documents and Settings\Dag J\Application Data\LimeWire

2008-01-19 14:31 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-19 14:30 . 2008-01-19 14:31 <DIR> d-------- C:\Program Files\Java

2008-01-19 14:26 . 2008-01-19 14:26 <DIR> d-------- C:\Program Files\Common Files\Java

2008-01-18 19:42 . 2008-01-18 19:42 38 --a------ C:\WINDOWS\avisplitter.INI

2008-01-18 16:37 . 2008-01-18 16:37 12,208 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-01-18 14:47 . 2008-01-20 20:35 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-01-18 14:39 . 2008-01-19 16:18 <DIR> d-------- C:\Documents and Settings\Dag J\Application Data\Ahead

2008-01-18 14:38 . 2008-01-18 14:38 <DIR> d-------- C:\Program Files\Nero

2008-01-18 14:38 . 2008-01-18 14:39 <DIR> d-------- C:\Program Files\Common Files\Ahead

2008-01-18 14:32 . 2008-01-18 14:32 <DIR> d-------- C:\Documents and Settings\Dag J\Application Data\Media Player Classic

2008-01-18 14:26 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-01-18 14:26 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-01-18 14:26 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-01-18 13:55 . 2008-01-20 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-18 13:54 . 2008-01-18 16:28 <DIR> d-------- C:\Program Files\Picasa2

2008-01-18 13:49 . 2008-01-18 13:49 <DIR> d-------- C:\Documents and Settings\Dag J\Application Data\Thinstall

2008-01-15 13:00 . 2008-01-15 13:00 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application

2008-01-15 12:49 . 2008-01-15 12:49 8 --a------ C:\WINDOWS\system32\nvModes.dat

2008-01-15 12:36 . 2008-01-15 12:36 <DIR> d--h----- C:\WINDOWS\PIF

2008-01-13 04:42 . 2008-01-13 04:42 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-13 04:42 . 2008-01-13 04:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-13 04:41 . 2008-01-20 22:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-12 20:55 . 2008-01-12 20:55 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-11 12:54 . 2008-01-11 12:58 <DIR> d-------- C:\Program Files\BitComet

2008-01-11 12:54 . 2008-01-15 13:10 <DIR> d-------- C:\Downloads

2008-01-11 12:54 . 2008-01-11 12:54 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-01-10 21:28 . 2008-01-20 10:36 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2008-01-10 21:27 . 2008-01-10 21:27 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll

2008-01-10 21:27 . 2008-01-10 21:27 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll

2008-01-10 21:27 . 2008-01-10 21:27 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll

2008-01-10 21:19 . 2008-01-10 21:19 94,208 --a------ C:\WINDOWS\DIIUnin.exe

2008-01-10 21:19 . 2008-01-10 21:28 35,602 --a------ C:\WINDOWS\DIIUnin.dat

2008-01-10 21:19 . 2008-01-10 21:19 2,829 --a------ C:\WINDOWS\DIIUnin.pif

2008-01-10 21:10 . 2008-01-20 10:37 <DIR> d-------- C:\Program Files\Diablo II

2008-01-10 21:04 . 2008-01-10 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP

2008-01-10 21:02 . 2008-01-10 21:02 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared

2008-01-10 21:02 . 2008-01-10 21:02 <DIR> d-------- C:\Program Files\Common Files\HP

2008-01-10 21:02 . 2008-01-10 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic

2008-01-10 21:01 . 2008-01-10 21:01 <DIR> d-------- C:\Program Files\Hewlett-Packard

2008-01-10 21:00 . 2008-01-10 21:00 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2008-01-10 20:59 . 2008-01-10 21:00 <DIR> d-------- C:\TEMP

2008-01-10 20:59 . 2008-01-10 20:59 734 --a------ C:\WINDOWS\hpntwksetup.ini

2008-01-10 20:59 . 2008-01-10 20:59 166 --a------ C:\WINDOWS\system32\AddPort.ini

2008-01-10 20:58 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-01-10 20:58 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2008-01-10 20:58 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2008-01-10 20:58 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2008-01-10 20:58 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2008-01-10 20:58 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2008-01-10 20:58 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2008-01-10 20:57 . 2008-01-10 21:01 <DIR> d-------- C:\Program Files\HP

2008-01-10 20:57 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-01-10 20:57 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-01-10 20:57 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-01-10 20:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-10 20:57 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-01-10 20:56 . 2008-01-10 21:06 <DIR> d-------- C:\Documents and Settings\Dag J\Application Data\HP

2008-01-10 20:56 . 2008-01-10 21:06 88,608 --a------ C:\WINDOWS\hpoins06.dat

2008-01-10 20:56 . 2005-06-03 08:48 5,389 --------- C:\WINDOWS\hpomdl06.dat

2008-01-10 17:50 . 2008-01-10 19:51 <DIR> d-------- C:\Documents and Settings\Dag J\Contacts

2008-01-10 17:49 . 2008-01-10 17:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-01-10 17:49 . 2008-01-10 17:49 <DIR> d-------- C:\Program Files\MSN Messenger

2008-01-10 17:32 . 2008-01-10 17:32 <DIR> d-------- C:\Program Files\NDAS

2008-01-10 17:32 . 2005-08-11 18:45 120,704 --a------ C:\WINDOWS\system32\drivers\lfsfilt.sys

2008-01-10 17:10 . 2008-01-10 17:10 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-01-10 17:10 . 2008-01-10 17:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-01-10 17:10 . 2008-01-10 17:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-01-10 17:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-20 20:37 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin

2008-01-18 15:42 90,112 ----a-w C:\WINDOWS\DUMP40b2.tmp

2008-01-15 12:01 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-15 12:01 --------- d-----w C:\Program Files\NVIDIA Corporation

2008-01-13 03:43 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-01-10 15:21 --------- d-----w C:\Program Files\My Company Name

2008-01-10 15:21 --------- d-----w C:\Program Files\ASUS

2008-01-10 15:18 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-01-10 15:04 --------- d--h--w C:\Program Files\Uninstall Information

2008-01-10 15:02 --------- d-----w C:\Program Files\microsoft frontpage

2008-01-10 15:01 --------- d-----w C:\Program Files\MSXML 6.0

2008-01-10 15:01 --------- d-----w C:\Program Files\MSXML 4.0

2007-12-17 23:35 1,580,544 ----a-w C:\WINDOWS\system32\sfcfiles.dll

2007-12-17 22:30 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2007-12-17 22:30 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys

2007-12-17 22:30 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2007-12-17 22:30 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2007-12-17 22:30 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll

2007-12-17 22:30 51,712 ----a-w C:\WINDOWS\system32\wzcsapi.dll

2007-12-17 22:30 47,104 ----a-w C:\WINDOWS\system32\cnbjmon.dll

2007-12-17 22:30 42,496 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2007-12-17 22:30 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys

2007-12-17 22:30 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2007-12-17 22:30 36,992 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2007-12-17 22:30 36,480 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2007-12-17 22:30 359,936 ----a-w C:\WINDOWS\system32\wzcsvc.dll

2007-12-17 22:30 35,328 ----a-w C:\WINDOWS\system32\pid.dll

2007-12-17 22:30 35,328 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2007-12-17 22:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2007-12-17 22:30 25,472 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys

2007-12-17 22:30 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2007-12-17 22:30 20,992 ----a-w C:\WINDOWS\system32\hid.dll

2007-12-17 22:30 2,017,280 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2007-12-17 22:30 16,000 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys

2007-12-17 22:30 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys

2007-12-17 22:30 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll

2007-12-17 22:30 12,928 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2007-12-17 22:30 12,416 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2007-12-17 22:29 86,073 ----a-w C:\WINDOWS\system32\usrfaxa.dll

2007-12-17 22:29 8,192 ----a-w C:\WINDOWS\system32\streamci.dll

2007-12-17 22:29 77,891 ----a-w C:\WINDOWS\system32\usrmlnka.exe

2007-12-17 22:29 77,890 ----a-w C:\WINDOWS\system32\usrdpa.dll

2007-12-17 22:29 77,883 ----a-w C:\WINDOWS\system32\usrrtosa.dll

2007-12-17 22:29 72,192 ----a-w C:\WINDOWS\system32\sprio800.dll

2007-12-17 22:29 70,656 ----a-w C:\WINDOWS\system32\sprio600.dll

2007-12-17 22:29 69,700 ----a-w C:\WINDOWS\system32\usrshuta.exe

2007-12-17 22:29 69,699 ----a-w C:\WINDOWS\system32\usrcoina.dll

2007-12-17 22:29 69,632 ----a-w C:\WINDOWS\system32\spnike.dll

2007-12-17 22:29 61,508 ----a-w C:\WINDOWS\system32\usrprbda.exe

2007-12-17 22:29 61,500 ----a-w C:\WINDOWS\system32\usrcntra.dll

2007-12-17 22:29 58,112 ----a-w C:\WINDOWS\system32\drivers\vdmindvd.sys

2007-12-17 22:29 55,296 ----a-w C:\WINDOWS\system32\dvdplay.exe

2007-12-17 22:29 53,305 ----a-w C:\WINDOWS\system32\usrlbva.dll

2007-12-17 22:29 51,712 ----a-w C:\WINDOWS\system32\drivers\tosdvd.sys

2007-12-17 22:29 49,211 ----a-w C:\WINDOWS\system32\usrvpa.dll

2007-12-17 22:29 49,211 ----a-w C:\WINDOWS\system32\usrsdpia.dll

2007-12-17 22:29 49,209 ----a-w C:\WINDOWS\system32\usrv80a.dll

2007-12-17 22:29 45,116 ----a-w C:\WINDOWS\system32\usrvoica.dll

2007-12-17 22:29 41,019 ----a-w C:\WINDOWS\system32\usrsvpia.dll

2007-12-17 22:29 323,641 ----a-w C:\WINDOWS\system32\usrdtea.dll

2007-12-17 22:29 3,200 ----a-w C:\WINDOWS\system32\wowfax.dll

2007-12-17 22:29 262,528 ----a-w C:\WINDOWS\system32\drivers\cinemst2.sys

2007-12-17 22:29 23,936 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys

2007-12-17 22:29 23,808 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys

2007-12-17 22:29 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys

2007-12-17 22:29 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys

2007-12-17 22:29 157,696 ----a-w C:\WINDOWS\system32\paqsp.dll

2007-12-17 22:29 147,968 ----a-w C:\WINDOWS\system32\mdwmdmsp.dll

2007-12-17 22:29 13,824 ----a-w C:\WINDOWS\system32\wowfaxui.dll

2007-12-17 22:29 12,160 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys

2007-12-17 22:29 12,032 ----a-w C:\WINDOWS\system32\drivers\riodrv.sys

2007-12-17 22:29 12,032 ----a-w C:\WINDOWS\system32\drivers\rio8drv.sys

2007-12-17 22:29 12,032 ----a-w C:\WINDOWS\system32\drivers\nikedrv.sys

2007-12-17 22:29 11,776 ----a-w C:\WINDOWS\system32\drivers\cpqdap01.sys

2007-12-17 22:29 102,457 ----a-w C:\WINDOWS\system32\usrv42a.dll

2007-12-17 22:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-12-17 22:24 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll

2007-12-17 22:24 825,344 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-17 22:24 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys

2007-12-17 22:24 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-12-17 22:24 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll

2007-12-17 22:24 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll

2007-12-17 22:24 549,888 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-17 22:24 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll

2007-12-17 22:24 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll

2007-12-17 22:24 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll

2007-12-17 22:24 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-12-17 22:24 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll

2007-12-17 22:24 16,896 ----a-w C:\WINDOWS\system32\mqise.dll

2007-12-17 22:24 138,240 ----a-w C:\WINDOWS\system32\mqad.dll

2007-12-17 22:24 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-12-17 22:24 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll

2007-12-17 22:24 1,033,216 ----a-w C:\WINDOWS\explorer.exe

2007-12-17 22:23 600,576 ----a-w C:\WINDOWS\system32\mstsc.exe

2007-12-17 22:23 58,880 ----a-w C:\WINDOWS\system32\pnrpnsp.dll

2007-12-17 22:23 553,984 ----a-w C:\WINDOWS\system32\p2psvc.dll

2007-12-17 22:23 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll

2007-12-17 22:23 414,720 ----a-w C:\WINDOWS\system32\msscp.dll

2007-12-17 22:23 36,352 ----a-w C:\WINDOWS\system32\tsgqec.dll

2007-12-17 22:23 313,344 ----a-w C:\WINDOWS\system32\p2pgraph.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 09:24 5674352]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 15:05 139264]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Generic Host Process for Win32 Services"="svchosts.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43 8466432]

"nwiz"="nwiz.exe" [2007-06-28 17:43 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43 81920]

"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 06:33 380928]

"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 07:10 270336]

"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44 1953792]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.EXE]

"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2007-12-17 23:23 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

HP Image Zone Hurtigstart.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

NDAS Device Management.lnk - C:\Program Files\NDAS\System\ndasmgmt.exe [2005-08-11 18:45:04 180736]

R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-08-11 18:44]

R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-08-11 18:45]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]

R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 06:33]

R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2005-08-11 18:44]

R3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2005-08-11 18:44]

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 06:33]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

"2008-01-20 21:18:35 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

"2008-01-20 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"

- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-20 22:55:28

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\Program Files\Unlocker\UnlockerHook.dll

.

Completion time: 2008-01-20 22:56:05 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-20 21:56:03

.

2008-01-12 22:27:17 --- E O F ---

snippsat · 20. januar 2008

Ja så en ny hjt-logg

Endret 20. januar 2008 av SNIPPSAT

DjSlayer · 20. januar 2008

SaS fant ingenting

Kommer her:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:34:39, on 20.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NDAS\System\ndassvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\NDAS\System\ndasmgmt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe