Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Vundo HELP ME FFS! [RESOLVED]


  • This topic is locked This topic is locked

#1
helpme768

helpme768

    Member

  • Member
  • PipPip
  • 26 posts
Hi guys. Ive got a VERY terrible Problem: TROJAN.VUNDO!

It constantly crashes Explorer.exe, and Internet Explorer doesnt works.
Firefox pops up with tons of advertisements every minute!

While i am typing now, explorer.exe crashed 17 times!

Firefox also constantly opens a website called "85.17.166.175". I guess thats the hacker that controls the virus?

I got Norton Internet Security 2007 and ive tried MANY applications to get rid of Trojan.Vundo!

ive used:

Norton internet security
HiJack this
VundoFix
FixVundo (by symantec)

i tried opening MSCONFIG and looked in the "start" tab.
It seems alot of processes that uses "rundll32.exe" is controlled by a file called "xxyvUlLC.dll" which is in my C:\WIndows\System32 directory with a filesize of 314 KB.


PLEASE HELP ME!!!!



-- HijackThis log file --
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:06, on 27-06-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common

Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {788B8FEA-5294-469D-A1CB-16E30B73DA25} - C:\Windows\system32\xxyvUlLC.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - (no file)
O2 - BHO: (no name) - {C5B8495C-20BC-493C-8613-E4F6E5790B88} - C:\Windows\system32\fcCrrspN.dll

(file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program

Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyvUlLC.dll,c
O4 - HKCU\..\Run: [609e5ee9] rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\nfnbxbug.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User

'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'NETVÆRKSTJENESTE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} -

(no file)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-

9AEDB42FA2D5} - (no file)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) -

http://www.streamplu...lug/beta/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zon...kr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://128.230.73.133/activex/AMC.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager-kontrol) -

http://dlm.tools.aka...vex-2.2.1.6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk

Shared\Service\AdskScSrv.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner -

C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program

Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-

raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\3dsmax2009

\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program

Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX

Shared\UPnPService\UPnPService.exe

--
End of file - 11108 bytes

Edited by helpme768, 27 June 2008 - 05:04 AM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Don't curse please

Open notepad, click Format, uncheck wordwrap


Hello

Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post.
  • 0

#3
helpme768

helpme768

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Ok here's the attached file:

Attached Files


  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Open notepad, click Format, uncheck wordwrap


Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • Click on the "Item Fixer" tab
  • You will notice several entries with a tick in red, click Fix checked.
  • Accept the warning then repeat until they are all gone.



Reboot and do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
helpme768

helpme768

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
MAIN :




Deckard's System Scanner v20071014.68
Run by Lasse on 2008-06-30 13:01:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-06-26 12:44:15 UTC - RP477 - Planlagt kontrolpunkt
6: 2008-06-25 19:46:48 UTC - RP476 - Configured Command & Conquer 3 Tiberium Wars™ MOD SDK
5: 2008-06-24 18:52:43 UTC - RP474 - Installerede glu3D plugin for 3dsMax 2009 32-bit
4: 2008-06-24 15:50:41 UTC - RP473 - Planlagt kontrolpunkt
3: 2008-06-21 13:26:11 UTC - RP472 - Planlagt kontrolpunkt


-- First Restore Point --
1: 2008-06-18 12:05:50 UTC - RP470 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Lasse.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:27, on 30-06-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Users\Lasse\Desktop\dss.exe
c:\windows\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lasse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyvUlLC.dll,c
O4 - HKCU\..\Run: [BM63ad6d75] Rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\sohfbvnq.dll",s
O4 - HKCU\..\Run: [609e5ee9] rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\pstgjwfv.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplu...lug/beta/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager-kontrol) - http://dlm.tools.aka...vex-2.2.1.6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\3dsmax2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 9472 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Windows\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\Windows\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\Windows\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\Windows\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 Bonjour Service (Bonjour-tjeneste) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 mi-raysat_3dsMax2009_32 (mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit) - "c:\program files\3dsmax2009\mentalray\satellite\raysat_3dsmax2009_32server.exe"
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 UPnPService - c:\program files\common files\magix shared\upnpservice\upnpservice.exe <Not Verified; Magix AG; UPnPService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2099-11-11 13:20:22 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{A99E56AF-78E9-4A3C-823F-E2AC5C6F4AD6}.job
2008-06-16 20:27:52 560 --a------ C:\Windows\Tasks\Norton Internet Security - Kør fuld systemskanning - Lasse.job


-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-27 12:58:50 0 d-------- C:\Program Files\Trend Micro
2008-06-24 16:29:07 262144 --a------ C:\ntuser.dat
2008-06-22 21:48:07 0 d-------- C:\VundoFix Backups
2008-06-22 21:00:41 0 d-------- C:\Program Files\PurgeIE
2008-06-22 10:08:25 90112 --a------ C:\Windows\system32\btjayvct.dll
2008-06-22 10:07:45 529804 --ahs---- C:\Windows\system32\CLlUvyxx.ini2
2008-06-21 20:13:40 0 d-------- C:\Joke
2008-06-21 13:59:11 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-06-18 15:32:18 0 d-------- C:\Custom Icons
2008-06-17 16:23:11 481763 --ahs---- C:\Windows\system32\HNqWvxbc.ini2
2008-06-17 16:23:06 322560 --a------ C:\Windows\system32\cbxvWqNH.dll
2008-06-16 16:45:16 481763 --ahs---- C:\Windows\system32\tutuutwa.ini2
2008-06-16 16:45:14 322560 --a------ C:\Windows\system32\awtuutut.dll
2008-06-15 15:43:50 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-06-15 15:43:25 4682 --a------ C:\Windows\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-06-15 15:18:21 0 d-------- C:\AeriaGames
2008-06-14 09:54:52 345 --ahs---- C:\Windows\system32\QpAyxyay.ini2
2008-06-14 09:54:47 322560 --a------ C:\Windows\system32\yayxyApQ.dll
2008-06-13 22:49:46 0 d-------- C:\Program Files\DivX
2008-06-13 21:31:30 0 d-------- C:\Program Files\vghd
2008-06-12 19:06:24 0 d-------- C:\Program Files\Windows Live
2008-06-12 14:16:07 524073 --ahs---- C:\Windows\system32\bccccfii.ini2
2008-06-11 22:49:15 0 d-------- C:\Program Files\FMOD SoundSystem
2008-06-11 17:56:34 321536 -----n--- C:\Windows\system32\xxyvUlLC.dll
2008-06-11 16:56:04 0 d--h----- C:\TMP_inet
2008-06-10 23:18:30 0 d-------- C:\Windows\.jagex_cache_32
2008-06-10 20:40:11 0 d-------- C:\Visual Basic 6
2008-06-06 16:39:21 0 d-------- C:\Program Files\PerformanceTest
2008-06-01 17:39:43 0 dr------- C:\Users\Administrator\Searches
2008-06-01 17:39:30 0 dr------- C:\Users\Administrator\Contacts
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Skabeloner
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\SendTo
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Recent
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Printere
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Menuen Start
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Lokale indstillinger
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Dokumenter
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Cookies
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Application Data
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Andre computere
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Videos
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Saved Games
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Pictures
2008-06-01 17:39:15 786432 --ahs---- C:\Users\Administrator\NTUSER.DAT
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Music
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Links
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Favorites
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Downloads
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Documents
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Desktop
2008-06-01 17:39:15 0 d--h----- C:\Users\Administrator\AppData
2008-06-01 14:40:54 0 d-------- C:\Program Files\3dsmax2009
2008-06-01 14:19:38 0 d-------- C:\Cracks


-- Find3M Report ---------------------------------------------------------------

2008-06-26 22:27:39 0 d-------- C:\Users\Lasse\AppData\Roaming\uTorrent
2008-06-26 13:38:30 0 d-------- C:\Users\Lasse\AppData\Roaming\Adobe
2008-06-25 14:58:33 0 d-------- C:\Users\Lasse\AppData\Roaming\Winff
2008-06-22 21:00:43 0 d-------- C:\Users\Lasse\AppData\Roaming\DelinvFile
2008-06-22 10:20:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-21 23:19:43 0 d-------- C:\Program Files\Cheat Engine
2008-06-19 14:25:01 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.LotR-player
2008-06-15 15:43:50 0 d-------- C:\Program Files\Common Files
2008-06-15 15:18:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 13:15:32 0 d-------- C:\Program Files\Eltima Software
2008-06-14 14:41:24 0 d-------- C:\Program Files\Warcraft III
2008-06-10 14:10:42 0 d-------- C:\Program Files\Windows Mail
2008-06-09 20:47:49 0 d-------- C:\Program Files\Norton Internet Security
2008-06-09 20:47:45 0 d-------- C:\Program Files\Symantec
2008-06-04 18:44:27 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-01 14:46:55 0 d-------- C:\Program Files\Autodesk
2008-05-27 22:36:40 76455 --a------ C:\Windows\War3Unin.dat
2008-05-17 16:52:40 0 d-------- C:\Program Files\GameSpy
2008-05-17 16:50:41 669184 --a------ C:\Windows\system32\pbsvc.exe
2008-05-12 22:55:00 0 d-------- C:\Program Files\Macromedia
2008-05-08 18:35:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-07 14:51:28 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Crysis-Test
2008-05-04 14:00:48 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-03 13:01:26 2829 --a------ C:\Windows\War3Unin.pif
2008-05-03 13:01:25 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-01 21:14:06 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Keygen
2008-05-01 16:04:09 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-4-Scene-1
2008-04-30 22:07:37 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.LOL
2008-04-30 22:06:25 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-5
2008-04-30 22:02:46 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-4
2008-04-30 21:58:10 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.test
2008-04-30 21:50:21 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.other
2008-04-30 21:46:42 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.AIR
2008-04-30 20:07:59 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-04-30 19:43:46 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-2
2008-04-30 19:34:40 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-1
2008-04-30 19:33:23 540384 --a------ C:\Windows\system32\perfh006.dat
2008-04-30 19:33:23 102312 --a------ C:\Windows\system32\perfc006.dat
2008-04-21 19:54:09 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-04-06 12:25:21 35473 --a------ C:\Windows\scunin.dat
2008-04-06 12:25:20 967 --a------ C:\Windows\ScUnin.pif
2008-04-06 12:25:20 94208 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-04-03 17:21:34 20480 --a------ C:\Windows\system32\[email protected]@@k.DLL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [01-12-2006 14:37 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12-01-2006 15:40]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09-01-2007 23:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [12-09-2007 06:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12-09-2007 06:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12-09-2007 06:28]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11-01-2008 19:54]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28-03-2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30-03-2008 10:36]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [26-07-2007 19:15]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29-01-2008 17:38]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02-11-2006 11:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09-01-2008 23:50]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02-11-2006 14:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 14:36]
"cmds"="C:\Windows\system32\xxyvUlLC.dll,c" []
"BM63ad6d75"="C:\Users\Lasse\AppData\Local\Temp\sohfbvnq.dll,s" []
"609e5ee9"="C:\Users\Lasse\AppData\Local\Temp\pstgjwfv.dll,b" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\609e5ee9]
rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\omfxlkkf.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM63ad6d75]
Rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\bnwqriqf.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
rundll32.exe C:\Windows\system32\xxyvUlLC.dll,c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Windows\system32\fcCrrspN.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-30 13:14:01 ------------





















Extra :







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: Other (0406) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 2045.94 MiB / 1164.72 MiB
Pagefile Memory (total/avail): 4306.45 MiB / 3332.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.42 MiB

C: is Fixed (NTFS) - 298.09 GiB total, 184.32 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3320820AS ATA Device - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.09 GiB - C:

\\.\PHYSICALDRIVE1 - Generic 2.0 Reader -CF USB Device

\\.\PHYSICALDRIVE4 - Generic 2.0 Reader -MS USB Device

\\.\PHYSICALDRIVE3 - Generic 2.0 Reader -SD USB Device

\\.\PHYSICALDRIVE2 - Generic 2.0 Reader -SM USB Device

\\.\PHYSICALDRIVE5 - Generic 2.0 Reader -xD USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation) Disabled
AV: Norton Internet Security v2007 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Lasse\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LASSE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Lasse
LOCALAPPDATA=C:\Users\Lasse\AppData\Local
LOGONSERVER=\\LASSE-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\;C:\Windows\system32\gs\gs7.05\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Lasse\AppData\Local\Temp
TMP=C:\Users\Lasse\AppData\Local\Temp
USERDOMAIN=Lasse-PC
USERNAME=Lasse
USERPROFILE=C:\Users\Lasse
VS90COMNTOOLS=c:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Lasse
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe After Effects CS3 --> C:\Program Files\Common Files\Adobe\Installers\5d83aea83f5009a0d267d337e3f55fe\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Third Party Content --> MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Setup --> MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup --> MsiExec.exe /I{F1C9C7F7-0D56-40B2-A276-152762D39BCA}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3 --> C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The Asian Dynasties --> C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Autodesk 3ds Max 2009 32-bit --> MsiExec.exe /I{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Battlefield 1942 Singleplayer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6D7A630-9136-490E-B190-D0E71813BCAE}\Setup.exe" -l0x9
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Camtasia Studio 5 --> MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.4 --> "C:\Program Files\Cheat Engine\unins000.exe"
Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Command & Conquer 3 Tiberium Wars™ MOD SDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86C7336D-0E3A-4953-ADF4-F4B5E0096278}\setup.exe" -l0x9 -removeonly
Command & Conquer 3 Tiberium Wars™ Worldbuilder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F428768A-BA63-43A5-86E9-7F0CFD174944}\setup.exe" -l0x9 -removeonly
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer™ 3: Kane's Wrath --> MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
CryEngine®2 Sandbox™2 --> MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
CryEngine®2 Sandbox™2 --> MsiExec.exe /I{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}
Crysis ModSDK --> "C:\Program Files\InstallShield Installation Information\{566664F6-B34E-41A6-AD1D-4ED22DA334AE}\setup.exe" -runfromtemp -l0x0009 -removeonly
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Crysis® SP Demo --> MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
DelinvFile - 3.03 --> "C:\Program Files\PurgeIE\unins000.exe"
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Empire Earth II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF315348-721C-40B8-BAE2-58C6C7D935A2}\setup.exe" -l0x9 -removeonly
Empires Dawn of the Modern World --> C:\PROGRA~1\ACTIVI~1\EMPIRE~1\Uninstall\Unwise.exe /u C:\PROGRA~1\ACTIVI~1\EMPIRE~1\Uninstall\Install.log
FBX Plugin 2009.0 for Max 2009 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe
Flash Decompiler Trillix --> "C:\Program Files\Eltima Software\Flash Decompiler Trillix\unins000.exe"
FMOD Designer --> "C:\Program Files\FMOD SoundSystem\FMOD Designer\uninstall.exe"
Game Cam 2.1 --> C:\Program Files\Game Cam V2\uninst.exe
glu3D plugin for 3dsMax 2009 32-bit --> MsiExec.exe /I{1B45BB15-FF60-4B5A-A453-C7ABA92AC1E1}
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\HijackThis.exe" /uninstall
Install(US)2 --> C:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
IntelligentAdvisor --> C:\Program Files\IntelligentAdvisor\uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macrobject Obfuscator.NET 2007.13.116.186 --> "C:\Program Files\Macrobject\Obfuscator.NET\unins000.exe"
Maya 8.5 Personal Learning Edition --> MsiExec.exe /I{2D8ECB5E-9F6C-4332-AEE6-0E4EE1DEC926}
Maya 8.5 Personal Learning Edition Documentation (en_US) --> MsiExec.exe /I{6A829DA3-E377-4BC0-938F-F453C6BB3F67}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 3.5 --> C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Age of Empires Gold --> "C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008 --> C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Mike and Mary TTS Engines 5.1 --> MsiExec.exe /X{3A0604C2-807A-11DB-8DF8-00508DD5B6B9}
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\mpg4c32.inf
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU --> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU --> c:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\wpie3x86.inf,WebPostUninstall
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools --> MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 7 Essentials --> MsiExec.exe /I{D34D82E0-4600-407B-9478-8506C1DD1030}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Paint Shop Pro Shareware Version 3.11 --> C:\Windows\UNWISE.EXE C:\PSP\INSTALL.LOG "Paint Shop Pro Shareware 3.11 Uninstall"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PerformanceTest v6.1 --> "C:\Program Files\PerformanceTest\unins000.exe"
Pinnacle PCTV MCE --> MsiExec.exe /X{FD54066C-59C6-475B-B8A0-A0D26969D8E2}
Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
ShockWave V0.95 --> C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\Uinst_shw.exe
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Starcraft --> C:\Windows\SCunin.exe C:\Windows\SCunin.dat
Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Text to Speech Maker version 1.6.2 --> "C:\Program Files\Text to Speech Maker\unins000.exe"
The Battle for Middle-earth ™ II --> C:\Electronic Arts\The Battle for Middle-earth ™ II\EAUninstall.exe
The Lord of the Rings, The Rise of the Witch-king --> C:\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\EAUninstall.exe
Tilmeldingsassistent til Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VC Runtimes MSI --> MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VirtuaGirl HD --> C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
Visual Basic 5.0 Learning Edition --> C:\Program Files\DevStudio\VB\Setup\setup.exe /z vb5_bb.dll /m
Visual Studio 2005 Tools for Office Second Edition Runtime --> c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
Warcraft III --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warcraft III Art Tools --> C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III Art Tools\Uninstall.exe
Warcraft III: All Products --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Mobile 5.0 SDK R2 for Pocket PC --> MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone --> MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinFF 0.33 --> "C:\Program Files\WinFF\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type71810 / Error
Event Submitted/Written: 06/30/2008 00:57:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Program med fejl Explorer.EXE, version 6.0.6000.16549, tidsstempel 0x46d230c5, modul med fejl ntdll.dll, version 6.0.6000.16386, tidsstempel 0x4549bdc9, undtagelseskode 0xc0000374, forskydning med fejl 0x000af1c9,
proces-id 0x1c4, programmets starttidspunkt 0xExplorer.EXE0.

Event Record #/Type71805 / Success
Event Submitted/Written: 06/30/2008 00:56:03 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type71784 / Success
Event Submitted/Written: 06/30/2008 00:55:58 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type71756 / Success
Event Submitted/Written: 06/30/2008 00:55:43 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Tjenesten Softwarelicensering er startet.

Event Record #/Type71733 / Error
Event Submitted/Written: 06/30/2008 00:48:48 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Programmet firefox.exe version 1.8.20080.40413 afbrød kommunikationen med Windows og blev afsluttet. Hvis du vil se, om der findes yderligere oplysninger om problemet, kan du læse om problemets historik via kontrolpanelet Problemrapporter og -løsninger.
Proces-id: 580
Starttidspunkt: 01c8da9e82d3b700
Sluttidspunkt: 63



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type111718 / Error
Event Submitted/Written: 06/30/2008 01:01:45 PM
Event ID/Source: 10010 / DCOM
Event Description:
{0002DF01-0000-0000-C000-000000000046}

Event Record #/Type111663 / Error
Event Submitted/Written: 06/30/2008 00:56:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type111608 / Error
Event Submitted/Written: 06/30/2008 00:55:14 PM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS indeholder ikke en IRQ for enheden i PCI-slot 2, funktion 0.
Kontakt din systemforhandler for at få teknisk support.

Event Record #/Type111517 / Error
Event Submitted/Written: 06/30/2008 10:39:56 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyvUlLC.dll,c
O4 - HKCU\..\Run: [BM63ad6d75] Rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\sohfbvnq.dll",s
O4 - HKCU\..\Run: [609e5ee9] rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\pstgjwfv.dll",b


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Windows\system32\btjayvct.dll
    C:\Windows\system32\CLlUvyxx.ini2
    C:\Windows\system32\HNqWvxbc.ini2
    C:\Windows\system32\cbxvWqNH.dll
    C:\Windows\system32\tutuutwa.ini2
    C:\Windows\system32\awtuutut.dll
    C:\Windows\system32\QpAyxyay.ini2
    C:\Windows\system32\yayxyApQ.dll
    C:\Windows\system32\bccccfii.ini2
    C:\Windows\system32\xxyvUlLC.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\609e5ee9
    C:\Users\Lasse\AppData\Local\Temp\omfxlkkf.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM63ad6d75
    C:\Users\Lasse\AppData\Local\Temp\bnwqriqf.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds
    C:\Windows\system32\xxyvUlLC.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer
    C:\Windows\system32\fcCrrspN.dll
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@echo off
dir "C:\Cracks">C:\peek.txt
start C:\peek.txt
del peek.bat


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Post the resulting notepad file that appears



Also post a new DSS log
  • 0

#7
helpme768

helpme768

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OT*something* log:







Explorer killed successfully
DllUnregisterServer procedure not found in C:\Windows\system32\btjayvct.dll
C:\Windows\system32\btjayvct.dll NOT unregistered.
C:\Windows\system32\btjayvct.dll moved successfully.
File move failed. C:\Windows\system32\CLlUvyxx.ini2 scheduled to be moved on reboot.
File move failed. C:\Windows\system32\HNqWvxbc.ini2 scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\cbxvWqNH.dll
C:\Windows\system32\cbxvWqNH.dll NOT unregistered.
File move failed. C:\Windows\system32\cbxvWqNH.dll scheduled to be moved on reboot.
File move failed. C:\Windows\system32\tutuutwa.ini2 scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\awtuutut.dll
C:\Windows\system32\awtuutut.dll NOT unregistered.
File move failed. C:\Windows\system32\awtuutut.dll scheduled to be moved on reboot.
File move failed. C:\Windows\system32\QpAyxyay.ini2 scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\yayxyApQ.dll
C:\Windows\system32\yayxyApQ.dll NOT unregistered.
File move failed. C:\Windows\system32\yayxyApQ.dll scheduled to be moved on reboot.
File move failed. C:\Windows\system32\bccccfii.ini2 scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\xxyvUlLC.dll
C:\Windows\system32\xxyvUlLC.dll NOT unregistered.
File move failed. C:\Windows\system32\xxyvUlLC.dll scheduled to be moved on reboot.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\609e5ee9 >
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\609e5ee9\\ .
File/Folder C:\Users\Lasse\AppData\Local\Temp\omfxlkkf.dll not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM63ad6d75 >
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM63ad6d75\\ .
File/Folder C:\Users\Lasse\AppData\Local\Temp\bnwqriqf.dll not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds >
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds\\ .
DllUnregisterServer procedure not found in C:\Windows\system32\xxyvUlLC.dll
C:\Windows\system32\xxyvUlLC.dll NOT unregistered.
File move failed. C:\Windows\system32\xxyvUlLC.dll scheduled to be moved on reboot.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer >
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer\\ .
File/Folder C:\Windows\system32\fcCrrspN.dll not found.
< purity >
< EmptyTemp >
File delete failed. C:\Windows\temp\lpksetup-20080630-131051-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080630-131138-0.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06302008_183609






Peek.txt:


Disken i drev C har ikke noget navn.
Diskens serienummer er 609E-5E46

Indhold af C:\Cracks

25-06-2008 18:02 <DIR> .
25-06-2008 18:02 <DIR> ..
13-06-2008 20:22 <DIR> Adobe After Effects CS3
09-06-2008 20:18 <DIR> Adobe Flash CS3
24-06-2008 22:01 <DIR> Autodesk 3ds Max 2009
0 fil(er) 0 byte
5 mappe® 197.916.418.048 byte ledig















DSS "main.txt"



Deckard's System Scanner v20071014.68
Run by Lasse on 2008-06-30 18:54:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lasse.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:10, on 30-06-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Lasse\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lasse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyvUlLC.dll,c
O4 - HKCU\..\Run: [BM63ad6d75] Rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\besleyee.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplu...lug/beta/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager-kontrol) - http://dlm.tools.aka...vex-2.2.1.6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\3dsmax2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 9593 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-27 12:58:50 0 d-------- C:\Program Files\Trend Micro
2008-06-24 16:29:07 262144 --a------ C:\ntuser.dat
2008-06-22 21:48:07 0 d-------- C:\VundoFix Backups
2008-06-22 21:00:41 0 d-------- C:\Program Files\PurgeIE
2008-06-22 10:07:45 529804 --ahs---- C:\Windows\system32\CLlUvyxx.ini2
2008-06-21 20:13:40 0 d-------- C:\Joke
2008-06-21 13:59:11 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-06-18 15:32:18 0 d-------- C:\Custom Icons
2008-06-17 16:23:11 481763 --ahs---- C:\Windows\system32\HNqWvxbc.ini2
2008-06-17 16:23:06 322560 --a------ C:\Windows\system32\cbxvWqNH.dll
2008-06-16 16:45:16 481763 --ahs---- C:\Windows\system32\tutuutwa.ini2
2008-06-16 16:45:14 322560 --a------ C:\Windows\system32\awtuutut.dll
2008-06-15 15:43:50 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-06-15 15:43:25 4682 --a------ C:\Windows\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-06-15 15:18:21 0 d-------- C:\AeriaGames
2008-06-14 09:54:52 345 --ahs---- C:\Windows\system32\QpAyxyay.ini2
2008-06-14 09:54:47 322560 --a------ C:\Windows\system32\yayxyApQ.dll
2008-06-13 22:49:46 0 d-------- C:\Program Files\DivX
2008-06-13 21:31:30 0 d-------- C:\Program Files\vghd
2008-06-12 19:06:24 0 d-------- C:\Program Files\Windows Live
2008-06-12 14:16:07 524073 --ahs---- C:\Windows\system32\bccccfii.ini2
2008-06-11 22:49:15 0 d-------- C:\Program Files\FMOD SoundSystem
2008-06-11 17:56:34 321536 -----n--- C:\Windows\system32\xxyvUlLC.dll
2008-06-11 16:56:04 0 d--h----- C:\TMP_inet
2008-06-10 23:18:30 0 d-------- C:\Windows\.jagex_cache_32
2008-06-10 20:40:11 0 d-------- C:\Visual Basic 6
2008-06-06 16:39:21 0 d-------- C:\Program Files\PerformanceTest
2008-06-01 17:39:43 0 dr------- C:\Users\Administrator\Searches
2008-06-01 17:39:30 0 dr------- C:\Users\Administrator\Contacts
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Skabeloner
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\SendTo
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Recent
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Printere
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Menuen Start
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Lokale indstillinger
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Dokumenter
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Cookies
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Application Data
2008-06-01 17:39:18 0 d--hs---- C:\Users\Administrator\Andre computere
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Videos
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Saved Games
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Pictures
2008-06-01 17:39:15 786432 --ahs---- C:\Users\Administrator\NTUSER.DAT
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Music
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Links
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Favorites
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Downloads
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Documents
2008-06-01 17:39:15 0 dr------- C:\Users\Administrator\Desktop
2008-06-01 17:39:15 0 d--h----- C:\Users\Administrator\AppData
2008-06-01 14:40:54 0 d-------- C:\Program Files\3dsmax2009
2008-06-01 14:19:38 0 d-------- C:\Cracks


-- Find3M Report ---------------------------------------------------------------

2008-06-30 18:02:28 0 d-------- C:\Users\Lasse\AppData\Roaming\Mozilla
2008-06-26 22:27:39 0 d-------- C:\Users\Lasse\AppData\Roaming\uTorrent
2008-06-26 13:38:30 0 d-------- C:\Users\Lasse\AppData\Roaming\Adobe
2008-06-25 14:58:33 0 d-------- C:\Users\Lasse\AppData\Roaming\Winff
2008-06-22 21:00:43 0 d-------- C:\Users\Lasse\AppData\Roaming\DelinvFile
2008-06-22 10:20:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-21 23:19:43 0 d-------- C:\Program Files\Cheat Engine
2008-06-19 14:25:01 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.LotR-player
2008-06-15 15:43:50 0 d-------- C:\Program Files\Common Files
2008-06-15 15:18:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 13:15:32 0 d-------- C:\Program Files\Eltima Software
2008-06-14 14:41:24 0 d-------- C:\Program Files\Warcraft III
2008-06-10 14:10:42 0 d-------- C:\Program Files\Windows Mail
2008-06-09 20:47:49 0 d-------- C:\Program Files\Norton Internet Security
2008-06-09 20:47:45 0 d-------- C:\Program Files\Symantec
2008-06-04 18:44:27 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-01 14:46:55 0 d-------- C:\Program Files\Autodesk
2008-05-27 22:36:40 76455 --a------ C:\Windows\War3Unin.dat
2008-05-17 16:52:40 0 d-------- C:\Program Files\GameSpy
2008-05-17 16:50:41 669184 --a------ C:\Windows\system32\pbsvc.exe
2008-05-12 22:55:00 0 d-------- C:\Program Files\Macromedia
2008-05-08 18:35:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-07 14:51:28 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Crysis-Test
2008-05-04 14:00:48 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-03 13:01:26 2829 --a------ C:\Windows\War3Unin.pif
2008-05-03 13:01:25 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-01 21:14:06 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Keygen
2008-05-01 16:04:09 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-4-Scene-1
2008-04-30 22:07:37 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.LOL
2008-04-30 22:06:25 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-5
2008-04-30 22:02:46 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-4
2008-04-30 21:58:10 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.test
2008-04-30 21:50:21 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.other
2008-04-30 21:46:42 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.AIR
2008-04-30 20:07:59 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-04-30 19:43:46 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-2
2008-04-30 19:34:40 0 d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-1
2008-04-30 19:33:23 540384 --a------ C:\Windows\system32\perfh006.dat
2008-04-30 19:33:23 102312 --a------ C:\Windows\system32\perfc006.dat
2008-04-21 19:54:09 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-04-06 12:25:21 35473 --a------ C:\Windows\scunin.dat
2008-04-06 12:25:20 967 --a------ C:\Windows\ScUnin.pif
2008-04-06 12:25:20 94208 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-04-03 17:21:34 20480 --a------ C:\Windows\system32\[email protected]@@k.DLL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [01-12-2006 14:37 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12-01-2006 15:40]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09-01-2007 23:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [12-09-2007 06:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12-09-2007 06:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12-09-2007 06:28]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11-01-2008 19:54]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28-03-2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30-03-2008 10:36]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [26-07-2007 19:15]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29-01-2008 17:38]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02-11-2006 11:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09-01-2008 23:50]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02-11-2006 14:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 14:36]
"cmds"="C:\Windows\system32\xxyvUlLC.dll,c" []
"BM63ad6d75"="C:\Users\Lasse\AppData\Local\Temp\besleyee.dll,s" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\609e5ee9]
rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\omfxlkkf.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM63ad6d75]
Rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\bnwqriqf.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
rundll32.exe C:\Windows\system32\xxyvUlLC.dll,c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Windows\system32\fcCrrspN.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-30 18:54:33 ------------
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.





Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
helpme768

helpme768

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
:) Sorry, but i dont really know why i need to be redirected to something new:P

Its always the same steps!
---
Download new software -
Scan -
Post a log -
Download new software -
Scan -
Post a log -
Download new software -
Scan -
Post a log -
.....


Is it really important to continue all with a new software? im just asking :)
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No it's not, lets just leave the malware on your PC

I am going to close this thread then ?
  • 0

Advertisements


#11
helpme768

helpme768

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Nono i want to get rid of this malware! dont close thread please!
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Then you have to follow the steps in my previous post
  • 0

#13
helpme768

helpme768

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
by the way, while i was fixing entries with HiJackThis, 1 of the problems couldnt be solved and HJT said that the file did not exist!

What shall i do?
  • 0

#14
helpme768

helpme768

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
oops it was Deckards System Scanner. Sorry for the mistake!

if you are asking, Kaspersky is STILL scanning (25%)
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run ComboFix as well
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP