Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Virus infection. Search engine and homepages blocked

[Fixed] Hijackthis! Logs - Virus infection. Search engine and homepages blocked posted in the Security & Safety forums; I'm joining the crowd of people that have been posting recently about a virus attacks that results in search engines and certain webpages being blocked from use. Now I've run ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 06-22-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Experienced
Cruiser - See this Members User comments on their Profile page
Default Virus infection. Search engine and homepages blocked
I'm joining the crowd of people that have been posting recently about a virus attacks that results in search engines and certain webpages being blocked from use.

Now I've run a handful of different programs to kill the virus. Kaspersky, AVG, Trendmicro's housecall and Add-aware have all been brought to bear against this virus, and seemingly it is gone from the system, but it's alterations to the browsers remains.

Like I said I've already seen there's a handful of threads on the same problem allready, but it seems that the solution varies from computer to computer, so I'm gonna have to make a thread of my own.

Got a good handful of logs ready:

This is Hijack This's log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51, on 2008-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Programmer\Cyberlink\Shared Files\brs.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\UPHClean\uphclean.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.ex e"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language .exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programmer\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.ex e"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [BM47caaa9f] Rundll32.exe "C:\WINDOWS\system32\uiaqfovw.dll",s
O4 - HKLM\..\Run: [44f99903] rundll32.exe "C:\WINDOWS\system32\ykigwgpp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 8763 bytes

Next, the log from ComboFix:

ComboFix 08-06-20.4 - Christian 2008-06-22 19:54:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.1462 [GMT 2:00]
Running from: C:\Documents and Settings\Christian\skrivebord\cf.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM47caaa9f.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\hdbjuact.ini
C:\WINDOWS\system32\hgMSDfhk.ini
C:\WINDOWS\system32\hgMSDfhk.ini2
C:\WINDOWS\system32\khfDSMgh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\rncamstb.ini
C:\WINDOWS\system32\aawuwpwx.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-22 20:11 . 2008-06-22 20:11 22 --a------ C:\WINDOWS\pskt.ini
2008-06-22 20:11 . 2008-06-22 20:11 0 --a------ C:\WINDOWS\BM47caaa9f.xml
2008-06-22 19:14 . 2008-06-22 19:14 <DIR> d-------- C:\Programmer\Trend Micro
2008-06-22 15:53 . 2008-06-22 17:50 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-22 15:49 . 2008-06-22 15:51 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-22 15:49 . 2008-06-22 15:49 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-22 15:49 . 2008-06-22 15:49 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-22 15:49 . 2008-06-22 15:49 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-22 15:48 . 2008-06-22 15:48 <DIR> d-------- C:\Programmer\AVG
2008-06-22 15:48 . 2008-06-22 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-22 15:16 . 2008-06-22 15:16 <DIR> d---s---- C:\Documents and Settings\Christian\UserData
2008-06-22 11:24 . 2008-06-22 11:24 99,328 --a------ C:\WINDOWS\system32\ivsjhpho.dll
2008-06-22 11:22 . 2008-06-22 11:22 80,384 --a------ C:\WINDOWS\system32\tcaujbdh.dll
2008-06-22 11:21 . 2008-06-22 11:21 90,624 --a------ C:\WINDOWS\system32\laxtghag.dll
2008-06-21 23:45 . 2008-06-21 23:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-21 23:44 . 2008-06-21 23:46 <DIR> d-------- C:\Documents and Settings\Christian\.housecall6.6
2008-06-21 10:36 . 2008-06-21 10:36 99,328 --a------ C:\WINDOWS\system32\ldwtlpwk.dll
2008-06-21 10:33 . 2008-06-21 10:33 90,112 --a------ C:\WINDOWS\system32\gkavpyln.dll
2008-06-21 10:21 . 2008-06-21 10:21 24,576 --a------ C:\WINDOWS\system32\fccccBRI.dll
2008-06-20 22:27 . 2008-06-20 22:27 24,576 --a------ C:\WINDOWS\system32\ssqRLBsp.dll
2008-06-20 22:27 . 2008-06-20 22:27 24,576 --a------ C:\WINDOWS\system32\ssqpoPjj.dll
2008-06-20 22:26 . 2008-06-20 22:26 24,576 --a------ C:\WINDOWS\system32\hgGaxuTk.dll
2008-06-20 22:26 . 2008-06-20 22:26 24,576 --a------ C:\WINDOWS\system32\byXQGyyv.dll
2008-06-17 19:40 . 2008-06-17 19:40 <DIR> d-------- C:\Documents and Settings\Art Movies\Practical Light and Color
2008-06-17 14:53 . 2008-06-17 14:53 <DIR> d-------- C:\Programmer\AutoGK
2008-06-17 14:53 . 2008-06-17 14:53 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-06-17 14:42 . 2008-06-17 14:51 <DIR> d-------- C:\Programmer\GordianKnot
2008-06-17 12:34 . 2008-06-17 12:34 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\zweitgeist
2008-06-17 12:30 . 2008-06-17 12:41 <DIR> d-------- C:\Programmer\Xvid
2008-06-17 12:30 . 2008-04-02 22:37 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-14 13:38 . 2008-06-14 14:01 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\Hamachi
2008-06-14 13:37 . 2008-06-14 13:38 <DIR> d-------- C:\Programmer\Hamachi
2008-06-14 13:37 . 2008-06-14 13:37 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-11 16:06 . 2008-06-11 16:06 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\ArcSoft
2008-06-11 15:54 . 2008-06-14 20:00 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 23:53 . 2008-06-08 23:53 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-08 17:28 . 2008-06-08 17:28 <DIR> d-------- C:\Programmer\K-Lite Codec Pack
2008-06-08 17:28 . 2008-04-27 10:47 770,048 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-08 17:28 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-06-08 17:28 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-08 17:28 . 2008-04-27 11:10 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-08 17:28 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-08 17:28 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-08 17:28 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-08 17:28 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-06-07 14:15 . 2008-06-07 14:15 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\RTPlayer
2008-06-07 13:36 . 2008-06-07 13:36 <DIR> d-------- C:\Programmer\PixiePack Codec Pack
2008-06-07 13:36 . 2008-06-07 14:16 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\Tunebite
2008-06-07 13:36 . 2008-02-20 13:47 27,936 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2008-06-07 13:35 . 2008-06-07 13:35 <DIR> d-------- C:\Programmer\RapidSolution
2008-06-07 13:35 . 2008-06-07 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-06-03 21:02 . 2008-06-03 21:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Dokumenter
2008-06-03 19:30 . 2004-08-26 17:53 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-03 19:30 . 2001-10-04 17:07 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-02 19:10 . 2008-06-02 19:10 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\drms
2008-06-01 17:49 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpD4.tmp
2008-06-01 17:49 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpD3.tmp
2008-06-01 17:49 . 2008-06-01 17:49 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-01 17:49 . 2008-06-01 17:49 109,080 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-01 17:27 . 2008-06-01 17:27 <DIR> d-------- C:\Programmer\Codemasters
2008-05-31 14:43 . 2008-05-31 14:43 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2008-05-31 14:42 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\system32\tmp288.tmp
2008-05-31 13:04 . 2008-04-17 12:06 3,768 --a------ C:\WINDOWS\system32\drivers\CamdVideo32.sys
2008-05-31 01:03 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\system32\tmp2F.tmp
2008-05-31 01:03 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\system32\tmp2E.tmp
2008-05-30 23:46 . 2008-05-30 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-05-30 23:38 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\system32\tmp16D.tmp
2008-05-30 23:38 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\system32\tmp16C.tmp
2008-05-30 23:33 . 2008-05-30 23:33 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2008-05-30 23:33 . 2008-05-30 23:33 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_010 05.Wdf
2008-05-30 21:22 . 2008-05-31 14:27 <DIR> d-------- C:\Programmer\Morgan
2008-05-30 21:22 . 2002-11-18 17:02 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2008-05-30 21:18 . 2008-05-30 21:18 56 -r-hs---- C:\WINDOWS\system32\DE2A04568E.sys
2008-05-30 21:15 . 2008-06-17 14:53 <DIR> d-------- C:\Programmer\Gabest
2008-05-30 20:53 . 2008-06-17 14:53 <DIR> d-------- C:\Programmer\AviSynth 2.5
2008-05-30 19:22 . 2008-05-30 19:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-30 19:22 . 2008-05-30 19:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-30 19:22 . 2008-05-30 19:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-30 19:19 . 2008-05-30 19:19 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-30 19:19 . 2008-05-30 19:19 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-29 21:04 . 2008-05-29 21:04 <DIR> d-------- C:\Programmer\PCPitstop
2008-05-27 22:49 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-05-25 19:50 . 2008-05-25 19:51 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\GetRightToGo
2008-05-25 19:17 . 2008-05-25 19:32 228 --a------ C:\WINDOWS\PowerReg.dat
2008-05-25 19:15 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-05-24 10:48 . 2008-05-24 10:48 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-05-24 10:03 . 2008-05-30 23:38 <DIR> d-------- C:\Programmer\OpenAL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-22 18:12 31,419,168 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-22 18:11 1,074,720 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-22 18:11 --------- d-----w C:\Documents and Settings\Christian\Application Data\WTablet
2008-06-22 18:01 424,688 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-22 18:01 104,864 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-22 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-22 09:28 --------- d-----w C:\Programmer\Kaspersky Lab
2008-06-21 09:01 --------- d-----w C:\Documents and Settings\Christian\Application Data\uTorrent
2008-06-19 15:43 --------- d-----w C:\Programmer\DC++
2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 16:44 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-14 16:43 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-11 14:07 --------- d-----w C:\Documents and Settings\Christian\Application Data\Canon
2008-06-10 17:58 --------- d-----w C:\Programmer\THQ
2008-06-08 15:16 --------- d-----w C:\Documents and Settings\Christian\Application Data\DivX
2008-06-08 15:12 --------- d-----w C:\Programmer\DivX
2008-06-07 15:52 --------- d-----w C:\Programmer\Steam
2008-06-01 15:54 --------- d-----w C:\Programmer\SystemRequirementsLab
2008-06-01 15:27 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-05-31 12:43 --------- d-----w C:\Programmer\Real
2008-05-30 19:18 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-29 17:55 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 17:16 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 17:16 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-20 17:31 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-05-19 20:02 --------- d-----w C:\Documents and Settings\Christian\Application Data\SystemRequirementsLab
2008-05-10 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-09 17:04 --------- d-----w C:\Programmer\Winamp Remote
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 20:57 --------- d-----w C:\Programmer\EphPod
2008-05-05 20:37 --------- d-----w C:\Programmer\iTunes
2008-05-05 20:37 --------- d-----w C:\Documents and Settings\Christian\Application Data\Apple Computer
2008-05-05 20:36 --------- d-----w C:\Programmer\iPod
2008-05-05 20:36 --------- d-----w C:\Programmer\Fælles filer\Apple
2008-05-05 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-30 05:42 3,532 ----a-w C:\drmHeader.bin
2008-04-21 07:03 660,992 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-08 13:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 22:39 1 ----a-w C:\Documents and Settings\Christian\SI.bin
2008-01-18 15:12 22,328 ----a-w C:\Documents and Settings\Christian\Application Data\PnkBstrK.sys
2008-01-13 01:17 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2008-01-13 23:06 8 --sha-w C:\WINDOWS\system32\315FB34F15.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27CAA332-9356-4866-A1C7-7D9AA1F2EFF1}]
2008-06-22 20:16 323072 --a------ C:\WINDOWS\system32\yayaWQgE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{585c38c9-d387-4b4c-959f-84089fdcff4e}]
2008-06-22 11:24 99328 --a------ C:\WINDOWS\system32\ivsjhpho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}]
2008-06-20 22:26 24576 --a------ C:\WINDOWS\system32\hgGaxuTk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 18:53 15360]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"AnyDVD"="C:\Programmer\SlySoft\AnyDVD\AnyDVD. exe" [2008-01-18 22:30 1649600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_ 05\bin\jusched.exe" [2008-02-22 05:25 144784]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-03 23:32 455168]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-03 23:31 59392]
"LanguageShortcut"="C:\Programmer\CyberLink\PowerD VD\Language\Language.exe" [2007-10-11 13:06 62760]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" [2004-08-03 23:32 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE " [2001-10-09 14:00 44032]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 00:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2005-08-08 00:10 16384 C:\WINDOWS\CTHELPER.EXE]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-04 22:33 626176]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 11:32 880640]
"BDRegion"="C:\Programmer\Cyberlink\Shared Files\brs.exe" [2007-11-16 20:20 91432]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 12:19 1426432]
"OpwareSE2"="C:\Programmer\ScanSoft\OmniPageSE2.0\ OpwareSE2.exe" [2003-05-08 12:00 49152]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2008-05-03 05:46 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-22 15:48 1177368]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-26 18:53 158720]
"AVP"="C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"BM47caaa9f"="C:\WINDOWS\system32\uiaqfovw.dll " [2008-06-22 20:19 90624]
"44f99903"="C:\WINDOWS\system32\ykigwgpp.dll" [2008-06-22 20:19 80384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 18:53 15360]

C:\Documents and Settings\Christian\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{F86B11F3-0CE1-475F-9541-5329BF7B3597}"= C:\WINDOWS\system32\hgGaxuTk.dll [2008-06-20 22:26 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaxuTk]
hgGaxuTk.dll 2008-06-20 22:26 24576 C:\WINDOWS\system32\hgGaxuTk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adi alhk.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\yayaWQgE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\44f99903]
--a------ 2008-06-22 11:22 80384 C:\WINDOWS\system32\tcaujbdh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM47caaa9f]
--a------ 2008-06-22 11:21 90624 C:\WINDOWS\system32\laxtghag.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
C:\Programmer\RapidSolution\Tunebite\Tunebite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneClone]
C:\Programmer\TuneClone\TuneClone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\games\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmer\\uTorrent\\uTorrent.exe"=
"C:\\Programmer\\CyberLink\\PowerDVD\\PowerDVD.exe "=
"C:\\Programmer\\DC++\\DCPlusPlus.exe"=
"C:\\Programmer\\Steam\\steamapps\\psunesen@hotmai l.com\\sin episodes emergence\\SinEpisodes.exe"=
"C:\\games\\Company of heroes\\RelicCOH.exe"=
"C:\\Programmer\\Steam\\steamapps\\psunesen@hotmai l.com\\team fortress 2\\hl2.exe"=
"C:\\Programmer\\Autodesk\\Maya2008\\bin\\maya.exe "=
"C:\\Programmer\\Stardock\\TotalGaming\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Programmer\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"C:\\Programmer\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"C:\\Programmer\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Programmer\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Programmer\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\games\\Battlefield 2\\BF2.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Programmer\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Programmer\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\games\\Defcon\\defcon.exe"=
"C:\\Programmer\\Codemasters\\GRID\\GRID.exe"=
"C:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmer\\THQ\\Company of Heroes - Balance Playtest\\RelicCOH.exe"=
"E:\\Tegnemappe\\opencanvas.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows peer-til-peer-gruppering
"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)
"88:UDP"= 88:UDP:Xbox 360
"3074:UDP"= 3074:UDP:Xbox 360
"3074:TCP"= 3074:TCP:Xbox 360
"10280:TCP"= 10280:TCP:Xbox 360
"10281:TCP"= 10281:TCP:Xbox 360
"10282:TCP"= 10282:TCP:Xbox 360
"10283:TCP"= 10283:TCP:Xbox 360

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-22 15:49]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Programmer\CyberLink\PowerDVD\000 .fcl [2007-11-03 01:12]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-22 15:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-22 15:48]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-22 15:49]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\s ystem32\Wacom_Tablet.exe [2007-09-07 12:40]
R3 CamdVideo32;CamdVideo32;C:\WINDOWS\system32\DRIVER S\CamdVideo32.sys [2008-04-17 12:06]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 23:54]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilte r.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]
S0 tclondrv;tclondrv;C:\WINDOWS\system32\DRIVERS\tclo ndrv.sys []
S3 CamdDriverV32;CamdDriverV32;C:\WINDOWS\system32\dr ivers\CamdDriverV32.sys []
S3 p2pgasvc;Gruppegodkendelse på peer-netværk;C:\WINDOWS\System32\svchost.exe [2004-08-26 18:53]
S3 p2pimsvc;Identitetsstyring for peer-netværk;C:\WINDOWS\System32\svchost.exe [2004-08-26 18:53]
S3 p2psvc;Peer-netværk;C:\WINDOWS\System32\svchost.exe [2004-08-26 18:53]
S3 PNRPSvc;PNRP (Peer Name Resolution Protocol);C:\WINDOWS\System32\svchost.exe [2004-08-26 18:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Programmer\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-05 12:39:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 17:30:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
  #2  
Old 06-22-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Experienced
Cruiser - See this Members User comments on their Profile page
Default Re: Virus infection. Search engine and homepages blocked
In continuation:

This is the log from Deckard's System Scanner:

Deckard's System Scanner v20071014.68
Run by Christian on 2008-06-22 20:47:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-22 18:47:25 UTC - RP261 - Systemkontrolpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Christian.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48, on 2008-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Programmer\Cyberlink\Shared Files\brs.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\UPHClean\uphclean.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Christian\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Christian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {27CAA332-9356-4866-A1C7-7D9AA1F2EFF1} - C:\WINDOWS\system32\yayaWQgE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {a14d3e49-39ac-ebd9-82b4-b7e80b98ae49} - {94ea89b0-8e7b-4b28-9dbe-ca9394e3d41a} - C:\WINDOWS\system32\mtjkcmlm.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - C:\WINDOWS\system32\hgGaxuTk.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.ex e"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language .exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programmer\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.ex e"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [BM47caaa9f] Rundll32.exe "C:\WINDOWS\system32\uiaqfovw.dll",s
O4 - HKLM\..\Run: [44f99903] rundll32.exe "C:\WINDOWS\system32\ykigwgpp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: hgGaxuTk - C:\WINDOWS\SYSTEM32\hgGaxuTk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 9561 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NetworkX - c:\windows\system32\ckldrv.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R3 CamdVideo32 - c:\windows\system32\drivers\camdvideo32.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S0 tclondrv - c:\windows\system32\drivers\tclondrv.sys (file missing)
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys (file missing)
S3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys (file missing)
S3 CamdDriverV32 - c:\windows\system32\drivers\camddriverv32.sys (file missing)
S3 catchme - c:\cf\catchme.sys (file missing)
S3 SenFiltService (SenFilt Service) - c:\windows\system32\drivers\senfilt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\programmer\fælles filer\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - c:\programmer\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Crypkey License - crypserv.exe <Not Verified; CrypKey (Canada) Ltd.; CrypKey Software Licensing System>
R2 UPHClean (User Profile Hive Cleanup) - c:\programmer\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
S3 FLEXnet Licensing Service - "c:\programmer\fælles filer\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&625 283&0&00E5
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&625 283&0&00E5
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-netværkskort
Device ID: V1394\NIC1394\16B031E8C00
Manufacturer: Microsoft
Name: 1394-netværkskort
PNP Device ID: V1394\NIC1394\16B031E8C00
Service: NIC1394

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-tastatur eller Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&B6AFFD&0
Manufacturer: (Standardtastaturer)
Name: Standard 101/102-tastatur eller Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&B6AFFD&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-06-22 20:30:00 264 --a------ C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
2008-06-05 14:39:01 278 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 20:22:17 99328 --a------ C:\WINDOWS\system32\mtjkcmlm.dll
2008-06-22 20:19:19 80384 --a------ C:\WINDOWS\system32\ykigwgpp.dll
2008-06-22 20:19:05 90624 --a------ C:\WINDOWS\system32\uiaqfovw.dll
2008-06-22 20:16:15 531442 --ahs---- C:\WINDOWS\system32\EgQWayay.ini2
2008-06-22 20:16:04 323072 --a------ C:\WINDOWS\system32\yayaWQgE.dll
2008-06-22 19:58:59 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-22 19:53:38 68096 --a------ C:\WINDOWS\zip.exe
2008-06-22 19:53:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-22 19:53:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-22 19:53:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-22 19:53:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-22 19:53:38 98816 --a------ C:\WINDOWS\sed.exe
2008-06-22 19:53:38 80412 --a------ C:\WINDOWS\grep.exe
2008-06-22 19:53:38 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-22 19:53:33 0 d-------- C:\CF
2008-06-22 19:14:10 0 d-------- C:\Programmer\Trend Micro
2008-06-22 15:53:58 0 d--h----- C:\$AVG8.VAULT$
2008-06-22 15:49:04 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-22 15:48:53 0 d-------- C:\Programmer\AVG
2008-06-22 15:48:52 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-22 15:16:27 0 d---s---- C:\Documents and Settings\Christian\UserData
2008-06-22 11:24:37 99328 --a------ C:\WINDOWS\system32\ivsjhpho.dll
2008-06-22 11:22:03 80384 --a------ C:\WINDOWS\system32\tcaujbdh.dll
2008-06-22 11:21:56 90624 --a------ C:\WINDOWS\system32\laxtghag.dll
2008-06-21 23:44:37 0 d-------- C:\Documents and Settings\Christian\.housecall6.6
2008-06-21 10:36:35 99328 --a------ C:\WINDOWS\system32\ldwtlpwk.dll
2008-06-21 10:33:34 90112 --a------ C:\WINDOWS\system32\gkavpyln.dll
2008-06-21 10:21:39 24576 --a------ C:\WINDOWS\system32\fccccBRI.dll
2008-06-20 22:27:31 24576 --a------ C:\WINDOWS\system32\ssqpoPjj.dll
2008-06-20 22:27:21 24576 --a------ C:\WINDOWS\system32\ssqRLBsp.dll
2008-06-20 22:26:59 24576 --a------ C:\WINDOWS\system32\byXQGyyv.dll
2008-06-20 22:26:37 24576 --a------ C:\WINDOWS\system32\hgGaxuTk.dll
2008-06-17 14:53:37 43698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-06-17 14:53:11 0 d-------- C:\Programmer\AutoGK
2008-06-17 14:42:07 0 d-------- C:\Programmer\GordianKnot
2008-06-17 12:34:21 0 d-------- C:\Documents and Settings\Christian\Application Data\zweitgeist
2008-06-17 12:30:39 0 d-------- C:\Programmer\Xvid
2008-06-14 13:38:16 0 d-------- C:\Documents and Settings\Christian\Application Data\Hamachi
2008-06-14 13:37:56 0 d-------- C:\Programmer\Hamachi
2008-06-11 16:06:26 0 d-------- C:\Documents and Settings\Christian\Application Data\ArcSoft
2008-06-08 23:53:30 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-08 17:28:41 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-06-08 17:28:41 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-08 17:28:41 770048 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-08 17:28:40 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-08 17:28:39 0 d-------- C:\Programmer\K-Lite Codec Pack
2008-06-07 14:15:35 0 d-------- C:\Documents and Settings\Christian\Application Data\RTPlayer
2008-06-07 13:36:35 0 d-------- C:\Programmer\PixiePack Codec Pack
2008-06-07 13:36:15 0 d-------- C:\Documents and Settings\Christian\Application Data\Tunebite
2008-06-07 13:35:36 0 d-------- C:\Programmer\RapidSolution
2008-06-07 13:35:36 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-06-03 21:02:54 0 d-------- C:\Documents and Settings\NetworkService\Dokumenter
2008-06-02 19:10:59 0 d-------- C:\Documents and Settings\Christian\Application Data\drms
2008-06-02 19:10:24 0 d-------- C:\Documents and Settings\Christian\My Documents
2008-06-01 18:00:27 0 d-------- C:\WINDOWS\nvidia icons
2008-06-01 17:27:15 0 d-------- C:\Programmer\Codemasters
2008-05-31 14:43:09 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2008-05-31 13:04:34 3768 --a------ C:\WINDOWS\system32\drivers\CamdVideo32.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-05-30 23:46:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-05-30 21:22:38 40960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2008-05-30 21:22:38 0 d-------- C:\Programmer\Morgan
2008-05-30 21:18:39 56 -r-hs---- C:\WINDOWS\system32\DE2A04568E.sys
2008-05-30 21:15:44 0 d-------- C:\Programmer\Gabest
2008-05-30 20:53:33 0 d-------- C:\Programmer\AviSynth 2.5
2008-05-30 19:22:22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-30 19:18:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-30 19:18:56 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-30 19:18:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:18:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:18:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:18:48 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:18:48 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:18:00 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-29 21:04:11 0 d-------- C:\Programmer\PCPitstop
2008-05-27 22:49:11 0 d--h----- C:\ckis
2008-05-25 19:50:59 0 d-------- C:\Documents and Settings\Christian\Application Data\GetRightToGo
2008-05-25 19:17:08 228 --a------ C:\WINDOWS\PowerReg.dat
2008-05-25 19:15:24 298496 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-05-24 10:48:19 0 d-------- C:\WINDOWS\system32\xlive
2008-05-24 10:03:14 0 d-------- C:\Programmer\OpenAL


-- Find3M Report ---------------------------------------------------------------

2008-06-22 20:11:33 0 d-------- C:\Documents and Settings\Christian\Application Data\WTablet
2008-06-22 11:28:22 0 d-------- C:\Programmer\Kaspersky Lab
2008-06-21 11:01:52 0 d-------- C:\Documents and Settings\Christian\Application Data\uTorrent
2008-06-19 17:43:29 0 d-------- C:\Programmer\DC++
2008-06-18 07:28:11 0 d-------- C:\Documents and Settings\Christian\Application Data\Mozilla
2008-06-17 14:56:49 609 --a------ C:\Documents and Settings\Christian\Application Data\AutoGK.ini
2008-06-11 16:07:40 0 d-------- C:\Documents and Settings\Christian\Application Data\Canon
2008-06-10 19:58:52 0 d-------- C:\Programmer\THQ
2008-06-08 17:16:48 0 d-------- C:\Documents and Settings\Christian\Application Data\DivX
2008-06-08 17:12:27 0 d-------- C:\Programmer\DivX
2008-06-07 17:52:09 0 d-------- C:\Programmer\Steam
2008-06-01 17:54:09 0 d-------- C:\Programmer\SystemRequirementsLab
2008-06-01 17:27:14 0 d--h----- C:\Programmer\InstallShield Installation Information
2008-05-31 14:43:05 0 d-------- C:\Programmer\Real
2008-05-30 21:18:39 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-20 21:28:38 0 d-------- C:\Documents and Settings\Christian\Application Data\Adobe
2008-05-20 19:31:47 0 d-------- C:\Programmer\Fælles filer\Adobe
2008-05-19 22:02:11 0 d-------- C:\Documents and Settings\Christian\Application Data\SystemRequirementsLab
2008-05-09 19:04:08 0 d-------- C:\Programmer\Winamp Remote
2008-05-05 22:57:48 0 d-------- C:\Programmer\EphPod
2008-05-05 22:37:10 0 d-------- C:\Documents and Settings\Christian\Application Data\Apple Computer
2008-05-05 22:37:04 0 d-------- C:\Programmer\iTunes
2008-05-05 22:36:55 0 d-------- C:\Programmer\iPod
2008-05-05 22:36:30 0 d-------- C:\Programmer\Fælles filer
2008-05-05 22:36:30 0 d-------- C:\Programmer\Fælles filer\Apple
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-30 07:42:39 3532 --a------ C:\drmHeader.bin
2008-04-12 03:02:08 421306 --a------ C:\WINDOWS\system32\perfh006.dat
2008-04-12 03:02:08 75032 --a------ C:\WINDOWS\system32\perfc006.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27CAA332-9356-4866-A1C7-7D9AA1F2EFF1}]
2008-06-22 20:16 323072 --a------ C:\WINDOWS\system32\yayaWQgE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94ea89b0-8e7b-4b28-9dbe-ca9394e3d41a}]
2008-06-22 20:22 99328 --a------ C:\WINDOWS\system32\mtjkcmlm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}]
2008-06-20 22:26 24576 --a------ C:\WINDOWS\system32\hgGaxuTk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_ 05\bin\jusched.exe" [2008-02-22 05:25]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-03 23:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-03 23:32]
"nwiz"="nwiz.exe" [2008-05-03 05:46 C:\WINDOWS\system32\nwiz.exe]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-03 23:31]
"LanguageShortcut"="C:\Programmer\CyberLink\PowerD VD\Language\Language.exe" [2007-10-11 13:06]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-03 23:32]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE " [2001-10-09 14:00]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 00:10 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2005-08-08 00:10 C:\WINDOWS\CTHELPER.EXE]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-04 22:33]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 11:32]
"BDRegion"="C:\Programmer\Cyberlink\Shared Files\brs.exe" [2007-11-16 20:20]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 12:19]
"OpwareSE2"="C:\Programmer\ScanSoft\OmniPageSE2.0\ OpwareSE2.exe" [2003-05-08 12:00]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2008-05-03 05:46]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-22 15:48]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-26 18:53]
"AVP"="C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
"BM47caaa9f"="C:\WINDOWS\system32\uiaqfovw.dll " [2008-06-22 20:19]
"44f99903"="C:\WINDOWS\system32\ykigwgpp.dll" [2008-06-22 20:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 18:53]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34]
"AnyDVD"="C:\Programmer\SlySoft\AnyDVD\AnyDVD. exe" [2008-01-18 22:30]

C:\Documents and Settings\Christian\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{F86B11F3-0CE1-475F-9541-5329BF7B3597}"= C:\WINDOWS\system32\hgGaxuTk.dll [2008-06-20 22:26 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaxuTk]
hgGaxuTk.dll 2008-06-20 22:26 24576 C:\WINDOWS\system32\hgGaxuTk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayaWQgE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\44f99903]
rundll32.exe "C:\WINDOWS\system32\tcaujbdh.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM47caaa9f]
Rundll32.exe "C:\WINDOWS\system32\laxtghag.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
C:\Programmer\RapidSolution\Tunebite\Tunebite.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneClone]
C:\Programmer\TuneClone\TuneClone.exe /silence

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Programmer\PixiePack Codec Pack\InstallerHelper.exe



-- End of Deckard's System Scanner: finished at 2008-06-22 20:49:50 ------------
  #3  
Old 06-22-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 7
PC Experience: Experienced
Cruiser - See this Members User comments on their Profile page
Default Re: Virus infection. Search engine and homepages blocked
And finally Deckard's Extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (0406) - see TinyURL.com - shorten that long URL into a Tiny URL

CPU 0: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 2047.04 MiB / 1347.06 MiB
Pagefile Memory (total/avail): 3939.23 MiB / 3328.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 25.28 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 337.77 GiB total, 123.32 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:
\PARTITION1 - Udvidet m. udvidet Int 13 - 337.77 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmer\\Win dows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmer\\Wi ndows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmer\\Win dows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmer\\Wi ndows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\games\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\games\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Programmer\\uTorrent\\uTorrent.exe"="C:\\Prog rammer\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Programmer\\CyberLink\\PowerDVD\\PowerDVD.exe "="C:\\Programmer\\CyberLink\\PowerDVD\\PowerDVD.e xe:*:Enabled:CyberLink PowerDVD"
"C:\\Programmer\\DC++\\DCPlusPlus.exe"="C:\\Progra mmer\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Programmer\\Steam\\steamapps\\psunesen@hotmai l.com\\sin episodes emergence\\SinEpisodes.exe"="C:\\Programmer\\Steam \\steamapps\\psunesen@hotmail.com\\sin episodes emergence\\SinEpisodes.exe:*:Enabled:SinEpisodes"
"C:\\games\\Company of heroes\\RelicCOH.exe"="C:\\games\\Company of heroes\\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"C:\\Programmer\\Steam\\steamapps\\psunesen@hotmai l.com\\team fortress 2\\hl2.exe"="C:\\Programmer\\Steam\\steamapps\\psu nesen@hotmail.com\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Programmer\\Autodesk\\Maya2008\\bin\\maya.exe "="C:\\Programmer\\Autodesk\\Maya2008\\bin\\maya.e xe:*:Enabled:Maya"
"C:\\Programmer\\Stardock\\TotalGaming\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="C:\\Programmer\\Stardock\\TotalGaming \\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS \\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\sys tem32\\ftp.exe:*:Enabled:FTP (filoverførselsprogram)"
"C:\\Programmer\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"="C:\\Programmer\\GlobalSC APE\\CuteFTP 8 Professional\\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\\Programmer\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"="C:\\Program mer\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Sup reme Commander"
"C:\\Programmer\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="C:\\Pr ogrammer\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enable d:GPGNet - Supreme Commander"
"C:\\Programmer\\Messenger\\msmsgs.exe"="C:\\Progr ammer\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"="C:\\ Programmer\\Bonjour\\mDNSResponder.exe:*:Enabled:B onjour"
"C:\\Programmer\\Sierra Entertainment\\World in Conflict\\wic.exe"="C:\\Programmer\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
"C:\\Programmer\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="C:\\Programmer\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\\Programmer\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="C:\\Programmer\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\\games\\Battlefield 2\\BF2.exe"="C:\\games\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Programmer\\iTunes\\iTunes.exe"="C:\\Programm er\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programmer\\Winamp Remote\\bin\\Orb.exe"="C:\\Programmer\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Programmer\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programmer\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Programmer\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme r\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\games\\Defcon\\defcon.exe"="C:\\games\\Defcon \\defcon.exe:*:Enabledefcon"
"C:\\Programmer\\Codemasters\\GRID\\GRID.exe"="C:\ \Programmer\\Codemasters\\GRID\\GRID.exe:*:Enabled :GRID"
"C:\\Programmer\\Mozilla Firefox\\firefox.exe"="C:\\Programmer\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Programmer\\THQ\\Company of Heroes - Balance Playtest\\RelicCOH.exe"="C:\\Programmer\\THQ\\Comp any of Heroes - Balance Playtest\\RelicCOH.exe:*:Enabled:Company of Heroes - Balance Playtest"
"E:\\Tegnemappe\\opencanvas.exe"="E:\\Tegnemappe\\ opencanvas.exe:*:Enabled:opencanvas"
"C:\\Programmer\\AVG\\AVG8\\avgupd.exe"="C:\\Progr ammer\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Programmer\\AVG\\AVG8\\avgemc.exe"="C:\\Progr ammer\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Christian\Application Data
CLASSPATH=.;C:\Programmer\Java\jre1.6.0_05\lib\ext \QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programmer\F‘lles filer
COMPUTERNAME=BLOW-2BGD6TBR1N
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Christian
LOGONSERVER=\\BLOW-2BGD6TBR1N
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\sys tem32\wbem;C:\Programmer\Autodesk\Maya2008\bin;C:\ Programmer\QuickTime\QTSystem;C:\Programmer\F‘lles filer\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Programmer
PROMPT=$P$G
QTJAVA=C:\Programmer\Java\jre1.6.0_05\lib\ext\QTJa va.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp
TMP=C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp
USERDOMAIN=BLOW-2BGD6TBR1N
USERNAME=Christian
USERPROFILE=C:\Documents and Settings\Christian
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Christian (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Programmer\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> C:\Programmer\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Programmer\Fælles filer\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro 2.0 --> msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
Adobe Premiere Pro CS3 --> C:\Programmer\Fælles filer\Adobe\Installers\32fdd767b4383606e8168e834af 5d90\Setup.exe
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AI Suite --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
AnyDVD --> "C:\Programmer\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programmer\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}\setup.exe" -l0x9
µTorrent --> "C:\Programmer\uTorrent\uTorrent.exe" /UNINSTALL
Audiosurf --> "C:\Programmer\Steam\steam.exe" steam://uninstall/12900
Auto Gordian Knot 2.45 --> C:\Programmer\AutoGK\uninst.exe
Autodesk DirectConnect 2.0 --> MsiExec.exe /I{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}
AVG Free 8.0 --> C:\Programmer\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Programmer\AviSynth 2.5\Uninstall.exe"
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Camtasia Studio 5 --> MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
Canon CanoScan Toolbox 4.8 --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}\setup.exe" -l0x9 anything
Company of Heroes --> "C:\games\Company of heroes\Uninstall_English.exe"
Company of Heroes - Balance Playtest --> "C:\Programmer\THQ\Company of Heroes - Balance Playtest\Uninstall_English.exe"
Company of Heroes - FAKEMSI --> MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Corel Painter IX --> MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
Corel Painter X --> C:\Programmer\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp\PainterX.log
Corel Painter X --> MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A}
Creative System Information --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
CryEngine(R)2 Sandbox(TM)2 --> MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
DC++ 0.706 --> "C:\Programmer\DC++\uninstall.exe"
DivX Codec --> C:\Programmer\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Programmer\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Programmer\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Programmer\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Video Converter 7.2.26 --> "C:\Programmer\Easy Video Converter\unins000.exe"
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
FILE RECOVERY for Windows --> C:\Programmer\FILE RECOVERY for Windows\Uninstall.exe
Fraps (remove only) --> "C:\programmer\Fraps\uninstall.exe"
Fremhævelsesvisning (Windows Live Toolbar) --> MsiExec.exe /X{F7ADEBA1-5621-4ED0-80F8-4386D844974C}
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
GRID --> "C:\Programmer\Insta