[desmareth]

I have followed a thread called Win Antivirus Pro 2006 (http://www.geekstogo...06-t123210.html) here in this forum to remove the virus from my computer. However, when I do the Panda scan I am encountered with several other spyware items and hacking tools, which I do not know how to remove safely.

I have read your instructions, but I am a little confused since they aren't completely the same as the thread above.

Can you help me? Thank you in advance.

[Buckeye_Sam]

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.
In order to help you we need to see what's running on your computer.

Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
  
• Doubleclick on the HJTsetup.exe icon on your desktop.
  
• By default it will install to C:\Program Files\Hijack This.
  
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  
• Put a check by Create a desktop icon then click Next again.
  
• Continue to follow the rest of the prompts from there.
  
• At the final dialogue box click Finish and it will launch Hijack This.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[desmareth]

Hi Sam,
And thank you very much for helping me. Since yesterday, I have run the program Spywarefighter, and I think it has deleted some of the bad files, however, not all of them. Here you have the log from Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 12:52:23, on 01-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\SEC\MagicTune 2.5\GammaTray.exe
C:\Programmer\PLANET WL-8310\WLANPRO.exe
C:\Programmer\PrintKey2000\Printkey2000.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {9C2ED72D-11CE-6C3D-BAC8-43B6D9E7299B} - C:\WINDOWS\system32\iywu.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmer\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmer\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmer\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mnx5bcae] RUNDLL32.EXE w191df84.dll,n 0025bcac0000000a191df84
O4 - HKLM\..\Run: [IpWins] C:\Programmer\ipwins\ipwins.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spfprc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Odaa] "C:\DOCUME~1\Sofie\DOKUME~1\RACLE~1\ati2evxx.exe" -vt yax
O4 - HKCU\..\Run: [05a7652b.exe] C:\Documents and Settings\Sofie\Lokale indstillinger\Application Data\05a7652b.exe
O4 - HKCU\..\Run: [fmqw] C:\PROGRA~1\FLLESF~1\fmqw\fmqwm.exe
O4 - HKCU\..\Run: [Ydba] C:\WINDOWS\STEM~1\NTEPAD~1.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PLANET WL-8310 Configuration Utility.lnk = ?
O4 - Global Startup: Printkey2000.lnk = C:\Programmer\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.jcash.biz/l/7de966957480882289...384c835b_13.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...436342D2D2D.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.....cab?refid=1123
O16 - DPF: {92DC836E-F1F7-4FCC-B550-99A0DDA47557} (SuperOffice DocumentHandler Class) - http://212.130.1.158/cab/SoDwa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wuauboot.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kZXJz\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe

Looking forward to your reply :-)

[Buckeye_Sam]

I need to see a different type of log from Hijackthis

• Run Hijackthis.
  
• Click on "Open the Misc Tools section".
  
• Next click on "Open uninstall manager".
  
• Press the button 'save list'. It will open a Notepad file.
  
• Place the content of that file here in your in your next reply.

[desmareth]

The notepad file does not open, I have tried several times. Maybe I should download the program again?

[desmareth]

I have just uninstalled the program and installed it again with no result.
I still get a lot of anoying pop ups, so I definitely haven't fixed the problem with Spywarefighter.

[Buckeye_Sam]

Oh yes, you still have a lot of problems showing up in your log.

Let's get the info we need a different way.

Open notepad and copy and paste this text in it:

if exist %systemdrive%\look.txt del %systemdrive%\look.txt
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" >> %systemdrive%\look.txt
cd\
cd %appdata%
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %allusersprofile%\Application Data
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %ProgramFiles%
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %ProgramFiles%\Common Files
dir /ad /o:-d /p >> %systemdrive%\look.txt
start notepad %systemdrive%\look.txt

Save this as look.bat
Change the "Save As Type" to "All Files" and save it on your desktop.
Doubleclick look.bat and post the content of the txtfile you get in your next reply.

[desmareth]

Here you have the file:
! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
<Ikke-navngivet> REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AP Guitar Tuner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASUS Probe V2.23.03

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cowabanga

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CutePDF Writer Installation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{584267B8-0BB0-4D18-9FFA-726576619E9A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873339

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885250

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885835

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885836

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885884

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886185

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887472

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887742

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887797

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888302

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890046

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891781

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893756

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB894391

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896358

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896422

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896423

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896424

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896428

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896688

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898461

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899587

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899591

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900485

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900725

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900930

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901017

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901214

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902400

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB904706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905414

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905749

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905915

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908519

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908531

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB909520

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB910437

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911280

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911567

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911927

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB912812

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB912919

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913446

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913580

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914388

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB916281

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB916595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917159

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917283.T1_1ToU93_1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP10

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917953

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB918439

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M886903

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Macromedia Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (1.5.0.3)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picasa2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PitchPerfect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrintKey2000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TDC CSP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinGimp-2.0_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinGTK-2_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0456ebd7-5f67-4ab6-852e-63781e3f389c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0837A661-FEC3-48B3-876C-91E7D32048A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1898B8E5-43E2-4BCA-AD6A-B9FBE0C93F84}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C04D433-2EDF-4AFB-B31B-C0B13065092F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D171963-9063-4423-898B-8EC4F1F190B7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{236BB7C4-4419-42FD-0409-1E257A25E34D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2CFECCAA-8CB0-459B-9636-40430DBC8951}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{50D4CB89-AF34-4978-96DC-C3034062E901}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{584267B8-0BB0-4D18-9FFA-726576619E9A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59C4F14F-7590-45FC-BE9F-A67AB3590709}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B35C417-2649-11D6-83D1-0050FC01225C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{786C5747-1033-0000-B58E-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F04B272-E0DD-47E7-8B55-D97483DB0EBD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{833532AC-485E-484F-A307-2AB18F5F2A57}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85DF2C7E-183B-4153-9B89-36D0E239E2CB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90110406-6000-11D3-8CFE-0050048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90B5E602-1867-449D-86FD-FC9DEA4434BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929408E6-D265-4174-805F-81D1D914E2A4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94E4FBD6-540C-4DB6-A469-B1FA248DA33E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{973F8409-F8DA-4A40-ACB4-12B02F3399D7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A70500000002}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74D4E10-1033-0000-0000-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEF17411-8BB9-48D0-A124-7CD41FE46DCB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D4C59A40-378A-4546-9ADE-984EB6FA72D3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E10A4702-03EB-11DA-BFBD-00065BBDC0B5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9787678-1033-0000-8E67-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Disken i drev C har ikke noget navn.
Diskens serienummer er 6C46-5D55

Indhold af C:\Documents and Settings\Sofie\Application Data

01-08-2006 16:17 <DIR> Adobe
01-08-2006 15:52 <DIR> ..
01-08-2006 15:52 <DIR> .
01-08-2006 15:52 <DIR> s?curity
01-08-2006 09:29 <DIR> PC Tools
31-07-2006 19:23 <DIR> Lavasoft
31-07-2006 17:59 <DIR> AdobeUM
24-06-2006 11:37 <DIR> Microsoft
21-03-2006 12:20 <DIR> Cryptomathic
16-03-2006 16:01 <DIR> Macromedia
11-01-2006 21:21 <DIR> Ahead
22-12-2005 14:56 <DIR> Sun
01-12-2005 11:42 <DIR> PDFCreator
01-12-2005 01:06 <DIR> Mozilla
01-12-2005 01:06 <DIR> Identities
0 fil(er) 0 byte
15 mappe® 87.546.343.424 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 6C46-5D55

Indhold af C:\Documents and Settings\All Users\Application Data

01-08-2006 16:10 <DIR> ..
01-08-2006 16:10 <DIR> Adobe Systems
01-08-2006 16:10 <DIR> .
31-07-2006 19:23 <DIR> Microsoft
31-07-2006 15:52 <DIR> Adobe
08-04-2006 15:31 <DIR> Apple Computer
25-01-2006 12:00 <DIR> CyberLink
08-12-2005 20:45 <DIR> Skype
05-12-2005 12:17 <DIR> FirstClass
01-12-2005 12:55 <DIR> Windows Genuine Advantage
01-12-2005 11:37 <DIR> Macromedia
30-11-2005 21:35 <DIR> Symantec
0 fil(er) 0 byte
12 mappe® 87.546.343.424 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 6C46-5D55

Indhold af C:\Programmer

02-08-2006 08:15 <DIR> ipwins
01-08-2006 21:15 <DIR> Hijackthis
01-08-2006 21:14 <DIR> ..
01-08-2006 21:14 <DIR> .
01-08-2006 20:59 <DIR> Cowabanga
01-08-2006 13:00 <DIR> Mozilla Firefox
01-08-2006 11:05 <DIR> Spyware Doctor
01-08-2006 11:03 <DIR> ToolBar888
01-08-2006 11:03 <DIR> Network Monitor
01-08-2006 09:32 <DIR> SPYWAREfighter
01-08-2006 09:30 <DIR> F‘lles filer
31-07-2006 19:23 <DIR> Lavasoft
31-07-2006 18:25 <DIR> Symantec AntiVirus
31-07-2006 18:25 <DIR> QuickTime
31-07-2006 18:24 <DIR> PrintKey2000
31-07-2006 18:24 <DIR> PLANET WL-8310
31-07-2006 18:24 <DIR> MSN Messenger
31-07-2006 18:23 <DIR> Messenger
31-07-2006 18:21 <DIR> iTunes
31-07-2006 18:21 <DIR> Internet Explorer
31-07-2006 15:56 <DIR> Adobe
31-07-2006 15:54 <DIR> InetGet2
15-07-2006 08:19 <DIR> NCH Swift Sound
18-06-2006 20:48 <DIR> Hewlett-Packard
18-06-2006 20:47 <DIR> Zero G Registry
18-06-2006 20:46 <DIR> HP
06-06-2006 14:11 <DIR> GIMP-2.0
02-06-2006 14:10 <DIR> Ubisoft
02-06-2006 14:09 <DIR> InstallShield Installation Information
21-05-2006 17:40 <DIR> GPLGS
21-05-2006 14:25 <DIR> Acro Software
09-05-2006 12:58 <DIR> TDC
04-05-2006 13:53 <DIR> Doom 3
17-04-2006 19:52 <DIR> Outlook Express
08-04-2006 15:31 <DIR> iPod
12-03-2006 10:43 <DIR> Audio Phonics, Inc
12-03-2006 10:26 <DIR> VIA
16-02-2006 11:08 <DIR> Windows Media Player
25-01-2006 12:00 <DIR> CyberLink
22-12-2005 14:55 <DIR> Java
13-12-2005 15:24 <DIR> Japan Photo
13-12-2005 15:20 <DIR> Picasa2
08-12-2005 20:45 <DIR> Skype
05-12-2005 12:17 <DIR> FirstClass
01-12-2005 14:47 <DIR> Windows Media Connect 2
01-12-2005 14:41 <DIR> HighMAT CD Writing Wizard
01-12-2005 11:42 <DIR> PDFCreator
01-12-2005 11:36 <DIR> Macromedia
01-12-2005 01:01 <DIR> Electronic Arts
01-12-2005 01:00 <DIR> PIXELA
01-12-2005 00:46 <DIR> Microsoft Visual Studio
01-12-2005 00:46 <DIR> Microsoft Office
30-11-2005 22:00 <DIR> EA GAMES
30-11-2005 21:56 <DIR> KiSS Technology
30-11-2005 21:47 <DIR> SEC
30-11-2005 21:37 <DIR> Ahead
30-11-2005 21:35 <DIR> Symantec
30-11-2005 21:17 <DIR> ASUS
30-11-2005 21:08 <DIR> Creative
30-11-2005 21:04 <DIR> Uninstall Information
30-11-2005 21:00 <DIR> xerox
30-11-2005 21:00 <DIR> microsoft frontpage
30-11-2005 20:58 <DIR> WindowsUpdate
30-11-2005 20:58 <DIR> Onlinetjenester
30-11-2005 20:58 <DIR> NetMeeting
30-11-2005 20:57 <DIR> Movie Maker
30-11-2005 20:57 <DIR> ComPlus Applications
30-11-2005 20:56 <DIR> MSN Gaming Zone
30-11-2005 20:56 <DIR> Windows NT
0 fil(er) 0 byte
69 mappe® 87.546.339.328 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 6C46-5D55

Indhold af C:\Programmer

02-08-2006 08:15 <DIR> ipwins
01-08-2006 21:15 <DIR> Hijackthis
01-08-2006 21:14 <DIR> ..
01-08-2006 21:14 <DIR> .
01-08-2006 20:59 <DIR> Cowabanga
01-08-2006 13:00 <DIR> Mozilla Firefox
01-08-2006 11:05 <DIR> Spyware Doctor
01-08-2006 11:03 <DIR> ToolBar888
01-08-2006 11:03 <DIR> Network Monitor
01-08-2006 09:32 <DIR> SPYWAREfighter
01-08-2006 09:30 <DIR> F‘lles filer
31-07-2006 19:23 <DIR> Lavasoft
31-07-2006 18:25 <DIR> Symantec AntiVirus
31-07-2006 18:25 <DIR> QuickTime
31-07-2006 18:24 <DIR> PrintKey2000
31-07-2006 18:24 <DIR> PLANET WL-8310
31-07-2006 18:24 <DIR> MSN Messenger
31-07-2006 18:23 <DIR> Messenger
31-07-2006 18:21 <DIR> iTunes
31-07-2006 18:21 <DIR> Internet Explorer
31-07-2006 15:56 <DIR> Adobe
31-07-2006 15:54 <DIR> InetGet2
15-07-2006 08:19 <DIR> NCH Swift Sound
18-06-2006 20:48 <DIR> Hewlett-Packard
18-06-2006 20:47 <DIR> Zero G Registry
18-06-2006 20:46 <DIR> HP
06-06-2006 14:11 <DIR> GIMP-2.0
02-06-2006 14:10 <DIR> Ubisoft
02-06-2006 14:09 <DIR> InstallShield Installation Information
21-05-2006 17:40 <DIR> GPLGS
21-05-2006 14:25 <DIR> Acro Software
09-05-2006 12:58 <DIR> TDC
04-05-2006 13:53 <DIR> Doom 3
17-04-2006 19:52 <DIR> Outlook Express
08-04-2006 15:31 <DIR> iPod
12-03-2006 10:43 <DIR> Audio Phonics, Inc
12-03-2006 10:26 <DIR> VIA
16-02-2006 11:08 <DIR> Windows Media Player
25-01-2006 12:00 <DIR> CyberLink
22-12-2005 14:55 <DIR> Java
13-12-2005 15:24 <DIR> Japan Photo
13-12-2005 15:20 <DIR> Picasa2
08-12-2005 20:45 <DIR> Skype
05-12-2005 12:17 <DIR> FirstClass
01-12-2005 14:47 <DIR> Windows Media Connect 2
01-12-2005 14:41 <DIR> HighMAT CD Writing Wizard
01-12-2005 11:42 <DIR> PDFCreator
01-12-2005 11:36 <DIR> Macromedia
01-12-2005 01:01 <DIR> Electronic Arts
01-12-2005 01:00 <DIR> PIXELA
01-12-2005 00:46 <DIR> Microsoft Visual Studio
01-12-2005 00:46 <DIR> Microsoft Office
30-11-2005 22:00 <DIR> EA GAMES
30-11-2005 21:56 <DIR> KiSS Technology
30-11-2005 21:47 <DIR> SEC
30-11-2005 21:37 <DIR> Ahead
30-11-2005 21:35 <DIR> Symantec
30-11-2005 21:17 <DIR> ASUS
30-11-2005 21:08 <DIR> Creative
30-11-2005 21:04 <DIR> Uninstall Information
30-11-2005 21:00 <DIR> xerox
30-11-2005 21:00 <DIR> microsoft frontpage
30-11-2005 20:58 <DIR> WindowsUpdate
30-11-2005 20:58 <DIR> Onlinetjenester
30-11-2005 20:58 <DIR> NetMeeting
30-11-2005 20:57 <DIR> Movie Maker
30-11-2005 20:57 <DIR> ComPlus Applications
30-11-2005 20:56 <DIR> MSN Gaming Zone
30-11-2005 20:56 <DIR> Windows NT
0 fil(er) 0 byte
69 mappe® 87.546.335.232 byte ledig

[Buckeye_Sam]

Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

Cowabanga
IpWins
ToolBar888
TSA
YazzleActiveX



Download and run this uninstaller:
http://www.outerinfo...Uninstaller.exe

Reboot when it finishes.



Post a new hijackthis log.

[desmareth]

I have followed the instructions, here you have the log:

Logfile of HijackThis v1.99.1
Scan saved at 13:09:02, on 03-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\SEC\MagicTune 2.5\GammaTray.exe
C:\Programmer\PLANET WL-8310\WLANPRO.exe
C:\Programmer\PrintKey2000\Printkey2000.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.desmareth-rieck.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Programmer\Safety Bar\Safety Bar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmer\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmer\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mnx5bcae] RUNDLL32.EXE w191df84.dll,n 0025bcac0000000a191df84
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spfprc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [05a7652b.exe] C:\Documents and Settings\Sofie\Lokale indstillinger\Application Data\05a7652b.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PLANET WL-8310 Configuration Utility.lnk = ?
O4 - Global Startup: Printkey2000.lnk = C:\Programmer\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.jcash.biz/l/7de966957480882289...384c835b_13.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...436342D2D2D.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1123
O16 - DPF: {92DC836E-F1F7-4FCC-B550-99A0DDA47557} (SuperOffice DocumentHandler Class) - http://212.130.1.158/cab/SoDwa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\services.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kZXJz\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe

[Buckeye_Sam]

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [mnx5bcae] RUNDLL32.EXE w191df84.dll,n 0025bcac0000000a191df84
O4 - HKCU\..\Run: [05a7652b.exe] C:\Documents and Settings\Sofie\Lokale indstillinger\Application Data\05a7652b.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.jcash.bi...384c835b_13.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...436342D2D2D.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1123
O16 - DPF: {92DC836E-F1F7-4FCC-B550-99A0DDA47557} (SuperOffice DocumentHandler Class) - http://212.130.1.158/cab/SoDwa.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\services.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kZXJz\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)


===============



Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  
• Once the setup is complete you will need run Ewido and update the definition files.
  
• On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  
  
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  
• Under "Reports"
  • Select "Automatically generate report after every scan"
    
  • Un-Select "Only if threats were found"

Close Ewido anti-spyware, Do Not run a scan just yet, we will shortly.

• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
  
• Delete these files:
  
  C:\Documents and Settings\Sofie\Lokale indstillinger\Application Data\05a7652b.exe
  C:\WINDOWS\system32\services.dll
  C:\WINDOWS\system32\05a7652b.exe
  
  
  
• Clean out your Temporary Internet files
  • Quit Internet Explorer and quit any instances of Windows Explorer.
    
  • Click Start -> Control Panel and then double-click Internet Options.
    
  • On the General tab, click Delete Files under Temporary Internet Files.
    
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    
  • Click OK.
  
  
  IMPORTANT: Close all windows and do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:
  
  
  
• Lauch Ewido-anti-spyware by double-clicking the icon on your desktop.
  
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  
• Ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
  
• If you have any infections you will prompted, then select "Apply all actions"
  
• Next select the "Reports" icon at the top.
  
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  
• Close Ewido and reboot your system back into Normal Mode and post the results of the Ewido scan report along with a new Hijackthis log.

[desmareth]

I encountered some problems.

It was not possible to delete this file:
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kZXJz\command.exe (file missing)

And these to:
C:\Documents and Settings\Sofie\Lokale indstillinger\Application Data\05a7652b.exe
C:\WINDOWS\system32\05a7652b.exe

Here you have the Hijack file after the scan and all:

Logfile of HijackThis v1.99.1
Scan saved at 21:21:55, on 05-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\Programmer\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\SEC\MagicTune 2.5\GammaTray.exe
C:\Programmer\PLANET WL-8310\WLANPRO.exe
C:\Programmer\PrintKey2000\Printkey2000.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmer\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmer\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spfprc.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PLANET WL-8310 Configuration Utility.lnk = ?
O4 - Global Startup: Printkey2000.lnk = C:\Programmer\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kZXJz\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe


Here you have the Evido report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:13:53 05-08-2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{052b12f7-86fa-4921-8482-26c42316b522} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-583907252-1343024091-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-583907252-1343024091-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mnx5bcae.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-583907252-1343024091-839522115-1005\Dc87.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vumcuv.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Оracle\ѕervices.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\S16ZGD2J\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Sofie\Lokale indstillinger\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win102.tmp.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.aby : Cleaned with backup (quarantined).
C:\WINDOWS\system32\issearch.exe -> Downloader.Zlob.acg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ixt0.dll -> Downloader.Zlob.acg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.yj : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Lokale indstillinger\Temporary Internet Files\Content.IE5\9RFJPX8E\f[1].htm.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\LOKALE~1\TEMPOR~1\Content.IE5\9RFJPX8E\F_1_~1.HTM -> Not-A-Virus.Exploit.JS.CVE20051790.d : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@247realmedia[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO997B~1.TXT -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.8:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Cookies\ejer@2o7[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\Cookies\EJER@2~2.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Cookies\ejer@microsofteup.112.2o7[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\Cookies\EJER@M~1.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Cookies\ejer@microsoftwga.112.2o7[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\Cookies\EJC3D0~1.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@2o7[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO2C9B~1.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.Adtech : Error during cleaning.
:mozilla.47:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.Adtech : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Cookies\ejer@adtech[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\Cookies\EJER@A~2.TXT -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@adtech[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO7356~1.TXT -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.66:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.67:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.68:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.69:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@advertising[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO5684~1.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.24:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Cookies\ejer@atdmt[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\Cookies\EJER@A~3.TXT -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@atdmt[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO8F5E~1.TXT -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@burstnet[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOCE7A~1.TXT -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@casalemedia[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO8164~1.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@clickbank[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO4C1F~1.TXT -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.71:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Cookies\ejer@doubleclick[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\Cookies\EJER@D~1.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@doubleclick[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOFIE@~4.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.16:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.17:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.18:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.19:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.20:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.21:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.23:F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Application Data\Mozilla\Firefox\Profiles\kw8p1ow5.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\APPLIC~1\Mozilla\Firefox\Profiles\KW8P1O~1.DEF\cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@as-us.falkag[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO2E37~1.TXT -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@as1.falkag[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOFFB5~1.TXT -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@sel.as-eu.falkag[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOADAE~1.TXT -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@sel.as-us.falkag[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO6DA7~1.TXT -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.56:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@hitbox[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO41A4~1.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@phg.hitbox[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO3AE9~1.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@server.iad.liveperson[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO71D6~1.TXT -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.45:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Masterstats : Error during cleaning.
:mozilla.46:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@mediaplex[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO4C19~1.TXT -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@overture[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO1A24~1.TXT -> TrackingCookie.Overture : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@paypopup[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOCFCC~1.TXT -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@ads.pointroll[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO2BD3~1.TXT -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@questionmarket[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOE7E1~1.TXT -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.11:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning.
:mozilla.12:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning.
:mozilla.13:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning.
:mozilla.14:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning.
:mozilla.15:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning.
:mozilla.16:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning.
:mozilla.19:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
:mozilla.20:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@counter3.sextracker[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOBD20~1.TXT -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@sextracker[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO8CC4~1.TXT -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.6:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@statcounter[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO1889~1.TXT -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@tacoda[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOB019~1.TXT -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@targetnet[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOAC9C~1.TXT -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.23:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Tradedoubler : Error during cleaning.
:mozilla.25:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Tradedoubler : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@tradedoubler[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO9904~1.TXT -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@trafic[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOB457~1.TXT -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Cookies\ejer@tribalfusion[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\Cookies\EJER@T~1.TXT -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@tribalfusion[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOD9B7~1.TXT -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@statse.webtrendslive[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SO0696~1.TXT -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.27:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.28:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.31:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.32:F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\bcfsr3wm.default\cookies.txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\APPLIC~1\Mozilla\Firefox\Profiles\BCFSR3~1.DEF\cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
F:\20060405_145200_Ejer\C\Documents and Settings\Sofie\Cookies\sofie@ad.yieldmanager[2].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Sofie\Cookies\SOF2F0~1.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\20060405_145200_Ejer\C\Documents and Settings\Ejer\Cookies\ejer@zedo[1].txt.nco/20060405_145200_Ejer\C\DOCUME~1\Ejer\Cookies\EJER@Z~1.TXT -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

That should be it I really hope I never experience this again... and thanks for your help again!

[Buckeye_Sam]

Let's take of the ones that you had problems with.

Click Start > Run and type these commands hitting enter after each one:

sc stop cmdService

sc delete cmdService


===============



Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
  
• Please double-click Killbox.exe to run it.
  
• Select:
  • Delete on Reboot
    
  • then Click on the All Files button.
  
  
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  
  C:\Documents and Settings\Sofie\Lokale indstillinger\Application Data\05a7652b.exe
  C:\WINDOWS\system32\05a7652b.exe
  
  
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
  
  If your computer does not restart automatically, please restart it manually.
  
  
  
• After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  
• Post this log in your next reply.

=================




Download SmitfraudFix (by S!Ri) to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log.

[desmareth]

The promt 'PendingFileRenameOperations' popped up on my screen and I answered 'yes'. And I restarted manually.

Here you have the log from Killbox:

Pocket Killbox version
Running on Windows XP as Sofie(Administrator)
was started @ søndag, august 06, 2006, 9:59 AM

# 1 [Delete on Reboot]
Path = C:\Documents and Settings\Sofie\Lokale indstillinger\Application Data\05a7652b.exe, C:\WINDOWS\system32\05a7652b.exe


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 10:04:31 AM
# 2 [Delete on Reboot]
Path = C:\Documents and Settings\Sofie\Lokale indstillinger\Application Data\05a7652b.exe, C:\WINDOWS\system32\05a7652b.exe


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 10:04:51 AM
Killbox Closed(Exit) @ 10:04:56 AM
__________________________________________________


And here is the report from Smitfraud:

SmitFraudFix v2.76

Scan done at 10:19:53,84, 06-08-2006
Run from C:\Documents and Settings\Sofie\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\isnotify.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sofie\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sofie\FORETR~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[Buckeye_Sam]

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


1. Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
  
• Wait 30 seconds, and then turn the computer on.
  
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  
• Ensure that the Safe Mode option is selected.
  
• Press Enter. The computer then begins to start in Safe mode.
  
• Login on your usual account.

2. Run Smitfraud

• Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
  
• Select option #2 - Clean by typing 2 and press Enter.
  
• Wait for the tool to complete and disk cleanup to finish.
  
• You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
  
• The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
  
  
  A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
  
  The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

3. Clean out your Temporary Internet files

• Quit Internet Explorer and quit any instances of Windows Explorer.
  
• Click Start -> Control Panel and then double-click Internet Options.
  
• On the General tab, click Delete Files under Temporary Internet Files.
  
• In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  
• On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  
• Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  
• Click OK.

4. Next Click Start -> Control Panel and then double-click Display.

• Click on the Desktop tab, then click the Customize Desktop button.
  
• Click on the Web tab.
  
• Under Web Pages you may see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button.
  
• Click Ok then Apply and Ok.

5. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


6. Lauch Ewido-Anti-spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.



• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  
• Ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
  
• If you have any infections you will prompted, then select "Apply all actions"
  
• Next select the "Reports" icon at the top.
  
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  
• Close Ewido.

7. Reboot back into Normal Windows Mode


8. Run SmitfraudFix.

• Open the SmitfraudFix folder and double-click smitfraudfix.cmd
  
• Select option #3 - Delete Trusted zone by typing 3 and press Enter
  
  
  Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

9.Please Post the following logs:

• c:\rapport.txt
  
• Ewido log
  
• A new HijackThis log

You may need several replies to post the requested logs, otherwise they might get cut off.