Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32:[email protected] trouble [RESOLVED]


  • This topic is locked This topic is locked

#16
bentzilmer

bentzilmer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The system is running as it is supposed to, but avast found another vundo after my last restart. I moved it to the virus chest.
c:\windows\system32\hggvsmgy.dll

Otherwise it is all good.
  • 0

Advertisements


#17
bentzilmer

bentzilmer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Avast found a vundo in hggvsmgy.dll, I moved it to the chest. Otherwise it is all good.

Edited by bentzilmer, 24 May 2008 - 03:48 AM.

  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there is something somewhere hidden. And we need to find it

Please Download Avast Rootkit Cleaner to your desktop

Close all running programmes

Run the ASWAR file and select Scan Now


On completion of the scan you will then have this screen up



Now close the programme and on the desktop will be a text file called ASWAR please post that. Do not fix anything yet

The programme will take from 3 to 5 minutes to run.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Logs required : ASWAR and DSS Main and Extra
  • 0

#19
bentzilmer

bentzilmer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here's the aswar file. It didn't find anything, but I'll try the other programme now.

avast! Antirootkit, version 0.9.6
Scan started: 24. maj 2008 11:57:05


Scan finished: 24. maj 2008 12:02:14
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------
  • 0

#20
bentzilmer

bentzilmer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here's my main end extra log:

Deckard's System Scanner v20071014.68
Run by Bent on 2008-05-24 12:04:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-05-24 09:39:10 UTC - RP103 - Planlagt kontrolpunkt
2: 2008-05-23 12:58:44 UTC - RP102 - Removed Frontlines: Fuel of War
1: 2008-05-23 08:00:50 UTC - RP100 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Bent.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:59, on 24-05-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Bent\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jp.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7796 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080522-111515-394 O2 - BHO: (no name) - {CDB00C98-D467-4B3D-A735-433EECF0BD1C} - C:\Windows\system32\vtuVPjHw.dll (file missing)
backup-20080522-111515-560 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBqRjKB.dll,#1
backup-20080522-111515-577 O2 - BHO: {d923e1ae-144e-7a8b-7534-389213d11b5d} - {d5b11d31-2983-4357-b8a7-e441ea1e329d} - C:\Windows\system32\dabdxfpk.dll (file missing)
backup-20080522-111515-955 O4 - HKLM\..\Run: [BM38bbed8b] Rundll32.exe "C:\Windows\system32\pgimdwhy.dll",s

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 RivaTuner32 - \??\c:\program files\rivatuner v2.09\rivatuner32.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DpHost (Biometric Authentication Service) - c:\program files\digitalpersona\bin\dphostw.exe <Not Verified; DigitalPersona, Inc.; DigitalPersona Pro for Active Directory>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>

S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-24 11:49:23 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{B414613E-EE91-4E26-84CD-7395231C5DBE}.job
2008-05-17 20:59:00 268 --a------ C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-04-27 20:53:45 390 --a------ C:\Windows\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-04-24 and 2008-05-24 -----------------------------

2008-05-23 22:26:49 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-23 22:26:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 22:34:08 0 d-------- C:\Program Files\RivaTuner v2.09
2008-05-22 21:44:10 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-22 20:12:17 215144 --a------ C:\Windows\patchw32.dll
2008-05-22 11:25:53 68096 --a------ C:\Windows\zip.exe
2008-05-22 11:25:53 49152 --a------ C:\Windows\VFind.exe
2008-05-22 11:25:53 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-22 11:25:53 98816 --a------ C:\Windows\sed.exe
2008-05-22 11:25:53 80412 --a------ C:\Windows\grep.exe
2008-05-22 11:25:53 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-22 11:25:43 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-21 21:37:20 0 d-------- C:\VundoFix Backups
2008-05-21 21:22:35 0 d-------- C:\Program Files\Trend Micro
2008-05-21 21:08:05 0 d-------- C:\Program Files\Enigma Software Group
2008-05-18 19:36:41 0 d-------- C:\Windows\system32\AGEIA
2008-05-18 19:36:39 0 d-------- C:\Program Files\AGEIA Technologies
2008-05-18 19:36:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 19:35:12 0 d-------- C:\Users\All Users\THQ
2008-05-18 19:04:48 0 d-------- C:\Program Files\THQ
2008-05-16 20:55:46 0 d-------- C:\Program Files\Electronic Arts
2008-05-16 20:37:47 0 d-------- C:\Users\Bent\NFS-Prostrett
2008-05-01 19:42:34 0 d-------- C:\Program Files\Sydbank
2008-04-27 19:44:07 0 d-------- C:\Users\Bent\Redder
2008-04-27 19:38:11 0 d-------- C:\Program Files\unisecur
2008-04-27 14:48:35 0 d-------- C:\Program Files\Yamicsoft
2008-04-27 14:38:05 0 d-------- C:\Program Files\VistaCodecPack
2008-04-27 14:33:15 0 d-------- C:\Program Files\SystemRequirementsLab
2008-04-27 14:30:24 0 d-------- C:\NVIDIA


-- Find3M Report ---------------------------------------------------------------

2008-05-24 10:34:17 194788 --a------ C:\Users\Bent\AppData\Roaming\nvModes.001
2008-05-23 22:27:00 0 d-------- C:\Users\Bent\AppData\Roaming\Malwarebytes
2008-05-23 15:49:31 0 d-------- C:\Users\Bent\AppData\Roaming\Azureus
2008-05-23 15:48:20 194788 --a------ C:\Users\Bent\AppData\Roaming\nvModes.dat
2008-05-23 14:59:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-18 19:36:27 0 d-------- C:\Program Files\Common Files
2008-05-16 13:37:17 463268 --a------ C:\Windows\system32\perfh006.dat
2008-05-16 13:37:17 77202 --a------ C:\Windows\system32\perfc006.dat
2008-05-13 20:51:06 0 d-------- C:\Program Files\Windows Mail
2008-04-27 21:04:05 0 d-------- C:\Users\Bent\AppData\Roaming\Uniblue
2008-04-27 20:30:21 0 d-------- C:\Users\Bent\AppData\Roaming\Real
2008-04-27 14:39:32 0 d-------- C:\Users\Bent\AppData\Roaming\SeriousBit
2008-04-27 14:37:22 0 d-------- C:\Program Files\DivX
2008-04-25 20:25:33 0 d-------- C:\Users\Bent\AppData\Roaming\dvdcss
2008-04-23 11:13:25 174 --ahs---- C:\Program Files\desktop.ini
2008-04-23 11:05:22 0 d-------- C:\Program Files\Windows Sidebar
2008-04-23 11:05:22 0 d-------- C:\Program Files\Windows Calendar
2008-04-23 11:05:22 0 d-------- C:\Program Files\Movie Maker
2008-04-23 11:05:21 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-23 11:05:21 0 d-------- C:\Program Files\Windows Journal
2008-04-23 11:05:21 0 d-------- C:\Program Files\Windows Collaboration
2008-04-23 11:05:18 0 d-------- C:\Program Files\Windows Defender
2008-04-22 21:58:49 0 d-------- C:\Users\Bent\AppData\Roaming\Skype
2008-04-22 21:31:48 0 d-------- C:\Users\Bent\AppData\Roaming\skypePM
2008-04-20 17:38:35 0 d-------- C:\Program Files\QuickTime
2008-04-20 13:14:25 0 d-------- C:\Users\Bent\AppData\Roaming\Adobe
2008-04-20 13:14:20 0 d-------- C:\Program Files\FLV Player
2008-04-20 13:12:31 0 d-------- C:\Users\Bent\AppData\Roaming\vlc
2008-04-20 13:12:08 0 d-------- C:\Program Files\VideoLAN
2008-04-18 11:43:01 0 d-------- C:\Program Files\Common Files\Real
2008-04-18 11:03:01 0 d-------- C:\Program Files\Azureus
2008-04-17 19:55:49 0 d-------- C:\Users\Bent\AppData\Roaming\Google
2008-04-17 19:34:51 0 d-------- C:\Program Files\Skype
2008-04-17 19:34:47 0 d-------- C:\Program Files\Common Files\Skype
2008-04-17 08:11:40 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-14 08:23:26 0 d-------- C:\Program Files\Java
2008-04-13 10:44:34 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-09 09:28:00 0 d-------- C:\Users\Bent\AppData\Roaming\Ubisoft
2008-04-09 09:10:44 0 d-------- C:\Program Files\Ubisoft
2008-04-09 09:10:29 0 d-------- C:\Users\Bent\AppData\Roaming\InstallShield
2008-04-08 23:17:29 0 d-------- C:\Program Files\Alwil Software
2008-04-08 23:13:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-08 20:30:14 0 d-------- C:\Program Files\MegaSpoof
2008-04-08 12:56:50 0 d-------- C:\Users\Bent\AppData\Roaming\CyberLink
2008-04-08 12:21:20 0 d-------- C:\Users\Bent\AppData\Roaming\HP
2008-04-07 19:57:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-07 19:46:40 0 d-------- C:\Program Files\Windows Live
2008-04-07 19:45:53 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 17:19:34 0 d-------- C:\Program Files\Microsoft Works
2008-04-06 22:17:57 0 d-------- C:\Users\Bent\AppData\Roaming\DivX
2008-04-06 20:26:35 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-04-06 19:10:56 0 d-------- C:\Program Files\CONEXANT
2008-04-06 17:59:09 0 d-------- C:\Users\Bent\AppData\Roaming\DAEMON Tools Pro
2008-04-06 17:13:40 0 d-------- C:\Program Files\Microsoft.NET
2008-04-06 16:53:51 0 d-------- C:\Program Files\Gabest
2008-04-06 16:37:18 0 d-------- C:\Users\Bent\AppData\Roaming\Symantec
2008-04-06 16:36:51 0 d-------- C:\Users\Bent\AppData\Roaming\DigitalPersona
2008-04-06 16:36:35 0 d-------- C:\Users\Bent\AppData\Roaming\Identities
2008-04-06 16:36:23 81 --a------ C:\Windows\system32\LOG
2008-04-06 16:34:26 0 d-------- C:\Users\Bent\AppData\Roaming\Macromedia
2008-04-06 16:33:48 0 d-------- C:\Users\Bent\AppData\Roaming\Hewlett-Packard
2008-04-06 16:33:46 0 dr------- C:\Program Files\Online Services
2008-04-06 16:28:31 0 d-------- C:\Program Files\HPQ
2008-04-06 16:28:26 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-06 16:27:58 0 d-------- C:\Program Files\HP
2008-04-06 16:26:24 0 d-------- C:\Users\Bent\AppData\Roaming\Macrovision
2008-03-29 01:41:32 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-03-07 00:29:44 966656 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15-09-2007 10:29]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [01-10-2007 05:34]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [20-09-2007 00:31]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [04-09-2007 23:54]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [17-08-2007 09:13]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [20-09-2007 21:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19-01-2008 09:38]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [13-09-2007 18:47]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [09-01-2007 01:53]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16-02-2005 23:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16-05-2008 01:19]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [19-09-2007 22:05]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [19-09-2007 22:05]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [19-09-2007 22:05]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [18-01-2008 19:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19-01-2008 09:33]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [30-03-2007 01:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"PromptOnSecureDesktop"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a6a441f-03ef-11dd-8337-001e681dc1b9}]
AutoRun\command- H:\Autorun.exe

*Newly Created Service* - ASWARKRN

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-24 12:07:21 ------------

Extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: Other (0406) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 3070.23 MiB / 1866.96 MiB
Pagefile Memory (total/avail): 7993.22 MiB / 6931.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1892.35 MiB

C: is Fixed (NTFS) - 223.07 GiB total, 117.74 GiB free.
D: is Fixed (NTFS) - 9.81 GiB total, 2.91 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HM250JI ATA Device - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 223.07 GiB - C:
\PARTITION1 - Installable File System - 9.81 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1201 [VPS 080523-0] v4.8.1201 (ALWIL Software)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1201 [VPS 080523-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Bent\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BENT-B’RBAR
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Bent
LOCALAPPDATA=C:\Users\Bent\AppData\Local
LOGONSERVER=\\BENT-B’RBAR
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\CyberLink\Power2Go
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Bent\AppData\Local\Temp
TMP=C:\Users\Bent\AppData\Local\Temp
USERDOMAIN=Bent-B‘rbar
USERNAME=Bent
USERPART=E:
USERPROFILE=C:\Users\Bent
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Bent (admin)
Maria


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
--> MsiExec /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0406-0000-0000000FF1CE} /uninstall {AAA2F315-90E9-40B3-8F83-4E52A5B461B2}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0406-0000-0000000FF1CE} /uninstall {C378B07F-6A3F-44DB-B340-AADCED1A3B4C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Dansk --> MsiExec.exe /I{AC76BA86-7AD7-1030-7B44-A81200000003}
Adobe Shockwave Player --> MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Assassin's Creed --> C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF
CyberLink YouCam --> "C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DigitalPersona Personal 3.0.0 --> MsiExec.exe /I{C7AF7F33-9092-997E-2D29-DE8095863FE3}
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESU for Microsoft Vista --> MsiExec.exe /I{68471BF2-F1F7-4C89-BBBA-400B94996596}
FLV Player 2.0, build 24 --> C:\Program Files\FLV Player\uninst.exe
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) --> C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Quick Launch Buttons 6.30 E1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4 --> MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guides 0087 --> MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HP Wireless Assistant --> MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kompatibilitetspakke til Office 2007-systemet --> MsiExec.exe /X{90120000-0020-0406-0000-0000000FF1CE}
LabelPrint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0015-0406-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0016-0406-0000-0000000FF1CE}
Microsoft Office Groove MUI (Danish) 2007 --> MsiExec.exe /X{90120000-00BA-0406-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0044-0406-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Danish) 2007 --> MsiExec.exe /X{90120000-00A1-0406-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Danish) 2007 --> MsiExec.exe /X{90120000-001A-0406-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0018-0406-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Danish) --> MsiExec.exe /X{95120000-00AF-0406-0000-0000000FF1CE}
Microsoft Office Proof (Danish) 2007 --> MsiExec.exe /X{90120000-001F-0406-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Danish) 2007 --> MsiExec.exe /X{90120000-002C-0406-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0019-0406-0000-0000000FF1CE}
Microsoft Office Shared MUI (Danish) 2007 --> MsiExec.exe /X{90120000-006E-0406-0000-0000000FF1CE}
Microsoft Office Word MUI (Danish) 2007 --> MsiExec.exe /X{90120000-001B-0406-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSCU for Microsoft Vista --> MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Need for Speed™ ProStreet --> MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX v8.04.25 --> MsiExec.exe /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
Power2Go --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.4 --> "C:\Program Files\HP\QuickPlay\unins000.exe"
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
RivaTuner v2.09 --> "C:\Program Files\RivaTuner v2.09\uninstall.exe"
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SuperMegaSpoof 2.0 --> "C:\Program Files\MegaSpoof\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tilmeldingsassistent til Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Vista Manager --> MsiExec.exe /I{4E79AC14-1F0A-4044-B069-126EDCD2308F}
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Live installer --> MsiExec.exe /X{38092A00-F9C8-420F-B5CB-C56F89F94B12}
Windows Live Messenger --> MsiExec.exe /X{1EDF0646-14CE-46FE-8785-9E12E29686DF}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6781 / Error
Event Submitted/Written: 05/24/2008 00:02:12 PM
Event ID/Source: 1010 / Perflib
Event Description:
EmdCacheC:\Windows\system32\emdmgmt.dll4

Event Record #/Type6769 / Success
Event Submitted/Written: 05/24/2008 10:32:39 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type6768 / Success
Event Submitted/Written: 05/24/2008 10:32:38 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type6765 / Success
Event Submitted/Written: 05/24/2008 10:32:29 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Tjenesten Softwarelicensering er startet.

Event Record #/Type6758 / Warning
Event Submitted/Written: 05/24/2008 10:31:41 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows har registreret, at din registreringsdatabasefil stadig anvendes af andre programmer eller tjenester. Filen deaktiveres nu. De programmer eller tjenester, der anvender din registreringsdatabasefil, fungerer muligvis ikke korrekt, efter at filen er deaktiveret.

DETALJER -
1 user registry handles leaked from \Registry\User\S-1-5-21-2610512430-812213940-561383249-1000_Classes:
Process 1044 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2610512430-812213940-561383249-1000_CLASSES



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type37939 / Warning
Event Submitted/Written: 05/24/2008 00:06:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bent-Bærbar27 Fuldtidsbeskyttelsesagenten har fundet ændringer. Microsoft anbefaler, at du analyserer den software, der har foretaget disse ændringer, for at se, om der er potentielle risici. Du kan bruge oplysninger om, hvordan disse programmer fungerer til at vælge, om de må køre, eller om de skal fjernes fra computeren. Tillad kun ændringer, hvis du har tillid til programmet eller softwareudgiveren. %Bent-Bærbar27 kan ikke fortryde ændringer, du tillader.

Flere oplysninger finder du her:
%Bent-Bærbar275

Scannings-id: {578A865A-FBF5-4203-B44A-6B3C300869D2}

Bruger: Bent-Bærbar\Bent

Navn: %Bent-Bærbar271

Id: %Bent-Bærbar272

Alvorligheds-id: %Bent-Bærbar273

Kategori-id: %Bent-Bærbar274

Sti fundet: %Bent-Bærbar276

Advarselstype: %Bent-Bærbar278

Registreringstype: 1.1.1600.02

Event Record #/Type37938 / Warning
Event Submitted/Written: 05/24/2008 00:06:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bent-Bærbar27 Fuldtidsbeskyttelsesagenten har fundet ændringer. Microsoft anbefaler, at du analyserer den software, der har foretaget disse ændringer, for at se, om der er potentielle risici. Du kan bruge oplysninger om, hvordan disse programmer fungerer til at vælge, om de må køre, eller om de skal fjernes fra computeren. Tillad kun ændringer, hvis du har tillid til programmet eller softwareudgiveren. %Bent-Bærbar27 kan ikke fortryde ændringer, du tillader.

Flere oplysninger finder du her:
%Bent-Bærbar275

Scannings-id: {EDDB32D4-51B1-4C83-82DE-4C02480A6AB4}

Bruger: Bent-Bærbar\Bent

Navn: %Bent-Bærbar271

Id: %Bent-Bærbar272

Alvorligheds-id: %Bent-Bærbar273

Kategori-id: %Bent-Bærbar274

Sti fundet: %Bent-Bærbar276

Advarselstype: %Bent-Bærbar278

Registreringstype: 1.1.1600.02

Event Record #/Type37937 / Warning
Event Submitted/Written: 05/24/2008 00:06:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bent-Bærbar27 Fuldtidsbeskyttelsesagenten har fundet ændringer. Microsoft anbefaler, at du analyserer den software, der har foretaget disse ændringer, for at se, om der er potentielle risici. Du kan bruge oplysninger om, hvordan disse programmer fungerer til at vælge, om de må køre, eller om de skal fjernes fra computeren. Tillad kun ændringer, hvis du har tillid til programmet eller softwareudgiveren. %Bent-Bærbar27 kan ikke fortryde ændringer, du tillader.

Flere oplysninger finder du her:
%Bent-Bærbar275

Scannings-id: {17512AF8-559A-4757-9D93-818D64586525}

Bruger: Bent-Bærbar\Bent

Navn: %Bent-Bærbar271

Id: %Bent-Bærbar272

Alvorligheds-id: %Bent-Bærbar273

Kategori-id: %Bent-Bærbar274

Sti fundet: %Bent-Bærbar276

Advarselstype: %Bent-Bærbar278

Registreringstype: 1.1.1600.02

Event Record #/Type37936 / Warning
Event Submitted/Written: 05/24/2008 00:06:13 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bent-Bærbar27 Fuldtidsbeskyttelsesagenten har fundet ændringer. Microsoft anbefaler, at du analyserer den software, der har foretaget disse ændringer, for at se, om der er potentielle risici. Du kan bruge oplysninger om, hvordan disse programmer fungerer til at vælge, om de må køre, eller om de skal fjernes fra computeren. Tillad kun ændringer, hvis du har tillid til programmet eller softwareudgiveren. %Bent-Bærbar27 kan ikke fortryde ændringer, du tillader.

Flere oplysninger finder du her:
%Bent-Bærbar275

Scannings-id: {9FF4502D-17CB-4D0F-8A77-10BBE9996999}

Bruger: Bent-Bærbar\Bent

Navn: %Bent-Bærbar271

Id: %Bent-Bærbar272

Alvorligheds-id: %Bent-Bærbar273

Kategori-id: %Bent-Bærbar274

Sti fundet: %Bent-Bærbar276

Advarselstype: %Bent-Bærbar278

Registreringstype: 1.1.1600.02

Event Record #/Type37935 / Warning
Event Submitted/Written: 05/24/2008 00:06:13 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bent-Bærbar27 Fuldtidsbeskyttelsesagenten har fundet ændringer. Microsoft anbefaler, at du analyserer den software, der har foretaget disse ændringer, for at se, om der er potentielle risici. Du kan bruge oplysninger om, hvordan disse programmer fungerer til at vælge, om de må køre, eller om de skal fjernes fra computeren. Tillad kun ændringer, hvis du har tillid til programmet eller softwareudgiveren. %Bent-Bærbar27 kan ikke fortryde ændringer, du tillader.

Flere oplysninger finder du her:
%Bent-Bærbar275

Scannings-id: {29B21FF9-5DAF-4D43-9F44-5AB5CDAF97BA}

Bruger: Bent-Bærbar\Bent

Navn: %Bent-Bærbar271

Id: %Bent-Bærbar272

Alvorligheds-id: %Bent-Bærbar273

Kategori-id: %Bent-Bærbar274

Sti fundet: %Bent-Bærbar276

Advarselstype: %Bent-Bærbar278

Registreringstype: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-05-24 12:07:21 ------------
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:) :) Now was it just a file I missed as there is nothing I can see now that would indicate you are infected. I will now secure your system

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

I will keep this thread open for a day or so to ensure it really is gone

Now the best part of the day ----- Your log now appears clean :)

Double click OTScanit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#22
bentzilmer

bentzilmer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It all seems to work as it should now. Thank you for all you help.

Greetings
Bent
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP