Pop-up

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:44, on 08-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lock My PC 4\LmpcServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
c:\temp\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frederik\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C33ECD5B-8C9C-47B5-BA7C-3CB93CFA966B}: NameServer = 194.234.134.83,193.162.153.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - C:\Program Files\Lock My PC 4\LmpcServ.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Messager - Unknown owner - c:\temp\svchost.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11292 bytes

I første omgang -> Lidt generel oprydning ->

------------------------------------------------------------------------

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten (Hvis den er der)
* Kaspersky Internet Security 7.0 (AVP)
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm

O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)

Genstart normalt, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Husk komplet WindowsUpdate - du mangler vist en del

------------------------------------------------------------------------

HOVSA:::

Slet denne fil omgående ->

c:\temp\svchost.exe

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; hvis du har 'mod' på det så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
PS: Brug stadig denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Har ikke modtaget noget pop-up i lang tid nu (:
Har fulgt guiden du linkede til, problemet ser ud til at være løst.

Kunne ikke lokaliserec "c:\temp\svchost.exe"
Men SuperAntiSpyware .. fandt også et problem den kaldte svchost, så den har sikkert fjernet den ?
Havde netop også problemer med svchost der slugte min cpu - dette problem er væk.

Èn sidste ting, hvordan kan jeg tjekke om jeg er korrekt opdateret med hh. til Windows ?
- har været inde i kontrol panel og tjekke, og den står som "automatisk opdatering"

tak for hjælpen
- du skal nok få point .. vil bare gerne lige høre svaret ;)

Direkte til
http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=da - følg guiden og vælg alt ...

Men du kunne jo "hoppe" på M$ ServicePack3 med det samme ->
M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da - Download pakken og gem den et passende sted på din PC OG DERFRA instalere den. Uden at have andre ting/vinduer igang. Vil nok ta' sin tid...

Derefter WindowsUpdate ...

Hvis du har gennemført nævnte http://www.eksperten.dk/artikler/1123 vil jeg da gerne se/læse CombiFix.log ...

... ditto med en frisk Log fra HiackThis ...

ComboFix 08-07-07.3 - Frederik 2008-07-08 19:12:11.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.549 [GMT 2:00]
Running from: C:\Documents and Settings\Frederik\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\icon.ico
C:\WINDOWS\system32\pskill.exe
G:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2008-06-08 to 2008-07-08  )))))))))))))))))))))))))))))))
.

2008-07-08 15:26 . 2008-07-08 15:26    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-07-08 15:26 . 2008-07-08 15:26    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\SUPERAntiSpyware.com
2008-07-08 15:26 . 2008-07-08 15:26    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-07 14:47 . 2008-07-08 10:09    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-07-07 14:47 . 2008-07-07 14:47    1,409    --a------    C:\WINDOWS\QTFont.for
2008-07-07 14:37 . 2008-07-07 14:39    <DIR>    d--------    C:\Program Files\Common Files\Corel
2008-07-06 19:26 . 2008-07-06 19:26    230    --a------    C:\WINDOWS\system32\spupdsvc.inf
2008-07-02 18:28 . 2008-07-02 18:28    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\SoundSpectrum
2008-07-02 18:27 . 2008-07-02 18:27    <DIR>    d--------    C:\Program Files\SoundSpectrum
2008-07-02 10:33 . 2008-07-02 11:47    <DIR>    d--------    C:\Program Files\Groove Games
2008-07-02 00:13 . 2008-07-02 00:13    <DIR>    d--------    C:\VundoFix Backups
2008-07-01 12:03 . 2008-07-01 12:03    103    --a------    C:\ioSpecial.ini
2008-06-29 23:49 . 2000-01-24 05:01    2,023,424    --a------    C:\WINDOWS\system32\vcl50.bpl
2008-06-29 23:49 . 2000-08-07 05:01    1,497,088    --a------    C:\WINDOWS\system32\cc3250mt.dll
2008-06-29 23:49 . 2000-01-24 05:01    248,832    --a------    C:\WINDOWS\system32\vclx50.bpl
2008-06-29 23:49 . 2000-01-31 05:00    25,600    --a------    C:\WINDOWS\system32\borlndmm.dll
2008-06-27 23:49 . 2008-06-28 08:02    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\skypePM
2008-06-27 23:49 . 2008-06-27 23:49    56    --ah-----    C:\WINDOWS\system32\ezsidmv.dat
2008-06-27 23:48 . 2008-06-27 23:48    <DIR>    d--------    C:\Program Files\Skype
2008-06-27 23:48 . 2008-06-27 23:48    <DIR>    d--------    C:\Program Files\Common Files\Skype
2008-06-27 23:48 . 2008-06-28 11:14    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\Skype
2008-06-27 23:47 . 2008-06-27 23:48    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Skype
2008-06-27 17:40 . 2008-06-27 17:46    <DIR>    d--------    C:\Program Files\XP Smoker
2008-06-27 16:37 . 2008-07-07 12:44    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\McAfee
2008-06-26 19:55 . 2008-06-26 19:58    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\Winamp
2008-06-26 18:14 . 2008-06-26 19:47    <DIR>    d--------    C:\Program Files\Turbo Searcher
2008-06-26 18:14 . 2008-06-26 19:45    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\TS_STD
2008-06-23 21:58 . 2008-06-23 21:58    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\MixMeister Technology
2008-06-23 21:57 . 2008-06-23 21:58    <DIR>    d--------    C:\Program Files\MixMeister Fusion + Video
2008-06-23 16:21 . 2008-06-23 16:21    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\XemiComputers
2008-06-23 16:21 . 2008-06-23 16:21    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\XemiComputers
2008-06-22 21:59 . 2008-06-22 22:17    <DIR>    d--------    C:\Program Files\AoA Audio Extractor
2008-06-22 21:24 . 2008-06-22 21:28    <DIR>    d--------    C:\Movavi files
2008-06-22 21:19 . 2008-06-22 21:19    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\dvdcss
2008-06-22 21:17 . 2004-07-19 18:41    45,056    --a------    C:\WINDOWS\system32\WNASPI32.DLL
2008-06-22 21:17 . 2004-07-19 18:41    16,512    --a------    C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-22 18:29 . 2008-06-22 20:06    <DIR>    d--------    C:\Program Files\fbquick
2008-06-22 18:29 . 2008-06-22 18:29    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\gnupg
2008-06-22 15:05 . 2008-06-22 15:05    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-06-22 15:05 . 2007-07-26 09:25    47,360    -ra------    C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2008-06-22 15:05 . 2007-07-26 09:25    47,104    -ra------    C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2008-06-22 15:05 . 2007-07-26 09:25    42,112    -ra------    C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2008-06-22 15:05 . 2007-07-26 09:25    39,808    -ra------    C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2008-06-22 15:05 . 2007-07-26 09:25    32,000    -ra------    C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2008-06-22 12:43 . 2008-06-22 12:43    <DIR>    d--------    C:\Program Files\Common Files\DFX
2008-06-22 12:43 . 2008-06-22 12:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\DFX
2008-06-22 02:06 . 2008-07-08 18:51    <DIR>    d--hs----    C:\temp
2008-06-22 00:26 . 2008-06-18 02:32    35,709    --a------    C:\Program Files\Common Files\Stardock Keygen.exe
2008-06-21 16:47 . 2008-06-21 17:23    <DIR>    d--------    C:\Program Files\MediaMonkey
2008-06-20 13:41 . 2008-06-20 13:41    <DIR>    d--------    C:\Program Files\R4
2008-06-20 13:40 . 2008-06-22 02:15    <DIR>    d--------    C:\Program Files\Superscape
2008-06-20 13:40 . 1997-10-27 14:53    241,664    --a------    C:\WINDOWS\system32\HDK3CTNT.DLL
2008-06-20 13:40 . 1994-08-24 00:00    188,960    --a------    C:\WINDOWS\system32\WINGDE.DLL
2008-06-20 13:40 . 1997-08-27 20:34    172,544    --a------    C:\WINDOWS\system32\HDK3ANIM.DLL
2008-06-20 13:40 . 1994-09-21 00:00    92,208    --a------    C:\WINDOWS\system32\WING.DLL
2008-06-20 13:40 . 1999-08-10 10:32    53,248    --a------    C:\WINDOWS\system32\SCLVideo.ax
2008-06-20 13:40 . 1999-08-10 10:32    40,960    --a------    C:\WINDOWS\system32\SCLAudio.ax
2008-06-20 13:40 . 1994-09-21 00:00    12,800    --a------    C:\WINDOWS\system32\WING32.DLL
2008-06-20 13:40 . 1994-09-21 00:00    6,736    --a------    C:\WINDOWS\system32\WINGDIB.DRV
2008-06-20 13:40 . 1994-09-02 00:00    5,195    --a------    C:\WINDOWS\system32\DVA.386
2008-06-20 13:40 . 1994-09-21 00:00    5,024    --a------    C:\WINDOWS\system32\WINGPAL.WND
2008-06-20 13:28 . 2008-06-22 02:16    <DIR>    d--------    C:\Program Files\MP3 Remix
2008-06-18 18:50 . 2008-06-19 11:38    <DIR>    d--------    C:\Program Files\ReaConverter 5.5 Pro
2008-06-17 00:07 . 2008-06-17 00:07    <DIR>    d--------    C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-06-16 19:16 . 2008-06-25 22:41    43,520    --a------    C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-16 17:58 . 2003-06-25 16:05    266,360    --a------    C:\WINDOWS\system32\TweakUI.exe
2008-06-16 17:58 . 2002-06-21 15:09    160,217    --a------    C:\WINDOWS\system32\PowerToysLicense.rtf
2008-06-16 17:13 . 2008-06-16 17:13    <DIR>    d--------    C:\Program Files\J River
2008-06-14 10:24 . 2008-06-14 10:29    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\My Movies
2008-06-14 10:12 . 2008-06-14 10:21    <DIR>    d--------    C:\Program Files\Microsoft SQL Server
2008-06-14 10:07 . 2008-07-02 10:24    <DIR>    d--------    C:\Downloads
2008-06-14 00:26 . 2008-06-14 00:26    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\Movie Label
2008-06-11 08:28 . 2008-06-13 15:10    272,128    ---------    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:28 . 2008-06-13 15:10    272,128    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 08:19 . 2008-06-10 15:04    <DIR>    d--------    C:\Documents and Settings\Frederik\Application Data\UseNeXT
2008-06-08 11:45 . 2008-06-08 11:45    495,104    --a------    C:\WINDOWS\system32\mp3tsshx.dll
2008-06-08 11:44 . 2008-06-08 11:44    <DIR>    d--------    C:\Program Files\Magnus Brading

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 17:16    71,464,992    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-08 17:15    3,738,400    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-08 17:10    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 17:03    ---------    d-----w    C:\Program Files\Winamp Toolbar
2008-07-08 16:50    842,684    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-08 16:50    357,404    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-08 13:25    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 12:42    2,724    --sha-w    C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-08 12:35    ---------    d-----w    C:\Program Files\Warcraft III
2008-07-08 01:13    ---------    d-----w    C:\Program Files\McAfee
2008-07-07 22:55    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\uTorrent
2008-07-07 12:37    ---------    d-----w    C:\Program Files\Corel
2008-07-07 10:43    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-02 08:26    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\Free Download Manager
2008-06-30 10:20    ---------    d-----w    C:\Program Files\Winamp
2008-06-29 09:34    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\DVD Profiler
2008-06-29 09:24    ---------    d-----w    C:\Program Files\DVD Profiler
2008-06-28 04:55    ---------    d-----w    C:\Program Files\uTorrent
2008-06-27 15:41    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-27 15:40    32,658    ----a-w    C:\WINDOWS\system32\tcpipbak.reg
2008-06-23 19:56    ---------    d-----w    C:\Program Files\Diablo II
2008-06-22 20:17    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-22 00:14    ---------    d-----w    C:\Program Files\Yahoo!
2008-06-21 23:33    ---------    d-----w    C:\Program Files\Samurize
2008-06-21 13:52    ---------    d-----w    C:\Program Files\TagRename
2008-06-17 11:22    ---------    d-----w    C:\Program Files\Steam
2008-06-16 17:14    21,840    ----atw    C:\WINDOWS\system32\SIntfNT.dll
2008-06-16 17:14    17,212    ----atw    C:\WINDOWS\system32\SIntf32.dll
2008-06-16 17:14    12,067    ----atw    C:\WINDOWS\system32\SIntf16.dll
2008-06-16 15:25    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\J River
2008-06-14 08:17    ---------    d-----w    C:\Program Files\Microsoft.NET
2008-06-06 17:25    94,208    ----a-w    C:\WINDOWS\DIIUnin.exe
2008-06-06 17:25    2,829    ----a-w    C:\WINDOWS\DIIUnin.pif
2008-06-06 15:58    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-06-06 15:30    ---------    d--h--r    C:\Documents and Settings\Frederik\Application Data\SecuROM
2008-06-06 15:21    ---------    d-----w    C:\Program Files\CAPCOM
2008-06-06 14:39    108,144    ----a-w    C:\WINDOWS\system32\CmdLineExt.dll
2008-06-06 14:20    ---------    d-----w    C:\Program Files\THQ
2008-06-05 18:01    ---------    d-----w    C:\Program Files\QuickTime
2008-06-04 21:21    606,848    ----a-w    C:\WINDOWS\flashax.exe
2008-06-04 21:21    12,288    ----a-w    C:\WINDOWS\impborl.dll
2008-06-04 10:42    278,984    ----a-w    C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-04 10:28    25,416    ----a-w    C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-02 22:51    ---------    d-----w    C:\Program Files\Google
2008-06-02 22:48    ---------    d-----w    C:\Program Files\Common Files\InstallShield
2008-06-02 22:48    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-02 22:36    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\Thinstall
2008-06-02 16:07    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\MediaMan
2008-06-01 21:03    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\Shareaza
2008-05-30 12:22    ---------    d-----w    C:\Program Files\AgeOfCastles_at
2008-05-29 14:23    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\Command & Conquer 3 Kane's Wrath
2008-05-29 11:15    2,275,840    ----a-w    C:\WINDOWS\system32\TUKernel.exe
2008-05-29 10:28    ---------    d-----w    C:\Program Files\TuneUp Utilities 2008
2008-05-29 10:26    354,560    ----a-w    C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-29 10:26    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\TuneUp Software
2008-05-29 10:26    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-28 16:35    ---------    d-----w    C:\Program Files\Last.fm
2008-05-27 05:25    ---------    d-----w    C:\Program Files\Stardock
2008-05-26 20:25    ---------    d-----w    C:\Program Files\YourWare Solutions
2008-05-26 20:21    ---------    d-----w    C:\Program Files\VistaCodecPack
2008-05-26 20:21    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-26 20:09    ---------    d-----w    C:\Program Files\SopCast
2008-05-26 20:09    ---------    d-----w    C:\Program Files\Common Files\Stardock
2008-05-26 20:05    ---------    d-----w    C:\Program Files\Call of Duty
2008-05-26 20:03    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\GetRight
2008-05-26 20:02    ---------    d-----w    C:\Program Files\Windows Sidebar
2008-05-26 19:49    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\GetRightToGo
2008-05-23 07:56    ---------    d-----w    C:\Program Files\SiteAdvisor
2008-05-22 21:13    ---------    d--h--w    C:\Documents and Settings\All Users\Application Data\{C86EF2C8-8BA2-48C3-9A30-EB3E1E22E2B5}
2008-05-19 20:56    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\Azureus
2008-05-19 20:24    ---------    d-----w    C:\Program Files\PC Drivers HeadQuarters
2008-05-11 14:02    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\yooPlugs
2008-05-11 13:03    ---------    d-----w    C:\Program Files\MovieTrack
2008-05-10 18:41    ---------    d-----w    C:\Documents and Settings\Frederik\Application Data\Realtime Soft
2008-05-08 12:28    202,752    ----a-w    C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55    1,288,192    ----a-w    C:\WINDOWS\system32\quartz.dll
2008-05-04 08:23    0    ----a-r    C:\logwmemory.bin
2008-04-29 21:04    78,952    ----a-w    C:\Documents and Settings\Frederik\Application Data\GDIPFONTCACHEV1.DAT
2008-04-21 06:56    666,624    ----a-w    C:\WINDOWS\system32\wininet.dll
2004-07-10 14:12    2,238    ----a-w    C:\Program Files\Songs Recycle.ico
.

------- Sigcheck -------

2007-12-13 10:09  1656832  c58f0e4dae57c0dc304ecc3683958e4c    C:\WINDOWS\explorer.exe
2007-06-13 13:26  1033216  7712df0cdde3a5ac89843e61cd5b3658    C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-07-05 22:09  1655808  b40eb7c75c2ceaab5328a3bf0209a430    C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-12-13 10:09  1656832  c58f0e4dae57c0dc304ecc3683958e4c    C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 13:04 59392]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 20:39 7323648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 20:12 582992]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 06:42 1164576]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 14:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22 20480]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 14:19 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 1
"NoCommonGroups"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoFavoritesMenu"= 1 (0x1)
"NoNetworkConnections"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
"NoInstrumentation"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2007-02-21 22:21 43376 C:\WINDOWS\system32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-28 10:55 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\steamapps\\fuzzi714\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\fuzzi714\\condition zero\\hl.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=

R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2008-04-03 23:32]
R2 LmpcService;Lock My PC Service;C:\Program Files\Lock My PC 4\LmpcServ.exe [2007-03-18 13:51]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 15:29]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-10 13:00]
R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2007-11-09 19:33]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 LMPC4;LMPC4;C:\WINDOWS\system32\drivers\LMPC4.sys [2007-02-21 22:21]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-11-20 15:48]
S2 Messager;Messager;c:\temp\svchost.exe []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-29 12:26]
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34981f5a-f131-11dc-98ed-000fb5cc51a9}]
\Shell\AutoRun\command - H:\ClickMe.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-08 17:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-27 17:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-14 23:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-30 23:20:02 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 19:15:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  McAfee Backup = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-08 19:17:28
ComboFix-quarantined-files.txt  2008-07-08 17:17:00

Pre-Run: 155,004,940,288 bytes free
Post-Run: 155,248,173,056 bytes free

299    --- E O F ---    2008-07-08 01:03:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:51, on 08-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lock My PC 4\LmpcServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lock My PC 4\lockpc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frederik\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C33ECD5B-8C9C-47B5-BA7C-3CB93CFA966B}: NameServer = 194.234.134.83,193.162.153.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - C:\Program Files\Lock My PC 4\LmpcServ.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Messager - Unknown owner - c:\temp\svchost.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10569 bytes

thanks in advance ! ;)

Afinstaller

* FrostWire
* Shareaza
* µTorrent

Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer relutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

PS: Jeg har nu ikke megen fidus til disse Download Managere mm.

Smag & behag ;)
Problemet er løst. Har benyttet mig at disse programmer i årevis - uden problemer, før nu (:

[08/07-2008 19:51:36] !!!

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...

--------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.