Tech Support Forum banner
Status
Not open for further replies.
1 - 13 of 13 Posts

·
Registered
Joined
·
14 Posts
Discussion Starter · #1 ·
Need to get rid of "Live Safety Center" and "Online Security Guide"

My son uses his computer on the net a lot and of course there is a virus out there waiting to serve its twisted master.

He got the wellknown "Live Safety Center" and "Online Security Guide" and it keeps comming back and hijacks his internet browser to redirect to the same page that promises peace and wellbeing for money ... of course.

Here is the DDS log:
"
Deckard's System Scanner v20071014.68
Run by Emil on 2007-11-10 20:43:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Emil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:39, on 10-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\agsdyely.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\limewire\limewire.exe
C:\HBA\Virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Emil.exe
C:\WINDOWS\system32\mspaint.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {64F7A424-5613-4885-A1B2-4A3CC56D5F08} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86A2673A-1B5F-4E5A-B8D8-099D446F4616} - C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\e1\caws83122.exe.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zpsfvoli.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: {4569e5e9-4e67-bfe9-f914-4fd129c98feb} - {bef89c92-1df4-419f-9efb-76e49e5e9654} - C:\WINDOWS\system32\ntwsbkjy.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zpsfvoli.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [cc429608] rundll32.exe "C:\WINDOWS\system32\jmpenofk.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinAble] C:\Programmer\WinAble\winable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ad0ecc5bcbe84099a7ef653c4a4aa47a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ad0ecc5bcbe84099a7ef653c4a4aa47a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004A02A.dat
O20 - Winlogon Notify: zpsfvoli - C:\WINDOWS\SYSTEM32\zpsfvoli.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\agsdyely.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9746 bytes

-- Files created between 2007-10-10 and 2007-11-10 -----------------------------

2007-11-10 19:44:43 0 d-------- C:\Programmer\Trend Micro
2007-11-10 19:05:35 0 d-------- C:\Programmer\SpywareBlaster
2007-11-10 17:33:11 41724 ---hs---- C:\Programmer\Fælles filer\Yazzle1560OinUninstaller.exe
2007-11-10 17:25:00 0 d-------- C:\Programmer\Insider
2007-11-10 17:24:58 0 d-------- C:\Programmer\InetGet2
2007-11-10 16:40:12 85056 --a------ C:\WINDOWS\system32\jmpenofk.dll
2007-11-10 16:37:12 81472 --a------ C:\WINDOWS\system32\ntwsbkjy.dll
2007-11-10 16:35:16 0 d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire
2007-11-10 16:34:12 71232 --a------ C:\WINDOWS\system32\emkmtixx.exe <Not Verified; ; DDC>
2007-11-10 16:31:13 10816 --a------ C:\WINDOWS\system32\__c004A02A.dat
2007-11-10 16:31:12 10816 --a------ C:\WINDOWS\system32\pwyhayjy.dll
2007-11-10 16:30:08 36352 --a------ C:\WINDOWS\system32\rqrqppo.dll
2007-11-10 16:29:54 7713 --a------ C:\WINDOWS\system32\ldcore.dll
2007-11-10 16:28:48 10816 --a------ C:\WINDOWS\system32\mbhjrblp.dll
2007-11-09 16:20:37 0 d-------- C:\Documents and Settings\Miki\Application Data\LimeWire
2007-11-09 13:04:35 77888 --a------ C:\WINDOWS\system32\nckvbyeb.dll
2007-11-09 13:04:31 88128 --a------ C:\WINDOWS\system32\mjickogw.dll
2007-11-09 13:01:33 10816 --a------ C:\WINDOWS\system32\__c00F6D1B.dat
2007-11-09 13:01:32 10816 --a------ C:\WINDOWS\system32\tdxbarra.dll
2007-11-09 13:01:31 71232 --a------ C:\WINDOWS\system32\agsdyely.exe <Not Verified; ; DDC>
2007-11-09 13:00:51 134 --a------ C:\n.bat
2007-11-09 13:00:32 35328 --a------ C:\WINDOWS\system32\pmnnnop.dll
2007-11-09 13:00:31 0 --a------ C:\x.dat
2007-11-09 13:00:29 0 --a------ C:\Documents and Settings\Emil\x.dat
2007-11-09 13:00:16 0 --a------ C:\z.dat
2007-11-09 13:00:13 264 --a------ C:\Documents and Settings\Emil\z.dat
2007-11-09 13:00:09 172032 --a------ C:\winlogon.exe
2007-11-09 12:59:34 145984 --a------ C:\WINDOWS\system32\zpsfvoli.dll
2007-11-09 12:59:13 145984 --a------ C:\WINDOWS\system32\xuxpjeuh.dll
2007-11-09 12:59:11 101726 ---hs---- C:\WINDOWS\system32\egjlm.bak2
2007-11-08 16:51:38 6465 ---hs---- C:\WINDOWS\system32\egjlm.bak1
2007-11-08 16:51:00 316000 --a------ C:\WINDOWS\system32\mljge.dll
2007-11-08 16:49:29 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-08 16:49:09 0 d-------- C:\Programmer\WinAble
2007-11-08 16:49:08 0 d-------- C:\Programmer\Temporary
2007-11-08 16:46:01 35840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-08 16:46:00 35840 -ra------ C:\WINDOWS\mrofinu1188.exe
2007-11-08 16:45:57 35328 --a------ C:\WINDOWS\system32\gebcdbc.dll
2007-11-08 16:45:48 0 d-------- C:\WINDOWS\system32\u4
2007-11-08 16:45:48 0 d-------- C:\WINDOWS\system32\e1
2007-11-08 16:45:39 0 d-------- C:\WINDOWS\system32\b3
2007-11-08 16:45:37 0 d-------- C:\WINDOWS\system32\Mz18r
2007-11-08 16:45:35 111727 --a------ C:\a.exe
2007-11-08 16:29:59 0 dr-h----- C:\Documents and Settings\Emil\Application Data\SecuROM
2007-11-06 18:45:25 0 d-------- C:\Programmer\iPod
2007-11-01 12:24:00 229376 --a------ C:\WINDOWS\b128.exe
2007-10-30 19:53:32 97280 --a------ C:\WINDOWS\b147.exe
2007-10-29 21:21:52 145920 ---hs---- C:\Programmer\Fælles filer\Yazzle1560OinAdmin.exe
2007-10-29 17:12:21 0 d-------- C:\Documents and Settings\Iku\Application Data\Apple Computer
2007-10-27 21:14:36 0 d-------- C:\Documents and Settings\Henrik\cbt
2007-10-26 22:10:59 0 d-------- C:\Documents and Settings\Iku\Application Data\Google
2007-10-25 16:24:20 53760 --a------ C:\WINDOWS\b122.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-10 20:01:00 0 d-------- C:\Documents and Settings\Emil\Application Data\LimeWire
2007-11-10 18:44:26 0 d-------- C:\Programmer\Windows Live Toolbar
2007-11-10 18:40:57 0 d-------- C:\Programmer\LimeWire
2007-11-10 18:40:43 0 d-------- C:\Programmer\iTunes
2007-11-10 18:40:15 0 d-------- C:\Programmer\Google
2007-11-10 18:37:26 0 d-------- C:\Programmer\ContextTool
2007-11-10 17:33:11 0 d-------- C:\Programmer\Fælles filer
2007-11-06 18:43:14 0 d-------- C:\Programmer\QuickTime
2007-10-31 16:52:14 0 d--h----- C:\Programmer\InstallShield Installation Information
2007-10-28 11:34:47 410000 --a------ C:\WINDOWS\system32\perfh006.dat
2007-10-28 11:34:47 69974 --a------ C:\WINDOWS\system32\perfc006.dat
2007-10-23 23:21:44 0 d-------- C:\Programmer\MSN Messenger
2007-10-12 18:28:35 0 d-------- C:\Programmer\Bethesda Softworks
2007-10-10 16:33:10 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-03 19:34:44 0 d-------- C:\Programmer\Ground Control II
2007-10-03 15:50:50 0 d-------- C:\Programmer\Illusion Softworks
2007-09-18 18:10:57 0 d-------- C:\Programmer\Rockstar Games
2007-09-18 16:22:17 0 d-------- C:\Programmer\Apple Software Update
2007-09-18 15:38:54 0 d-------- C:\Programmer\Sierra


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
27-06-2007 21:27 1044480 --a------ C:\Programmer\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64F7A424-5613-4885-A1B2-4A3CC56D5F08}]
08-11-2007 16:51 316000 --a------ C:\WINDOWS\system32\mljge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A2673A-1B5F-4E5A-B8D8-099D446F4616}]
C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
09-11-2007 12:59 145984 --a------ C:\WINDOWS\system32\zpsfvoli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bef89c92-1df4-419f-9efb-76e49e5e9654}]
10-11-2007 16:37 81472 --a------ C:\WINDOWS\system32\ntwsbkjy.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zpsfvoli.dll [09-11-2007 12:59 145984]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04-08-2004 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 06:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [22-10-2006 12:22]
"nwiz"="nwiz.exe" [22-10-2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [22-10-2006 12:22]
"SoundMan"="SOUNDMAN.EXE" [21-06-2006 05:42 C:\WINDOWS\soundman.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19-07-2005 17:32]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [08-06-2005 15:24]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [08-06-2005 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [27-07-2007 23:03]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [12-07-2007 03:00]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-05-2007 02:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [19-10-2007 20:16]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [02-11-2007 18:36]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [01-10-2007 12:15]
"runner1"="C:\WINDOWS\mrofinu1188.exe" [08-11-2007 21:50]
"cc429608"="C:\WINDOWS\system32\jmpenofk.dll" [10-11-2007 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [27-08-2004 01:53]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [08-06-2005 14:44]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [19-01-2007 11:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [13-08-2007 15:01]
"WinAble"="C:\Programmer\WinAble\winable.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zpsfvoli]
zpsfvoli.dll 09-11-2007 12:59 145984 C:\WINDOWS\system32\zpsfvoli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c004A02A.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljge.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


-- End of Deckard's System Scanner: finished at 2007-11-10 20:45:17 ------------
"

If by any chance you should have a a neuclear bomb, a missile to carry it and the GPS-coordinates to that server that send out all this virus crap.....
 

Attachments

·
Registered
Joined
·
14 Posts
Discussion Starter · #2 ·
..oh..forgot to say that ...

I did follow MicroBell's 5 Step process and the Panda scan said that no virus could be found. However, my Avast anti-virus warned me 5-6 times about files while I was running the Panda virus scanning. One of them was named "win.exe" and was in C:\temp\ but has now been deleted. Every time Avast issued a virus alert I chose the option to delete the file in question.
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #4 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1

I can give you the logs and text files that you need except HiJackThis log. I can guess that HiJackThis is a program that produces the log but I cannot find it. Where is it?

On the top of TechSupportForum there is a link to download Hijackthis.exe but the link does not lead to a download with a program with that name. It is called "1 click PC Fix 2007" in stead.

Can you tell me where to download HiJackThis.

Regards,
Henrik Berg Andersen
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #5 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1.

1. Here is the contents of "rapport.txt":

"SmitFraudFix v2.253

Scan done at 20:29:24,42, 14-11-2007
Run from C:\Documents and Settings\Emil\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\Emil\MENUEN~1\PROGRA~1\SpyLocked 3.6 Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{1E027A70-E944-4BFA-AF2B-511A7EA20045}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
"

2. Here is the contents of ComboFix.txt:

"
ComboFix 07-11-08.1 - Emil 2007-11-14 20:57:33.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Emil\Skrivebord\combofix.exe
Command switches used :: /killall
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.exe
C:\Documents and Settings\All Users\Menuen Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.lnk
C:\Documents and Settings\Emil\Foretrukne\Online Security Guide.lnk
C:\Documents and Settings\Emil\Skrivebord\Live Safety Center.lnk
C:\Documents and Settings\Emil\Skrivebord\Online Security Guide.lnk
C:\Documents and Settings\Miki\Skrivebord\internet.lnk
C:\Programmer\F‘lles filer\Yazzle1560OinAdmin.exe
C:\Programmer\F‘lles filer\Yazzle1560OinUninstaller.exe
C:\Programmer\inetget2
C:\Programmer\Insider
C:\Programmer\Insider\Insider.exe
C:\Programmer\Temporary
C:\Programmer\Temporary\wininstall.exe
C:\Programmer\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\__c004A02A.dat
C:\WINDOWS\system32\__c00F6D1B.dat
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\e1
C:\WINDOWS\system32\e1\caws83122.exe
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\mbhjrblp.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pwyhayjy.dll
C:\WINDOWS\system32\tdxbarra.dll
C:\WINDOWS\system32\u4
C:\WINDOWS\system32\u4\wr31drs.exe
C:\WINDOWS\system32\zpsfvoli.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.

2007-11-14 20:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 19:44 <DIR> d-------- C:\Programmer\Trend Micro
2007-11-10 19:42 <DIR> d-------- C:\Deckard
2007-11-10 19:05 <DIR> d-------- C:\Programmer\SpywareBlaster
2007-11-10 16:40 85,056 --a------ C:\WINDOWS\system32\jmpenofk.dll
2007-11-10 16:37 81,472 --a------ C:\WINDOWS\system32\ntwsbkjy.dll
2007-11-10 16:35 <DIR> d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire
2007-11-10 16:34 71,232 --a------ C:\WINDOWS\system32\emkmtixx.exe
2007-11-10 16:30 36,352 --a------ C:\WINDOWS\system32\rqrqppo.dll
2007-11-09 16:20 <DIR> d-------- C:\Documents and Settings\Miki\Application Data\LimeWire
2007-11-09 13:04 88,128 --a------ C:\WINDOWS\system32\mjickogw.dll
2007-11-09 13:04 77,888 --a------ C:\WINDOWS\system32\nckvbyeb.dll
2007-11-09 13:01 71,232 --a------ C:\WINDOWS\system32\agsdyely.exe
2007-11-09 13:00 172,032 --a------ C:\winlogon.exe
2007-11-09 13:00 35,328 --a------ C:\WINDOWS\system32\pmnnnop.dll
2007-11-09 13:00 264 --a------ C:\Documents and Settings\Emil\z.dat
2007-11-09 13:00 134 --a------ C:\n.bat
2007-11-09 13:00 0 --a------ C:\z.dat
2007-11-09 13:00 0 --a------ C:\x.dat
2007-11-09 13:00 0 --a------ C:\Documents and Settings\Emil\x.dat
2007-11-09 12:59 145,984 --a------ C:\WINDOWS\system32\zpsfvoli.dll
2007-11-09 12:59 145,984 --a------ C:\WINDOWS\system32\xuxpjeuh.dll
2007-11-08 16:49 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-08 16:46 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-08 16:45 <DIR> d-------- C:\WINDOWS\system32\Mz18r
2007-11-08 16:45 <DIR> d-------- C:\temp\mZOr
2007-11-08 16:45 35,328 --a------ C:\WINDOWS\system32\gebcdbc.dll
2007-11-08 16:29 <DIR> dr-h----- C:\Documents and Settings\Emil\Application Data\SecuROM
2007-11-06 18:45 <DIR> d-------- C:\Programmer\iPod
2007-10-29 17:12 <DIR> d-------- C:\Documents and Settings\Iku\Application Data\Apple Computer
2007-10-27 21:14 <DIR> d-------- C:\Documents and Settings\Henrik\cbt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 19:01 --------- d-----w C:\Documents and Settings\Emil\Application Data\LimeWire
2007-11-10 18:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 17:44 --------- d-----w C:\Programmer\Windows Live Toolbar
2007-11-10 17:40 --------- d-----w C:\Programmer\LimeWire
2007-11-10 17:40 --------- d-----w C:\Programmer\iTunes
2007-11-10 17:40 --------- d-----w C:\Programmer\Google
2007-11-10 17:37 --------- d-----w C:\Programmer\ContextTool
2007-11-06 17:43 --------- d-----w C:\Programmer\QuickTime
2007-10-31 15:52 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-10-23 22:21 --------- d-----w C:\Programmer\MSN Messenger
2007-10-12 17:28 --------- d-----w C:\Programmer\Bethesda Softworks
2007-10-03 18:34 --------- d-----w C:\Programmer\Ground Control II
2007-10-03 14:50 --------- d-----w C:\Programmer\Illusion Softworks
2007-10-01 11:15 839,696 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,695 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-09-18 17:10 --------- d-----w C:\Programmer\Rockstar Games
2007-09-18 15:22 --------- d-----w C:\Programmer\Apple Software Update
2007-09-18 14:38 --------- d-----w C:\Programmer\Sierra
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 21:27 1044480 --a------ C:\Programmer\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A2673A-1B5F-4E5A-B8D8-099D446F4616}]
C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-09 12:59 145984 --a------ C:\WINDOWS\system32\zpsfvoli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bef89c92-1df4-419f-9efb-76e49e5e9654}]
2007-11-10 16:37 81472 --a------ C:\WINDOWS\system32\ntwsbkjy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zpsfvoli.dll [2007-11-09 12:59 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 C:\WINDOWS\soundman.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"cc429608"="C:\WINDOWS\system32\jmpenofk.dll" [2007-11-10 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 15:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zpsfvoli]
zpsfvoli.dll 2007-11-09 12:59 145984 C:\WINDOWS\system32\zpsfvoli.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljge.dll

R3 mssmbios;Driver til Microsoft System Management BIOS;C:\WINDOWS\system32\DRIVERS\mssmbios.sys
S1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
S3 iMSPQMn;iMSPQMn;\??\C:\DOCUME~1\Emil\LOKALE~1\Temp\iMSPQMn.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 11:58:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-11-10 19:34:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 21:13:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 21:16:19 - machine was rebooted
.
--- E O F ---
"

3. Here is the contents of "extra.txt":

"
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (0406) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 1022.42 MiB / 419.99 MiB
Pagefile Memory (total/avail): 2459.57 MiB / 1969.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.01 MiB

C: is Fixed (NTFS) - 153.38 GiB total, 104.77 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - Hitachi HDS721616PLA380 - 153.38 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 153.38 GiB - C:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 243.17 MiB - 1 partition
\PARTITION0 (bootable) - Win95 m. udvidet Int 13 - 244.98 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1029 [VPS 071109-0] v4.7.1029 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Programmer\\Messenger\\msmsgs.exe"="C:\\Programmer\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Programmer\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Programmer\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programmer\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programmer\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Programmer\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"="C:\\Programmer\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat:*:Enabled:game"
"C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Disabled:UT2004"
"C:\\Programmer\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Programmer\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\Programmer\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"="C:\\Programmer\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"="C:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe:*:Disabled:Rome: Total War"
"C:\\Programmer\\LimeWire\\LimeWire.exe"="C:\\Programmer\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programmer\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Programmer\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmer\\Ground Control II\\gcii.exe"="C:\\Programmer\\Ground Control II\\gcii.exe:*:Enabled:Ground Control II"
"C:\\Programmer\\iTunes\\iTunes.exe"="C:\\Programmer\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\agsdyely.exe"="C:\\WINDOWS\\system32\\ags"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Henrik\Application Data
CLASSPATH=.;C:\Programmer\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programmer\F‘lles filer
COMPUTERNAME=ANDERSENSPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Henrik
LOGONSERVER=\\ANDERSENSPC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programmer\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramFiles=C:\Programmer
PROMPT=$P$G
QTJAVA=C:\Programmer\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Henrik\LOKALE~1\Temp
TMP=C:\DOCUME~1\Henrik\LOKALE~1\Temp
USERDOMAIN=ANDERSENSPC
USERNAME=Henrik
USERPROFILE=C:\Documents and Settings\Henrik
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Emil (admin)
Henrik (admin)
Iku
Leona
Miki (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0 - Dansk --> MsiExec.exe /I{AC76BA86-7AD7-1030-7B44-A81000000003}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
ContextTool --> C:\Programmer\ContextTool\uninstall.exe
Faneopdelt søgning (Windows Live Toolbar) --> MsiExec.exe /X{94B33FA9-7941-487A-9071-18FE3C395111}
Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{61CC9D2A-C4C3-40CD-BAC2-76AE1ADEAF56}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programmer\google\googletoolbar2.dll"
Ground Control II --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{21C41BAF-6F62-469D-A43B-DDF01628346E}\setup.exe" -l0x9
GTA San Andreas --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Heroes of Might and Magic® III --> C:\WINDOWS\IsUninst.exe -fC:\Programmer\3DO\Heroes3\Uninst.isu -c"C:\Programmer\3DO\Heroes3\uninst.dll
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix til Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Insider --> C:\Programmer\Insider\UnInstall.exe
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.14.10 --> "C:\Programmer\LimeWire\uninstall.exe"
Logitech QuickCam-software --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x6
Logitech® Camera-driver --> "C:\Programmer\Fælles filer\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Age of Empires II --> "C:\Programmer\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Programmer\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110406-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Morrowind --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Programmer\Electronic Arts\Network Play System\NPSPatch.isu"
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Opdatering til Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Outerinfo --> "C:\Programmer\Fælles filer\Yazzle1560OinUninstaller.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pixeline - DANSK --> C:\WINDOWS\unvise32.exe C:\Programmer\Pixeline\uninstal.log
PlayMP3z --> C:\Programmer\PlayMP3z\uninstall.exe
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x6 -removeonly
Rome - Total War(TM) --> C:\PROGRA~1\FLLESF~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Pirates! --> C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033
Sikkerhedsopdatering til Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Smarte menuer (Windows Live Toolbar) --> MsiExec.exe /X{11683D9E-808C-43D6-8B39-4DDA55D0FAF8}
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
SpywareBlaster v3.5.1 --> "C:\Programmer\SpywareBlaster\unins000.exe"
The Sims House Party --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{7D268154-7A31-40F2-9779-7A250914BB39}\setup.exe" -l0009
Udvidelser (Windows Live Toolbar) --> MsiExec.exe /X{6494C2C0-69A6-4735-988C-E6298F4BB175}
Unreal Tournament 2004 --> C:\UT2004\System\Setup.exe uninstall "UT2004"
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Live Messenger --> MsiExec.exe /I{F53548BC-B8A8-43E4-85FC-A263640C347F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar --> "C:\Programmer\Windows Live Toolbar\UnInstall.exe" {DB337F35-B00C-4FB0-9594-DD28FE0F7DBB}
Windows Live Toolbar --> MsiExec.exe /X{DB337F35-B00C-4FB0-9594-DD28FE0F7DBB}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XEd --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{BDF2A175-ED4D-4CE7-BF4E-2725566D64F3}\setup.exe" -l0x9
Xfire (remove only) --> "C:\Programmer\Xfire\uninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2984 / Success
Event Submitted/Written: 11/07/2007 06:17:15 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2980 / Error
Event Submitted/Written: 11/06/2007 06:47:25 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Produkt: Security Update for QuickTime 7.2 -- Denne opdatering kræver QuickTime 7.2

Event Record #/Type2932 / Error
Event Submitted/Written: 11/02/2007 01:44:32 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Stoppet program RomeTW.exe, version 1.0.0.0, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

Event Record #/Type2929 / Error
Event Submitted/Written: 11/01/2007 01:32:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Stoppet program UT2004.exe, version 0.0.0.0, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

Event Record #/Type2921 / Success
Event Submitted/Written: 10/31/2007 07:05:49 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21061 / Error
Event Submitted/Written: 11/10/2007 05:02:34 PM
Event ID/Source: 1002 / Dhcp
Event Description:
Rettigheden til IP-adressen 0.0.0.0 for netværkskortet med netværksadressen 00E04D0FC306 blev
nægtet af DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-meddelelse).

Event Record #/Type21060 / Error
Event Submitted/Written: 11/10/2007 05:02:31 PM
Event ID/Source: 1002 / Dhcp
Event Description:
Rettigheden til IP-adressen 192.168.1.3 for netværkskortet med netværksadressen 00E04D0FC306 blev
nægtet af DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-meddelelse).

Event Record #/Type21057 / Warning
Event Submitted/Written: 11/10/2007 04:54:59 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Computeren kunne ikke forny sin adresse fra netværket (fra
DHCP-serveren) for netværkskortet med netværksadressen 00E04D0FC306. Der opstod
følgende fejl:
%%121.
Computeren vil fortsat forsøge at få tildelt en adresse
fra netværksadresseserveren (DHCP).

Event Record #/Type20901 / Warning
Event Submitted/Written: 11/08/2007 04:50:20 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nået sikkerhedsgrænsen, der er pålagt antallet af samtidige forsøg på oprettelse af TCP-forbindelser.

Event Record #/Type20900 / Warning
Event Submitted/Written: 11/08/2007 04:31:32 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nået sikkerhedsgrænsen, der er pålagt antallet af samtidige forsøg på oprettelse af TCP-forbindelser.



-- End of Deckard's System Scanner: finished at 2007-11-10 19:47:05 ------------

"

As I wrote I cannot find HiJackThis so I am not able to give you the HiJackThis-log righ now.

Regards,
Henrik Berg Andersen
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #8 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1

I agree with you that LimeWire is probably the main reason (if not the only reason) that my sons PC got infected. I already told him that he is a prime candidate for getting virus when he uses LimeWire.

He confirms that perception himself as he says that almost any film or program on LimeWire is infected and he gets warnings from the Avast anti-virus, which has saved him a great number of times. He has had the PC for 10 months without getting infected until now so all in all I think he is doing ok for a 13 year old kid.

I have adviced him to keep his Avast update whenever it says that updates are available and I have informed him that if he misses to do it then new viruses will pass through unnoticed.

I will run HiJackThis and Combofix and get back to you.

Regards,
Henrik Berg Andersen
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #9 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1.

I have run your CFscript and I hereby give you the Combofix-log and the HJT-log.

For your information I have posted the zip-file "[4][email protected]" to bleepingcomputer.com as I was asked to after running Combofix.

Combofix-log:
ComboFix 07-11-08.1 - Emil 2007-11-16 20:14:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.504 [GMT 1:00]
Running from: C:\Documents and Settings\Emil\Skrivebord\ComboFix.exe
Command switches used :: E:\Virus\CFscript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Emil\x.dat
C:\Documents and Settings\Emil\z.dat
C:\n.bat
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\gebcdbc.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\pmnnnop.dll
C:\WINDOWS\system32\vbzip10.dll
C:\winlogon.exe
C:\x.dat
C:\z.dat
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menuen Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.lnk
C:\Documents and Settings\Emil\Foretrukne\Online Security Guide.lnk
C:\Documents and Settings\Emil\Skrivebord\Live Safety Center.lnk
C:\Documents and Settings\Emil\Skrivebord\Online Security Guide.lnk
C:\Documents and Settings\Emil\x.dat
C:\Documents and Settings\Emil\z.dat
C:\n.bat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\mZOr
C:\temp\mZOr\tOasF.log
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\agsdyely.exe
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\emkmtixx.exe
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\f1\bemwdll3.exe
C:\WINDOWS\system32\gebcdbc.dll
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\jmpenofk.dll
C:\WINDOWS\system32\k4\mper83122.exe
C:\WINDOWS\system32\mjickogw.dll
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\Mz18r
C:\WINDOWS\system32\Mz18r\Mz18r2328.exe
C:\WINDOWS\system32\nckvbyeb.dll
C:\WINDOWS\system32\ntwsbkjy.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnnop.dll
C:\WINDOWS\system32\rqrqppo.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\xuxpjeuh.dll
C:\WINDOWS\system32\zpsfvoli.dll
C:\WINDOWS\system32\zpsfvoli.dllbox
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.

2007-11-16 20:10 <DIR> d-------- C:\WINDOWS\system32\rMa05yy
2007-11-16 20:10 <DIR> d-------- C:\temp\abW9
2007-11-16 20:10 225,293 --a------ C:\temp\e002A477.exe
2007-11-16 20:10 36,352 --a------ C:\WINDOWS\system32\efcbxuu.dll
2007-11-14 20:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 19:44 <DIR> d-------- C:\Programmer\Trend Micro
2007-11-10 19:42 <DIR> d-------- C:\Deckard
2007-11-10 19:05 <DIR> d-------- C:\Programmer\SpywareBlaster
2007-11-10 16:35 <DIR> d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire
2007-11-09 16:20 <DIR> d-------- C:\Documents and Settings\Miki\Application Data\LimeWire
2007-11-08 16:29 <DIR> dr-h----- C:\Documents and Settings\Emil\Application Data\SecuROM
2007-11-06 18:45 <DIR> d-------- C:\Programmer\iPod
2007-10-29 17:12 <DIR> d-------- C:\Documents and Settings\Iku\Application Data\Apple Computer
2007-10-27 21:14 <DIR> d-------- C:\Documents and Settings\Henrik\cbt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 19:14 --------- d-----w C:\Documents and Settings\Emil\Application Data\LimeWire
2007-11-16 19:10 --------- d-----w C:\Programmer\ContextTool
2007-11-16 19:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 17:44 --------- d-----w C:\Programmer\Windows Live Toolbar
2007-11-10 17:40 --------- d-----w C:\Programmer\LimeWire
2007-11-10 17:40 --------- d-----w C:\Programmer\iTunes
2007-11-10 17:40 --------- d-----w C:\Programmer\Google
2007-11-06 17:43 --------- d-----w C:\Programmer\QuickTime
2007-10-31 15:52 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-10-23 22:21 --------- d-----w C:\Programmer\MSN Messenger
2007-10-12 17:28 --------- d-----w C:\Programmer\Bethesda Softworks
2007-10-03 18:34 --------- d-----w C:\Programmer\Ground Control II
2007-10-03 14:50 --------- d-----w C:\Programmer\Illusion Softworks
2007-09-18 17:10 --------- d-----w C:\Programmer\Rockstar Games
2007-09-18 15:22 --------- d-----w C:\Programmer\Apple Software Update
2007-09-18 14:38 --------- d-----w C:\Programmer\Sierra
.

((((((((((((((((((((((((((((( [email protected]_21.15.02.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-13 08:18:04 32,768 ----a-w C:\WINDOWS\system32\rMa05yy\rMa05yy1080.exe
+ 2007-11-16 19:21:52 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_54c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 21:27 1044480 --a------ C:\Programmer\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63A611D8-144F-434B-B89C-BE485645DDE8}]
C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\k4\mper83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-16 20:10 36352 --a------ C:\WINDOWS\system32\efcbxuu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 C:\WINDOWS\soundman.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-11-02 18:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 15:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\efcbxuu.dll [2007-11-16 20:10 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbxuu]
efcbxuu.dll 2007-11-16 20:10 36352 C:\WINDOWS\system32\efcbxuu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkklm.dll

R1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
R3 mssmbios;Driver til Microsoft System Management BIOS;C:\WINDOWS\system32\DRIVERS\mssmbios.sys
S3 iMSPQMn;iMSPQMn;\??\C:\DOCUME~1\Emil\LOKALE~1\Temp\iMSPQMn.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 11:58:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-11-10 19:34:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 20:22:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-16 20:26:03 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-14 21:16
.
--- E O F ---
HiJackThis-log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:43, on 16-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Java\jre1.6.0_02\bin\jucheck.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Logitech\Video\AlbumDB2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {63A611D8-144F-434B-B89C-BE485645DDE8} - C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\k4\mper83122.exe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\efcbxuu.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ad0ecc5bcbe84099a7ef653c4a4aa47a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ad0ecc5bcbe84099a7ef653c4a4aa47a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: efcbxuu - C:\WINDOWS\SYSTEM32\efcbxuu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8669 bytes
Regards,
Henrik Berg Andersen
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #11 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1

Nor me or my son has uninstalled ContextTool and PlayMP3z but I know that ContextTool is there because it sometimes balloons a message.

I have not been able to follow your advice of staying of the internet long enough as the Kapersky on-line scanner requires that I am connected. But you are most certainly right that the virus attacts through usage of an open internet connection.

The CFscript I ran the last time before last cleaned out the unwated "Live Safety Center" and "Online Security Guide" from the desktop and I could run the PC without stupid popups.

This time around the virus came back with a vengeance as soon as the PC started and I had loged in. Internet Explorer starts up with no warning and I have seen at least 5 or 6 different web-pages with different layout offering to buy "anti-virus". In my right-hand corner at the watch it constantly blinks a yellow warning triangle, which clearly is not from the Avast anti-virus. Right now it balloons "System performance monitor: Warning" as a head line and continues with "Summary: System performance slowed down by: 47%. Internet connection speed decreased by 39%...bla bla bla...Click this balloon to download spyware tool to remove spyware/adware applications".

The unwanted ikons I mentioned before is back on the desktop. Warning dialogs appear in the middle of the screen stating "Critical System Warning!" in the title bar and a warning text "Your system is probably infected with latest version of Spyware.CyberLog-X ...bla bla bla..Click OK to download antispyware software". There are a Yes and No button and it is not possible to X-out the mesage box, which of course is just a proof that it itself is a virus.

The logs are too long so I have made 3 extra replies to send them to you.

Regards,
Henrik Berg Andersen
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #12 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

ComboFix 07-11-08.1 - Emil 2007-11-17 17:55:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.530 [GMT 1:00]
Running from: C:\Documents and Settings\Emil\Skrivebord\Anti-virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\Emil\Skrivebord\Anti-virus\CFscript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\jkklm.dll
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menuen Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.lnk
C:\Documents and Settings\Emil\Foretrukne\Online Security Guide.lnk
C:\Documents and Settings\Emil\Skrivebord\Live Safety Center.lnk
C:\Documents and Settings\Emil\Skrivebord\Online Security Guide.lnk
C:\Temp
C:\Temp\abW9\tPho.log
C:\Temp\arbjedArbejd.txt
C:\Temp\default.htm
C:\Temp\DSBKøreplanAug2007.pdf
C:\Temp\DSBKøreplanJuli2007.pdf
C:\temp\e002A477.exe
C:\Temp\Emil.jpg
C:\Temp\f-16-l.jpg
C:\Temp\jre-1_5_0_07-online.exe
C:\Temp\Thumbs.db
C:\Temp\totoro.jpg
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c0016840.dat
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\clugkocn.dll
C:\WINDOWS\system32\cqxqjcjm.dllbox
C:\WINDOWS\system32\efcbxuu.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa05yy\rMa05yy1080.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 17:47 85,056 --a------ C:\WINDOWS\system32\manusalf.dll
2007-11-17 15:38 82,496 --a------ C:\WINDOWS\system32\vmhgjyhp.dll
2007-11-17 14:50 145,984 --a------ C:\WINDOWS\system32\ixtymqbd.dll
2007-11-17 14:50 145,984 --a------ C:\WINDOWS\system32\cqxqjcjm.dll
2007-11-17 14:50 71,232 --a------ C:\WINDOWS\system32\kfsgcohr.exe
2007-11-16 21:23 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-16 21:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-16 21:23 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-16 21:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-16 21:23 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-14 20:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 19:44 <DIR> d-------- C:\Programmer\Trend Micro
2007-11-10 19:42 <DIR> d-------- C:\Deckard
2007-11-10 19:05 <DIR> d-------- C:\Programmer\SpywareBlaster
2007-11-10 16:35 <DIR> d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire
2007-11-09 16:20 <DIR> d-------- C:\Documents and Settings\Miki\Application Data\LimeWire
2007-11-08 16:29 <DIR> dr-h----- C:\Documents and Settings\Emil\Application Data\SecuROM
2007-11-06 18:45 <DIR> d-------- C:\Programmer\iPod
2007-10-29 17:12 <DIR> d-------- C:\Documents and Settings\Iku\Application Data\Apple Computer
2007-10-27 21:14 <DIR> d-------- C:\Documents and Settings\Henrik\cbt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 16:53 --------- d-----w C:\Programmer\ContextTool
2007-11-16 20:01 --------- d-----w C:\Programmer\Java
2007-11-16 19:14 --------- d-----w C:\Documents and Settings\Emil\Application Data\LimeWire
2007-11-16 19:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 17:44 --------- d-----w C:\Programmer\Windows Live Toolbar
2007-11-10 17:40 --------- d-----w C:\Programmer\LimeWire
2007-11-10 17:40 --------- d-----w C:\Programmer\iTunes
2007-11-10 17:40 --------- d-----w C:\Programmer\Google
2007-11-06 17:43 --------- d-----w C:\Programmer\QuickTime
2007-10-31 15:52 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-23 22:21 --------- d-----w C:\Programmer\MSN Messenger
2007-10-12 17:28 --------- d-----w C:\Programmer\Bethesda Softworks
2007-10-03 18:34 --------- d-----w C:\Programmer\Ground Control II
2007-10-03 14:50 --------- d-----w C:\Programmer\Illusion Softworks
2007-09-18 17:10 --------- d-----w C:\Programmer\Rockstar Games
2007-09-18 15:22 --------- d-----w C:\Programmer\Apple Software Update
2007-09-18 14:38 --------- d-----w C:\Programmer\Sierra
.

((((((((((((((((((((((((((((( [email protected]_21.15.02.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-19 13:01:54 88,776 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2007-11-16 20:43:36 91,488 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
- 2007-09-19 13:01:54 101,064 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2007-11-16 20:43:34 103,776 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
- 2007-09-19 13:01:52 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2007-11-16 20:42:36 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2007-09-19 13:01:52 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2007-11-16 20:42:29 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2003-07-15 05:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 05:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-14 21:53:22 46,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 05:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 05:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 05:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2002-10-07 16:49:36 192,573 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2003-07-15 05:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 05:45:14 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-06-19 00:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-15 05:57:14 124,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 06:12:22 47,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-07-15 05:56:14 40,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 05:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 05:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-14 21:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 05:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 05:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 05:56:16 54,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-11 09:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 10:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-14 21:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 05:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 05:53:00 55,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 05:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 05:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 05:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 05:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-19 00:31:54 788,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-06-19 00:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 23:05:52 128,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-19 23:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 06:02:42 637,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-07-15 05:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-15 06:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 05:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 05:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-06-19 00:31:58 6,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2007-09-19 13:01:52 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 10:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 06:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 06:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL_0002
+ 2003-07-15 05:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 05:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 10:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2002-10-07 17:11:00 167,997 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2003-07-15 05:40:16 51,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-05-09 04:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 05:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2002-10-07 16:49:42 81,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-21 18:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 05:57:18 349,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-15 05:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-14 21:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 05:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2002-10-07 16:53:04 106,561 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2002-10-07 16:50:44 241,729 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 16:51:04 180,289 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 16:51:14 147,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 16:51:20 102,467 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 16:50:04 118,847 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 16:49:56 81,983 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2002-10-07 16:51:44 221,252 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2003-07-15 05:57:40 59,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2007-09-19 13:01:52 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2002-10-07 17:03:34 1,794,113 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-04-30 18:52:32 1,581,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2003-01-17 21:03:34 59,466 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2001-06-05 15:13:22 289,926 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2001-06-05 15:13:22 34,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2001-06-05 15:13:24 18,844 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 15:13:26 65,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2005-02-03 16:59:22 346,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\METCONV.DLL
+ 2005-05-03 23:06:28 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-03 23:06:32 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2005-05-03 23:06:26 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2001-10-23 07:13:42 53,260 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 15:13:26 40,972 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
- 2007-10-10 21:28:39 593,920 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-11-16 20:47:05 593,920 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-10-10 21:28:39 12,288 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-11-16 20:47:05 12,288 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-10 21:28:39 86,016 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-11-16 20:47:05 86,016 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-10 21:28:39 135,168 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-16 20:47:04 135,168 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-10 21:28:39 11,264 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-16 20:47:05 11,264 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-10 21:28:40 27,136 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-11-16 20:47:05 27,136 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-10 21:28:40 4,096 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-11-16 20:47:05 4,096 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-10-10 21:28:40 794,624 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-16 20:47:05 794,624 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-10 21:28:39 249,856 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-11-16 20:47:04 249,856 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-10 21:28:39 61,440 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-11-16 20:47:04 61,440 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-10 21:28:40 23,040 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-11-16 20:47:05 23,040 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-10 21:28:39 286,720 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-11-16 20:47:04 286,720 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-10 21:28:39 409,600 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-16 20:47:04 409,600 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-07-27 22:07:21 783,224 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2007-10-25 16:24:45 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2007-07-27 21:57:49 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2007-10-25 16:14:25 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
- 2006-12-19 21:50:34 8,465,408 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:43:57 8,472,064 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-07-27 21:58:36 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2007-10-25 16:58:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2005-03-17 13:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 09:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-15 05:57:04 32,584 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-22 18:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2007-07-06 12:39:14 248,696 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-16 20:50:01 248,696 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-07-11 23:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-11 23:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-12 00:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-04-24 09:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 13:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-06-11 12:04:38 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
- 2004-03-22 14:17:06 24,816 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 12:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:50:34 8,465,408 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:43:57 8,472,064 ----a-w C:\WINDOWS\system32\shell32.dll
- 2006-11-17 14:14:30 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 13:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-03-22 14:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 12:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2004-03-22 14:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 12:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2004-03-22 14:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 12:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2004-03-22 14:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 12:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2004-03-22 14:17:08 25,840 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 12:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
- 2006-11-29 16:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 04:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
- 2007-06-18 22:24:36 359,936 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:07:10 359,936 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-11-17 17:03:03 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_54c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766}]
2007-11-17 15:38 82496 --a------ C:\WINDOWS\system32\vmhgjyhp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 21:27 1044480 --a------ C:\Programmer\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-17 14:50 145984 --a------ C:\WINDOWS\system32\cqxqjcjm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\cqxqjcjm.dll [2007-11-17 14:50 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 C:\WINDOWS\soundman.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"cc429608"="C:\WINDOWS\system32\manusalf.dll" [2007-11-17 17:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 15:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cqxqjcjm]
cqxqjcjm.dll 2007-11-17 14:50 145984 C:\WINDOWS\system32\cqxqjcjm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcb.dll

R1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
R3 mssmbios;Driver til Microsoft System Management BIOS;C:\WINDOWS\system32\DRIVERS\mssmbios.sys
S3 iMSPQMn;iMSPQMn;\??\C:\DOCUME~1\Emil\LOKALE~1\Temp\iMSPQMn.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 11:58:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-11-16 21:34:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 18:05:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 18:07:27 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-16 20:26
C:\ComboFix3.txt ... 2007-11-14 21:16
.
--- E O F ---
-------------------------------------------------------------------------------
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #13 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

The Kaspersky is simply too long, so I have attached it instead.

KASPERSKY ONLINE SCANNER REPORT
Saturday, November 17, 2007 8:01:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/11/2007
Kaspersky Anti-Virus database records: 460924
-------------------------------------------------------------------------------
 

Attachments

·
Registered
Joined
·
14 Posts
Discussion Starter · #14 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:24, on 17-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: {6674d21f-0a5b-a57a-0bb4-f5cad3ae8600} - {0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766} - C:\WINDOWS\system32\vmhgjyhp.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\cqxqjcjm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\cqxqjcjm.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cc429608] rundll32.exe "C:\WINDOWS\system32\manusalf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ad0ecc5bcbe84099a7ef653c4a4aa47a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ad0ecc5bcbe84099a7ef653c4a4aa47a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: cqxqjcjm - C:\WINDOWS\SYSTEM32\cqxqjcjm.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9183 bytes
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #16 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1.

I did these 19 steps:

1: Sick PC is disconnected from the Internet.
2: No passwords were mined according to the z.dat.vir file.
3: ContextTool and PlayMP3z have now been uninstalled
4: VundoFix.exe, SDFix.exe and ATF-cleaner downloaded to a USB-stick on a clean PC
5: VundoFix.exe, SDFix.exe, and ATF-cleaner copied from the USB-stick to sick PC.
6: Ran VundiFix.exe and clicked the Vundo-button
7: Clicked Remove Vundo-button to wipe 3 files
8: After the wipe PC was rebooted as requested by VundoFix. VundoFix.txt saved.
9: PC booted again now in Safe Mode.
10: SDFix extracted
11: Double clicked RunThis.cmd and chose Y
12: After the scan a key pressed to reboot PC as requested. Reboot in normal mode.
13: ...waited for "Finished" and pressed a key to end script. File Report.txt saved.
14: Your guide on Techsupport says to reboot into normal mode but PC has already booted into normal mode (see 12)
15: ATF-Cleaner launched and "Select all" is clicked and "Empty selected" after that.
16: HKEY_LOCAL_MACHINE exported and the export-file has been copied to USB-stick
17: Ran Fix.reg file
18: Ran the Deckard System Scanner and saved main.txt
19: Ran HiJackThis and saved the file
I saved the 3 files that you requested plus a HiJackThis-file. I notised at the end that you asked me to do HiJackThis in between the steps that you wanted me to do. I am sorry to say that I only did a HiJackThis as the last thing. I hope that is ok dispite of that.

VundoFix:
VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 18:47:53 23-11-2007

Listing files found while scanning....

C:\windows\system32\cqxqjcjm.dll
C:\windows\system32\cqxqjcjm.dllbox
C:\windows\system32\ixtymqbd.dll

Beginning removal...

Attempting to delete C:\windows\system32\cqxqjcjm.dll
C:\windows\system32\cqxqjcjm.dll Has been deleted!

Attempting to delete C:\windows\system32\cqxqjcjm.dllbox
C:\windows\system32\cqxqjcjm.dllbox Has been deleted!

Attempting to delete C:\windows\system32\ixtymqbd.dll
C:\windows\system32\ixtymqbd.dll Has been deleted!

Performing Repairs to the registry.
Done!
Report.txt
SDFix: Version 1.115

Run by Emil on 23-11-2007 at 19:18

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Emil\SKRIVE~1\ANTI-V~1\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 19:25:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\01\11-{42AA0552-1A30-412F-943C-BEA9C8625780}-v1-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\13\18-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v13-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38928 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\13\18-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v13-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2784 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\13\18-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v13-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4360 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\14\19-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v14-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 33582 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\14\19-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v14-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2406 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\14\19-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v14-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3744 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\15\20-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v15-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 32340 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\15\20-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v15-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2334 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\15\20-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v15-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3608 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\16\21-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v16-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 27804 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\16\21-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v16-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1920 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\16\21-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v16-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3072 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\17\22-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v17-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 28884 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\17\22-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v17-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2046 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\17\22-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v17-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3248 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\53\28-{CA5CB9EF-DB62-419F-9E2C-57CCC57A0AB7}-v153-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38928 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\inge[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\53\28-{CA5CB9EF-DB62-419F-9E2C-57CCC57A0AB7}-v153-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2838 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\53\28-{CA5CB9EF-DB62-419F-9E2C-57CCC57A0AB7}-v153-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4320 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 19


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Programmer\Messenger\msmsgs.exe"
Fri 27 Aug 2004 60,416 A.SH. --- "C:\Programmer\Outlook Express\msimn.exe"
Sun 3 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 14 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

Main.txt
Deckard's System Scanner v20071014.68
Run by Emil on 2007-11-23 19:52:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Emil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:16, on 23-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Emil\Skrivebord\Anti-virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Emil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: {6674d21f-0a5b-a57a-0bb4-f5cad3ae8600} - {0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766} - C:\WINDOWS\system32\vmhgjyhp.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cc429608] rundll32.exe "C:\WINDOWS\system32\manusalf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ad0ecc5bcbe84099a7ef653c4a4aa47a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ad0ecc5bcbe84099a7ef653c4a4aa47a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8907 bytes

-- Files created between 2007-10-23 and 2007-11-23 -----------------------------

2007-11-23 19:17:14 0 d-------- C:\WINDOWS\ERUNT
2007-11-23 18:47:52 0 d-------- C:\VundoFix Backups
2007-11-17 18:15:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 18:15:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-17 17:47:22 85056 --a------ C:\WINDOWS\system32\manusalf.dll
2007-11-17 15:38:15 82496 --a------ C:\WINDOWS\system32\vmhgjyhp.dll
2007-11-17 14:50:30 71232 --a------ C:\WINDOWS\system32\kfsgcohr.exe <Not Verified; ; DDC>
2007-11-10 19:44:43 0 d-------- C:\Programmer\Trend Micro
2007-11-10 19:05:35 0 d-------- C:\Programmer\SpywareBlaster
2007-11-10 16:35:16 0 d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire
2007-11-09 16:20:37 0 d-------- C:\Documents and Settings\Miki\Application Data\LimeWire
2007-11-08 16:29:59 0 dr-h----- C:\Documents and Settings\Emil\Application Data\SecuROM
2007-11-06 18:45:25 0 d-------- C:\Programmer\iPod
2007-10-29 17:12:21 0 d-------- C:\Documents and Settings\Iku\Application Data\Apple Computer
2007-10-27 21:14:36 0 d-------- C:\Documents and Settings\Henrik\cbt
2007-10-26 22:10:59 0 d-------- C:\Documents and Settings\Iku\Application Data\Google


-- Find3M Report ---------------------------------------------------------------

2007-11-16 21:01:58 0 d-------- C:\Programmer\Java
2007-11-16 20:14:04 0 d-------- C:\Documents and Settings\Emil\Application Data\LimeWire
2007-11-14 21:13:27 0 d-------- C:\Programmer\Fælles filer
2007-11-14 20:29:37 3744 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-10 18:44:26 0 d-------- C:\Programmer\Windows Live Toolbar
2007-11-10 18:40:57 0 d-------- C:\Programmer\LimeWire
2007-11-10 18:40:43 0 d-------- C:\Programmer\iTunes
2007-11-10 18:40:15 0 d-------- C:\Programmer\Google
2007-11-06 18:43:14 0 d-------- C:\Programmer\QuickTime
2007-10-31 16:52:14 0 d--h----- C:\Programmer\InstallShield Installation Information
2007-10-28 11:34:47 410000 --a------ C:\WINDOWS\system32\perfh006.dat
2007-10-28 11:34:47 69974 --a------ C:\WINDOWS\system32\perfc006.dat
2007-10-23 23:21:44 0 d-------- C:\Programmer\MSN Messenger
2007-10-12 18:28:35 0 d-------- C:\Programmer\Bethesda Softworks
2007-10-10 16:33:10 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-03 19:34:44 0 d-------- C:\Programmer\Ground Control II
2007-10-03 15:50:50 0 d-------- C:\Programmer\Illusion Softworks


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766}]
17-11-2007 15:38 82496 --a------ C:\WINDOWS\system32\vmhgjyhp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Programmer\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04-08-2004 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 06:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [22-10-2006 12:22]
"nwiz"="nwiz.exe" [22-10-2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [22-10-2006 12:22]
"SoundMan"="SOUNDMAN.EXE" [21-06-2006 05:42 C:\WINDOWS\soundman.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19-07-2005 17:32]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [08-06-2005 15:24]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [08-06-2005 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [25-10-2007 17:20]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-05-2007 02:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [19-10-2007 20:16]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [02-11-2007 18:36]
"cc429608"="C:\WINDOWS\system32\manusalf.dll" [17-11-2007 17:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [27-08-2004 01:53]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [08-06-2005 14:44]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [19-01-2007 11:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [13-08-2007 15:01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-11-23 19:53:34 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:42, on 23-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: {6674d21f-0a5b-a57a-0bb4-f5cad3ae8600} - {0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766} - C:\WINDOWS\system32\vmhgjyhp.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cc429608] rundll32.exe "C:\WINDOWS\system32\manusalf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ad0ecc5bcbe84099a7ef653c4a4aa47a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ad0ecc5bcbe84099a7ef653c4a4aa47a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8858 bytes
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #17 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1

You asked me how the system is working. I took it step by step. First I closed down the PC after the HiJackThis, which was the last thing I did on the sick PC (the posting to Tech Support is done on a clean PC).

I restarted without the network cable plugged in and therefore no Internet. The boot ran with no problems and the subsequent Windows logon was problem free as well. No stupid ikons and no stupid messages.

Without doing anything else I plugged in the network cable. The MSN Messanger discovered it imideately although I am not logged in and Windows Firewall asks if I want the blocking of MSN Messanger. I chose to remove the blocking. Still nothing unexpected happened. No stupid ikons and no stupid messages.

I decided to start LimeWire as I know that is what my son will do as soon as I give him the "all clear". Right before I get to do this the Avast anti-virus balloons a message about an update, which is ok and normal. I check the Avast update message. Then I start LimeWire (versoin 4.14). I played different pieces of music and play a few minutes from a film. Everything worked normally. No stupid ikons and no stupid messages.

So I think it is time to declare victory ! :smile:

Regards,
Henrik Berg Andersen
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #19 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1

I ran the HiJackThis and checked the entries that you stated and removed them with the Fix Checked button.

The ComboFix was a problem. The link you supplied does link to a download of ComboFix.exe but it will not download correctly. All I get is a 0 kb file saved with the right name. In stead I looked at some of the other threads and found a recent link to a ComboFix download and got it that way. However, ComboFix freezes at "Deleting files..." and stay frozen. After 15 minutes of waiting I restarted the PC and tried again but the result was the same. So I cannot give you a CombiFix.txt file.

Below is the HiJackThis file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47, on 2007-12-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {6674d21f-0a5b-a57a-0bb4-f5cad3ae8600} - {0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766} - C:\WINDOWS\system32\vmhgjyhp.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmer\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmer\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?636ae23c2d9544bab9ad569ae2f4402a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?636ae23c2d9544bab9ad569ae2f4402a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8743 bytes
Regards,
Henrik Berg Andersen
 
1 - 13 of 13 Posts
Status
Not open for further replies.
Top