POP-UP's and unwanted toolbars

Status
Not open for further replies.
S

schmitz

New member
Hi

I have som massive problems with pop-ups and unwanted toolbars. I'm not very familiar with the solution to these problems, but I have tried to run spybot, lavasofts Ad-adware. Unfortunately these tools didn't solve the problems. They remove alot of objects, but when i reboot. Everything is back again.

I hope you have the time to help. The Hijack log is below

Logfile of HijackThis v1.99.1
Scan saved at 17:10:31, on 20-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\U2NobWl0eg\command.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Mercora\MercoraClient.exe
C:\Programmer\outlook\outlook.exe
C:\WINDOWS\system32\winlog.exe
C:\windows\winsysban9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Common Files\VCClient\VCMain.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Andet\HP\Digital Imaging\bin\hpohmr08.exe
C:\Andet\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\acs.exe
C:\Andet\HP\Digital Imaging\bin\hpoevm08.exe
C:\Andet\HP\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\winsysban10.exe
C:\Programmer\Network Monitor\netmon.exe
C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Schmitz\Skrivebord\hijackthis\HijackThis.exe
C:\Programmer\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mercora] "C:\Programmer\Mercora\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [outlook] C:\Programmer\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [winsysupd] c:\windows\winsysupd10.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe
O4 - HKLM\..\Run: [winsysban] c:\windows\winsysban10.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Schmitz\launcher.exe" -inv:bootrun
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [CU1] C:\Programmer\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Programmer\Common Files\VCClient\VCMain.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - https://sports.centrebet.com/poker/centrebetpokerlauncher.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133189867800
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\lv8209loe.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2NobWl0eg\command.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
 
hi

first tell me which version of norton you have? 2004, 2005 etc
is it functional and up to date
 
hi

can you temporarily disable nortons auto protect before attempting the fix
on several cases it has prevented this fix from properly doing its job
of course remember to re-enable it after finished :)

now to the fix:

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task .
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button , your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button .
  • You will receive a Done Scanning message, click OK .
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK .
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339'. please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32. Directory
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
 
Hi Illukka

Thanks for your reply and thanks for your tip about the MSWINSCK.OCX fil it worked great. I don't know if the problem is completely gone, but is't certainly reduced alot.

The text is to long so the Hijack log will be placed in the next reply. So first the Look2Me log

I hope the information is of any use to you.


Look2Me-Destroyer V1.0.6

Scanning for infected files.....
Scan started at 22-02-2006 16:54:05

Infected! C:\WINDOWS\system32\n6l8lg3u16.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035200.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035209.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035218.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035225.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035239.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035247.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035254.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035266.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035276.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035287.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035299.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP211\A0035310.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP211\A0035311.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP212\A0035339.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP212\A0035351.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP212\A0035359.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035372.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035384.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035399.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035400.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035434.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035436.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035445.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035448.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035455.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035458.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035465.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035468.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035477.dll
Infected! C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035478.dll
Infected! C:\WINDOWS\system32\aza8lg3u16.dll
Infected! C:\WINDOWS\system32\iqetres.dll
Infected! C:\WINDOWS\system32\n6l8lg3u16.dll
Infected! C:\WINDOWS\system32\ohmanage.dll
Infected! C:\WINDOWS\system32\sbdll.dll
Infected! C:\WINDOWS\system32\shicdnt.dll
Infected! C:\WINDOWS\system32\sPmlib.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\n6l8lg3u16.dll
C:\WINDOWS\system32\n6l8lg3u16.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035200.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035200.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035209.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035209.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035218.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035218.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035225.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035225.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035239.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035239.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035247.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035247.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035254.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035254.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035266.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035266.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035276.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035276.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035287.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035287.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035299.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035299.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP211\A0035310.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP211\A0035310.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP211\A0035311.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP211\A0035311.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP212\A0035339.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP212\A0035339.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP212\A0035351.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP212\A0035351.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP212\A0035359.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP212\A0035359.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035372.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035372.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035384.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035384.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035399.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035399.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035400.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035400.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035434.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035434.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035436.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035436.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035445.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035445.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035448.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035448.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035455.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035455.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035458.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035458.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035465.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035465.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035468.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035468.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035477.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035477.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035478.dll
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035478.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza8lg3u16.dll
C:\WINDOWS\system32\aza8lg3u16.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\iqetres.dll
C:\WINDOWS\system32\iqetres.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n6l8lg3u16.dll
C:\WINDOWS\system32\n6l8lg3u16.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ohmanage.dll
C:\WINDOWS\system32\ohmanage.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sbdll.dll
C:\WINDOWS\system32\sbdll.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\shicdnt.dll
C:\WINDOWS\system32\shicdnt.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sPmlib.dll
C:\WINDOWS\system32\sPmlib.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administratorer - Succeeded
 
And then the Hijack log



Logfile of HijackThis v1.99.1
Scan saved at 17:14:05, on 22-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\U2NobWl0eg\command.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Mercora\MercoraClient.exe
C:\Programmer\outlook\outlook.exe
C:\WINDOWS\system32\winlog.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\windows\winsysban10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Common Files\VCClient\VCMain.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Andet\HP\Digital Imaging\bin\hpohmr08.exe
C:\Andet\HP\Digital Imaging\bin\hpotdd01.exe
C:\Andet\HP\Digital Imaging\bin\hpoevm08.exe
C:\Andet\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Schmitz\Skrivebord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mercora] "C:\Programmer\Mercora\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [outlook] C:\Programmer\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd10.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban10.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Schmitz\launcher.exe" -inv:bootrun
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [CU1] C:\Programmer\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Programmer\Common Files\VCClient\VCMain.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - https://sports.centrebet.com/poker/centrebetpokerlauncher.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133189867800
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2NobWl0eg\command.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
 
hi


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in SafeMode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:
===================================================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd10.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban10.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CU1] C:\Programmer\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Programmer\Common Files\VCClient\VCMain.exe
===================================================

Close HiJackThis.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

reboot back to normal mode, post a hijackthis log and the ewido report
 
Hi

I done as you said, but I can't post the whole Ewido log since it was over 8.000 rows. It seems that most of the lines refers to the same type of problem so I'll post start and the end of the log. And thanks for helping me out I relly appreciate it.

First the Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 20:23:35, on 24-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\IBM\Updater\jre\bin\javaw.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Mercora\MercoraClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Andet\HP\Digital Imaging\bin\hpohmr08.exe
C:\Andet\HP\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Octoshape Streaming Services\Schmitz\octoprogram-L03-N00_0V_900\OctoshapeClient.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Andet\HP\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Andet\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Schmitz\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mercora] "C:\Programmer\Mercora\MercoraClient.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Schmitz\launcher.exe" -inv:bootrun
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [services32] C:\Programmer\Fælles filer\Windows\mc-110-12-0000137.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - https://sports.centrebet.com/poker/centrebetpokerlauncher.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133189867800
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\o8660ijse8o60.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2NobWl0eg\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
 
And the Ewido scanningrapport


---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den: 20:19:43, 24-02-2006
+ Rapport-Checksum: CE79F09F

+ Scanningsresultat:
[724] C:\WINDOWS\system32\mvcories.dll -> Adware.Look2Me : Fejl under renselse
[864] C:\WINDOWS\system32\mvcories.dll -> Adware.Look2Me : Fejl under renselse
C:\Documents and Settings\Schmitz\Complete\!!!NEW!!! R&B LOVESONGS 2006 rar.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\©bySpikys.WinXP.Corporate.x64.German.(Unattended inkl MUI).zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\¿POR QUÉ LAS MUJERES SIEMPRE QUEREMOS MÁS.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\¥¥¥ Gale Dictionary Of American History 3Rd Ed Vol 1-10.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\'Allo 'Allo! - 'Allo 'Allo! 5x17 Feathers DSRip Lektor PL XviD-kshycho-wersja poprawiona.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\'Allo 'Allo! - 'Allo 'Allo! 7x07 & 7x08 DSRip Lektor PL XviD-kshycho.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\'Allo 'Allo! - 'Allo 'Allo! 7x09 & 7x10 DSRip Lektor PL XviD-kshycho.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\'Allo 'Allo! - 'Allo 'Allo! 8x03 & 8x04 DSRip Lektor PL XviD-kshycho.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\(acK it) Mahou Senshi Riui - 08 [DVD][ita][B7C71617].zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\24 - 24 s05e08 hr hdtv ac3 5 1 xvid-ctu avi.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\24 - 24 S05E09 HDTV XviD-LOL [www.PBNova.us].zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\24 - 24 S05E09 HDTV XviD-LOL.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\24 - 24 s05e09HR ac3 5.1.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\24 - 24 TWENTY FOUR Season5 08 2pm-3pm 624x352.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\24 - 24 TWENTY FOUR Season5 Episode8 02pm03pm NOsubEn avi.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Document...........



8.000 rows later


............
C:\Documents and Settings\Schmitz\Complete\[Yoso] Mai Otome 01-07.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\[Yoso] Mai Otome 08-14.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\[zeo v] Power Rangers Mystic Force - Broken Spell, Parts 1 & 2.zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Complete\~MegaNova Org~ - Soldier Of Fortune II - Double Helix GOLD [Spanish][2CD][www pctorrent com].zip/Setup.exe -> Worm.VB.dw : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@axa.addcontrol[1].txt -> TrackingCookie.Addcontrol : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@burstnet[1].txt -> TrackingCookie.Burstnet : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@c.enhance[1].txt -> TrackingCookie.Enhance : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@cnetaustralia.122.2o7[2].txt -> TrackingCookie.2o7 : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@com[2].txt -> TrackingCookie.Com : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@cz8.clickzs[1].txt -> TrackingCookie.Clickzs : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@e-2dj6wflogidjebq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@ilead.itrack[2].txt -> TrackingCookie.Itrack : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@image.masterstats[1].txt -> TrackingCookie.Masterstats : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@ivwbox[1].txt -> TrackingCookie.Ivwbox : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@tacoda[2].txt -> TrackingCookie.Tacoda : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@track.commissionpartner[1].txt -> TrackingCookie.Commissionpartner : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Renset med backup
C:\Documents and Settings\Schmitz\Cookies\schmitz@yadro[2].txt -> TrackingCookie.Yadro : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@casalemedia[1].txt -> TrackingCookie.Casalemedia : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@findwhat[1].txt -> TrackingCookie.Findwhat : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@h.starware[1].txt -> TrackingCookie.Starware : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@paycounter[1].txt -> TrackingCookie.Paycounter : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@sexlist[1].txt -> TrackingCookie.Sexlist : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@sextracker[1].txt -> TrackingCookie.Sextracker : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@www.epilot[1].txt -> TrackingCookie.Epilot : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Cookies\schmitz@zedo[1].txt -> TrackingCookie.Zedo : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\6BD5SDER\gimmygames10[1].exe -> Trojan.VB.ajj : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\6BD5SDER\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\6BD5SDER\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\6BD5SDER\winsysupd10[1].exe -> Downloader.VB.wg : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\BHHXVGQ9\drdata[1].avi -> Dropper.Agent.aac : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\BHHXVGQ9\install[1].exe -> Dropper.Agent.aed : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\F4MBSNAC\Installer[1].exe -> Adware.Look2Me : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\F4MBSNAC\winsysban10[1].exe -> Hijacker.VB.ld : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\YHIJTU4W\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\YHIJTU4W\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\412NWP6N\Installer[1].exe -> Adware.Look2Me : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\6X1INM9K\AppWrap[1].exe -> Adware.AdURL : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\6X1INM9K\AppWrap[2].exe -> Adware.AdURL : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\8D49EZW9\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\8Z4NMB4V\Civ3GoldSetup-dm[1].exe -> Adware.Trymedia : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\8Z4NMB4V\drsmartload[1].exe -> Downloader.VB.xg : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\8Z4NMB4V\winsysban9[1].exe -> Hijacker.VB.ld : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\8Z4NMB4V\winsysupd8[1].exe -> Hijacker.StartPage.ahg : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\CTEN45IR\gimmygames10a[1].exe -> Downloader.VB.xl : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\CTEN45IR\install[2].exe -> Downloader.VB.xd : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\GPERWLU3\drdata[1].avi -> Dropper.Agent.aac : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\GPERWLU3\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\GPERWLU3\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\IL8T25SD\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\RAP69NRM\gimmygames9[1].exe -> Downloader.VB.ww : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\VKV801T2\installerwebnex[1].exe -> Downloader.Qoologic.bh : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\VKV801T2\winsysban8[1].exe -> Hijacker.VB.lg : Renset med backup
C:\Documents and Settings\Schmitz\Lokale indstillinger\Temporary Internet Files\Content.IE5\VKV801T2\winsysupd9[1].exe -> Downloader.VB.wy : Renset med backup
C:\Documents and Settings\Schmitz\ps.exe -> Dropper.Agent.mf : Renset med backup
C:\Downloads\Civ3GoldSetup-dm[1].exe -> Adware.Trymedia : Renset med backup
C:\drsmartload1.exe -> Downloader.VB.xg : Renset med backup
C:\gimmygames10a.exe -> Downloader.VB.xl : Renset med backup
C:\Installer.exe -> Adware.Look2Me : Renset med backup
C:\installerwebnex.exe -> Downloader.Qoologic.bh : Renset med backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Renset med backup
C:\Programmer\Common Files\VCClient\installer.exe -> Downloader.Qoologic.at : Renset med backup
C:\Programmer\Fælles filer\InetGet\mc-110-12-0000137.exe -> Dropper.Agent.aac : Renset med backup
C:\Programmer\Fælles filer\InetGet\mc-110-12-0000228.exe -> Dropper.Agent.aac : Renset med backup
C:\Programmer\Fælles filer\Windows\mc-110-12-0000137.exe -> Dropper.Agent.aac : Renset med backup
C:\Programmer\Fælles filer\Windows\mc-110-12-0000228.exe -> Dropper.Agent.aac : Renset med backup
C:\Programmer\Fælles filer\Windows\services32.exe -> Adware.Maxifiles : Renset med backup
C:\Programmer\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Renset med backup
C:\Programmer\outlook\outlook.exe -> Worm.VB.dw : Renset med backup
C:\Programmer\outlook\p.zip/Setup.exe -> Worm.VB.dw : Fejl under renselse
C:\Programmer\outlook\v.tmp -> Worm.VB.dw : Renset med backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0034965.exe -> Worm.VB.dw : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0034966.exe -> Worm.VB.dw : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035210.exe -> Downloader.VB.wd : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035213.exe -> Downloader.VB.wd : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035214.exe -> Downloader.VB.wr : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP210\A0035263.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP211\A0035308.exe -> Dropper.Agent.aac : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP211\A0035309.exe -> Dropper.Agent.aac : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP211\A0035312.dll -> Adware.Softomate : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035368.exe -> Adware.Maxifiles : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035410.exe -> Adware.AdURL : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035416.dll -> Adware.Ucmore : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035419.dll -> Adware.Ucmore : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035421.exe -> Downloader.VB.ww : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035422.exe -> Trojan.VB.ajj : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035424.exe/UCMTSAIE.DLL -> Adware.Ucmore : Fejl under renselse
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035424.exe/IUCMORE.DLL -> Adware.Ucmore : Fejl under renselse
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035426.exe -> Downloader.Small.buy : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035427.exe -> Downloader.TSUpdate.o : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035428.exe -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035429.exe -> Dropper.Agent.aed : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035432.dll -> Adware.Softomate : Renset med backup
 
The last of the Ewido scanning report

C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035435.dll -> Adware.Ucmore : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035489.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035493.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035494.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035495.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035496.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035497.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035571.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035578.exe -> Adware.Maxifiles : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035581.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035586.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035593.exe -> Adware.Maxifiles : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035596.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035599.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035607.exe -> Adware.Maxifiles : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035611.dll -> Adware.Look2Me : Renset med backup
C:\System Volume Information\_restore{2BB9FEE9-B27F-4B8F-A970-A1E457210B00}\RP213\A0035614.dll -> Adware.Look2Me : Renset med backup
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Renset med backup
C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Renset med backup
C:\WINDOWS\gimmygames10.exe -> Trojan.VB.ajj : Renset med backup
C:\WINDOWS\gimmygames9.exe -> Downloader.VB.ww : Renset med backup
C:\WINDOWS\system32\en0sl1d71.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\fkifs.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\matrig.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot : Renset med backup
C:\WINDOWS\Temp\bw2.com -> Adware.AdURL : Renset med backup
C:\WINDOWS\Temp\Cookies\schmitz@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Renset med backup
C:\WINDOWS\Temp\Cookies\schmitz@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Renset med backup
C:\WINDOWS\Temp\Cookies\schmitz@mediaplex[1].txt -> TrackingCookie.Mediaplex : Renset med backup
C:\WINDOWS\Temp\Cookies\schmitz@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Renset med backup
C:\WINDOWS\Temp\Cookies\schmitz@zedo[2].txt -> TrackingCookie.Zedo : Renset med backup
C:\WINDOWS\U2NobWl0eg\asappsrv.dll -> Adware.CommAd : Renset med backup
C:\WINDOWS\U2NobWl0eg\command.exe -> Adware.CommAd : Renset med backup
C:\WINDOWS\winsysban10.exe -> Hijacker.VB.ld : Renset med backup
C:\WINDOWS\winsysban8.exe -> Hijacker.VB.lg : Renset med backup
C:\WINDOWS\winsysban9.exe -> Hijacker.VB.ld : Renset med backup
C:\WINDOWS\winsysupd10.exe -> Downloader.VB.wg : Renset med backup
C:\WINDOWS\winsysupd8.exe -> Hijacker.StartPage.ahg : Renset med backup
C:\WINDOWS\winsysupd9.exe -> Downloader.VB.wy : Renset med backup


::Rapport slut
 
hi



Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:
BFUonlinescript.jpg


Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

post a new hjt log when finished
 
Hi Illukka

I proceded as you described

The new Hijack log below:


Logfile of HijackThis v1.99.1
Scan saved at 11:17:23, on 25-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Mercora\MercoraClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Andet\HP\Digital Imaging\bin\hpohmr08.exe
C:\Andet\HP\Digital Imaging\bin\hpotdd01.exe
C:\Andet\HP\Digital Imaging\bin\hpoevm08.exe
C:\Andet\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Schmitz\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mercora] "C:\Programmer\Mercora\MercoraClient.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Schmitz\launcher.exe" -inv:bootrun
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - https://sports.centrebet.com/poker/centrebetpokerlauncher.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133189867800
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\r6r6lg9s16.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2NobWl0eg\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
 
hi

Download L2mfix from one of these two locations:

http://www.downloads.subratam.org/l2mfix.exe
http://www.atribune.org/downloads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe,
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
 
Hi

I procedded as you surgested. The Find log is spilt in two:

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
"DllName"="QConGina.dll"
"Logoff"="QConGinaWLEventLogoff"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellCompatibility]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\enpol1731.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{8C513C22-E2AA-1E89-DD37-42E7CBC86D33}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Egenskabsark for multimediefiler"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerstyring"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Sikkerhedsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskabsside for OLE-dokumentfil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rm"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security-side"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Udvidelsen Diskcopy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Gr‘nsefladeudvidelser til Microsoft Windows-netv‘rksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-sk‘rmstyring"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerstyring"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Gr‘nsefladeudvidelser til filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Gr‘nsefladeudvidelse til webudskrift"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontekstmenu til kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Rejsetaske"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-ikon"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Sikkerhedsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-filtype"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto signeringsfiltype"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netv‘rksforbindelser"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netv‘rksforbindelser"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-udvidelser til Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-dataforbindelse"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte opgaver"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Proceslinje og menuen Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›g"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="K›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internettet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="V‘rkt›jslinje til Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Webs›gning"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Redigeringsboks til adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-oversigtstjeneste"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Oversigt"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbillede til Internet Explorer 4-suiten"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internettet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-cachemappe"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Programstyring"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Opt‘lling af installerede programmer"
 
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Udpakning af miniaturer til GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Dokumentinfo om miniaturehandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Udpakning af HTML-miniaturer"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Guiden Webudgivelse"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestil billedudskrift over World Wide Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objekt til guiden Webudgivelse"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Guiden F† et Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brugerkonti"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Genvej til kanal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappen Offlinefiler"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Efter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmapper"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{1025FE60-06E6-4C4B-B39D-B80F114450C4}"=""
"{003F242D-174D-49AA-B5B7-73C91961E791}"=""
"{CBB50CDC-E2C8-41BF-90CB-F3601A72EA97}"=""
"{DB01F429-D63F-44F7-AD90-FB21226DA194}"=""
"{71CF011A-D922-4569-AEF1-A18346B3ED00}"=""
"{D9C6115F-7230-405B-AB18-837D40D8C2A4}"=""
"{3B2F1AEB-7F7D-40B6-930E-5DA9640CC675}"=""
"{CF3F9317-0768-4D9A-99DC-6D23304385FB}"=""
"{5B76BF3F-0F1D-42BE-8EFF-862ED0D7046E}"=""
"{5109A8C1-9515-4105-A28B-C33257D344B5}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{003F242D-174D-49AA-B5B7-73C91961E791}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{003F242D-174D-49AA-B5B7-73C91961E791}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{003F242D-174D-49AA-B5B7-73C91961E791}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{003F242D-174D-49AA-B5B7-73C91961E791}\InprocServer32]
@="C:\\WINDOWS\\system32\\cYbinet.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DB01F429-D63F-44F7-AD90-FB21226DA194}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DB01F429-D63F-44F7-AD90-FB21226DA194}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DB01F429-D63F-44F7-AD90-FB21226DA194}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DB01F429-D63F-44F7-AD90-FB21226DA194}\InprocServer32]
@="C:\\WINDOWS\\system32\\wnaueng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{71CF011A-D922-4569-AEF1-A18346B3ED00}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71CF011A-D922-4569-AEF1-A18346B3ED00}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71CF011A-D922-4569-AEF1-A18346B3ED00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71CF011A-D922-4569-AEF1-A18346B3ED00}\InprocServer32]
@="C:\\WINDOWS\\system32\\jepl400.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D9C6115F-7230-405B-AB18-837D40D8C2A4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9C6115F-7230-405B-AB18-837D40D8C2A4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9C6115F-7230-405B-AB18-837D40D8C2A4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9C6115F-7230-405B-AB18-837D40D8C2A4}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3B2F1AEB-7F7D-40B6-930E-5DA9640CC675}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B2F1AEB-7F7D-40B6-930E-5DA9640CC675}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B2F1AEB-7F7D-40B6-930E-5DA9640CC675}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B2F1AEB-7F7D-40B6-930E-5DA9640CC675}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CF3F9317-0768-4D9A-99DC-6D23304385FB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF3F9317-0768-4D9A-99DC-6D23304385FB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF3F9317-0768-4D9A-99DC-6D23304385FB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF3F9317-0768-4D9A-99DC-6D23304385FB}\InprocServer32]
@="C:\\WINDOWS\\system32\\sPmlib.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5B76BF3F-0F1D-42BE-8EFF-862ED0D7046E}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{5B76BF3F-0F1D-42BE-8EFF-862ED0D7046E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B76BF3F-0F1D-42BE-8EFF-862ED0D7046E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B76BF3F-0F1D-42BE-8EFF-862ED0D7046E}\InprocServer32]
@="C:\\WINDOWS\\system32\\ltcalui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5109A8C1-9515-4105-A28B-C33257D344B5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5109A8C1-9515-4105-A28B-C33257D344B5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5109A8C1-9515-4105-A28B-C33257D344B5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5109A8C1-9515-4105-A28B-C33257D344B5}\InprocServer32]
@="C:\\WINDOWS\\system32\\dbser.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
bszip.dll Sun 19 Feb 2006 17.43.22 A.... 62.464 61,00 K
dbser.dll Wed 1 Mar 2006 17.35.04 ..S.R 235.307 229,79 K
en8ql1~1.dll Wed 1 Mar 2006 9.07.42 ..S.R 233.936 228,45 K
enpol1~1.dll Wed 1 Mar 2006 8.58.42 ..S.R 235.307 229,79 K
gdi32.dll Thu 29 Dec 2005 3.56.06 A.... 280.064 273,50 K
s32evnt1.dll Tue 31 Jan 2006 14.35.34 A.... 91.904 89,75 K
shdocvw.dll Thu 1 Dec 2005 4.33.22 A.... 1.492.480 1,42 M
webclnt.dll Wed 4 Jan 2006 4.36.24 A.... 68.096 66,50 K
wmp.dll Tue 6 Dec 2005 6.02.16 A.... 5.533.696 5,28 M

9 items found: 9 files (3 H/S), 0 directories.
Total of file sizes: 8.233.254 bytes 7,85 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
atmtdd~1.tmp Fri 24 Feb 2006 18.32.36 A.... 0 0,00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 0 bytes 0,00 K
**********************************************************************************
Directory Listing of system files:
Disken i drev C er IBM_PRELOAD
Diskens serienummer er 90EC-D5E2

Indhold af C:\WINDOWS\System32

01-03-2006 17:35 235.307 dbser.dll
01-03-2006 09:07 233.936 en8ql1l51.dll
01-03-2006 08:58 235.307 enpol1731.dll
17-02-2006 18:43 <DIR> dllcache
06-03-2003 22:16 <DIR> Microsoft
21-03-2001 14:34 244.232 Msflxgrd.ocx
4 fil(er) 948.782 byte
2 mappe(r) 6.134.951.936 byte ledig
 
hi

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.
 
Hi

The log is not very long but this is it. And after the Hijackthis



L2mfix 010406
Creating Account.
Kommandoen blev udf›rt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 62%)






Logfile of HijackThis v1.99.1
Scan saved at 16:26:54, on 02-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Mercora\MercoraClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Andet\HP\Digital Imaging\bin\hpohmr08.exe
C:\Andet\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\acs.exe
C:\Andet\HP\Digital Imaging\bin\hpoevm08.exe
C:\Andet\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Schmitz\Skrivebord\hijackthis\HijackThis.exe
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mercora] "C:\Programmer\Mercora\MercoraClient.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Schmitz\launcher.exe" -inv:bootrun
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - https://sports.centrebet.com/poker/centrebetpokerlauncher.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133189867800
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\enr2l19o1.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
 
hi

for some reason the fix seems to have failed :(

lets try again, before attempting the fix check the foolowing things:

click start>run >type services.msc and hit enter
locate socndary logon service, make sure its set to automatic

then disable the real time protection of your antivirus, your anti spyware and ewido

then run the fix again

post the new logs too
 
Hi

I can't get the I2Mfix running any better with the real time protection disabled. So the log hasn't changed. While the I2mfix is running, one can follow the progress on screen, it writes something about missing files in C:\windows\system32\second.bat and C:\windows\system32\log.txt. Maybe you can use this information.

I have put the i2mfix and Hijackthis log down below just in case.

L2mfix 010406
Creating Account.
Kommandoen blev udf›rt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/notibac.reg (164 bytes security) (deflated 87%)


Logfile of HijackThis v1.99.1
Scan saved at 16:35:07, on 04-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Mercora\MercoraClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Andet\HP\Digital Imaging\bin\hpohmr08.exe
C:\Andet\HP\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Andet\HP\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\acs.exe
C:\Andet\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Octoshape Streaming Services\Schmitz\octoprogram-L03-N00_0V_900\OctoshapeClient.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Schmitz\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mercora] "C:\Programmer\Mercora\MercoraClient.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Schmitz\launcher.exe" -inv:bootrun
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Andet\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - https://sports.centrebet.com/poker/centrebetpokerlauncher.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133189867800
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\k0js0a17ed.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
 
hi

tell me which language version of windows you have ? i assume danish or norwegian ?

what is the name of the administrators-group in your language ?
the look2me fixes have had difficulties with non english versions of windows..

if we cant get it to work we must attempt a manual fix

will you be online later tonite ? my time currently is 08.40 ..
 
Status
Not open for further replies.
Back
Top