Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Member
    Join Date
    Mar 2006
    Posts
    7
    Points
    0

    Default HiJacked by ErrorSafe (I think)

    After performing all the steps described in the "Get Rid of Spyware, Adware, and Web Browser Hijackers " article I'm still getting anoying pop-ups with a few minutes interval. Many of the pop-ups are the Errorsafe's fake system-messages which opens the ErrorSafe install-page when "killed". These pop-ups are comming even when I have not opened any browser at all. And I have not ever had the Errorsafe installed on my computer.

    All these pop-ups are making my computer more or less useless. Please help me!

    Here is my HiJackThis log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:44:48, on 05.03.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programfiler\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
    C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\Norton AntiVirus\navapsvc.exe
    C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Programfiler\Dell\QuickSet\quickset.exe
    C:\Programfiler\Apoint\Apoint.exe
    C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
    C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Programfiler\Apoint\Apntex.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
    C:\Programfiler\Windows Defender\MSASCui.exe
    C:\Programfiler\Logitech\Harmony Remote\harmonyClient.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Sony Ericsson\Mobile\audevicemgr.exe
    c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Programfiler\Internet Explorer\iexplore.exe
    C:\PROGRAMFILER\INTERNET EXPLORER\IEXPLORE.EXE
    C:\Programfiler\Messenger\msmsgs.exe
    C:\Programfiler\Norton AntiVirus\OPScan.exe
    C:\PROGRAMFILER\INTERNET EXPLORER\IEXPLORE.EXE
    C:\Programfiler\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [IntelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Programfiler\Logitech\Harmony Remote\harmonyClient.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = ?
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\o4lule391h.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    You have nothing relating to ErrorSafe in your log ... but ...

    You have a VX2 infection....

    Download http://www.downloads.subratam.org/l2mfix.exe by ShadowWar.

    1. Save the file to your desktop

    2. Double click l2mfix.exe

    3. Click the Install button to extract the files and follow the prompts

    4. Open the newly added l2mfix folder on your desktop

    5. Double click l2mfix.bat

    6. Select option #1 for Run Find Log by typing 1 and then pressing enter

    7. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.

    8. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Mar 2006
    Posts
    7
    Points
    0

    Default

    L2MFIX find log 010406
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\fp6203joe.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    "Logon"="WLEventLogon"
    "Logoff"="WLEventLogoff"
    "Startup"="WLEventStartup"
    "Shutdown"="WLEventShutdown"
    "StartScreenSaver"="WLEventStartScreenSaver"
    "StopScreenSaver"="WLEventStopScreenSaver"
    "Lock"="WLEventLock"
    "Unlock"="WLEventUnlock"
    "StartShell"="WLEventStartShell"
    "PostShell"="WLEventPostShell"
    "Disconnect"="WLEventDisconnect"
    "Reconnect"="WLEventReconnect"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000000
    "SafeMode"=dword:00000001
    "MaxWait"=dword:ffffffff
    "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Event"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
    "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
    00,00,60,81,e3,0e,cb,d2,94,4f,b8,da,38,85,ff,36,da,b8,04,00,00,00,04,00,00,\
    00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,49,18,73,81,b7,1e,45,51,\
    1f,cb,20,70,4a,e1,f2,77,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,44,\
    c8,b7,25,80,10,7d,4a,d9,b8,ed,87,32,d9,26,1d,88,03,00,00,cd,7b,da,60,84,a5,\
    27,b1,19,ec,22,3d,01,1f,3d,c0,71,bf,1c,97,6a,dd,7a,02,f0,07,a2,52,3f,ad,ae,\
    9f,53,1f,89,be,8e,ba,4e,8b,f5,43,bb,74,2a,60,36,59,5c,8a,12,72,26,a0,ac,61,\
    0a,23,b3,e8,89,f2,36,bc,75,e2,65,85,ef,96,32,e5,5a,03,85,99,e9,a1,3c,ba,d4,\
    a2,6e,b7,29,f5,c5,31,85,ba,3d,e2,f5,c3,33,39,a6,bb,1b,84,40,9a,ec,3c,cf,b5,\
    bc,9e,c7,75,b3,7a,f2,37,39,9d,d3,6c,77,0e,46,90,26,0d,8f,2b,43,09,ab,0a,7a,\
    d8,c4,e3,ff,d7,a1,b1,d7,0f,d3,03,7d,cf,d0,dc,22,ef,76,eb,14,3a,03,f8,5a,62,\
    5f,28,67,8d,16,55,be,bd,c1,79,ce,07,7c,4b,27,f4,ae,56,04,a1,82,74,34,e7,25,\
    05,8a,73,5f,be,79,8c,2a,a2,e1,2b,82,fa,5f,38,2b,1e,ce,91,8a,4f,e8,c3,c2,02,\
    0c,88,0e,75,c3,bc,07,87,06,67,22,3b,7a,f3,4c,fd,c5,8f,b3,d7,f7,7f,90,77,fb,\
    69,99,67,61,a2,c0,52,4a,76,69,9e,79,33,61,e0,4c,3b,cb,3a,0f,9a,ce,85,60,f4,\
    2f,33,e8,c5,f9,d0,f4,4e,8c,34,d8,e3,62,8b,ac,49,2e,53,2f,bc,c3,37,b9,0f,45,\
    91,ec,ba,9f,0e,6e,ef,f1,ae,54,f6,72,d4,28,4b,66,b4,5c,c2,58,be,78,54,7e,c2,\
    8a,16,37,b1,a7,a2,01,b7,01,3c,b8,56,01,f1,3d,86,b8,77,00,04,14,9f,b9,8d,f5,\
    2e,38,68,c6,69,3f,c1,c1,3a,87,1a,6b,de,9c,ec,a8,6e,d9,fa,99,b7,c7,eb,9d,08,\
    a9,6b,18,26,4f,2b,d4,60,e5,af,e3,68,33,3d,9c,f4,09,97,8e,a1,15,87,59,e0,45,\
    5b,d1,3f,e1,87,13,c4,78,71,e5,93,fb,7f,03,a8,7d,5e,ff,5d,e9,eb,74,38,ef,50,\
    33,4a,8e,90,49,b6,65,49,eb,f2,25,e9,0a,31,ef,ea,61,61,3c,a9,51,f5,1f,72,3a,\
    bc,23,c7,c0,b7,64,09,7e,d8,81,90,75,53,1e,45,a9,9a,77,c9,d5,8b,6e,be,7f,4e,\
    99,aa,8d,ae,02,fe,ea,61,e6,b4,72,ff,87,93,48,a6,27,c1,e2,f9,35,47,e4,18,72,\
    a8,86,bc,47,55,2a,c2,e4,b7,6a,bd,4f,61,6b,a1,74,39,2c,bd,68,d2,4d,0e,b0,25,\
    ba,4f,c6,01,a0,68,fd,5c,0e,0d,b9,91,52,5a,cc,e7,85,5e,fe,90,26,c2,2d,a1,35,\
    90,20,c8,f4,b8,0f,d5,3c,67,fb,9d,5a,89,5d,01,9b,58,76,1e,79,f4,b7,2e,0f,df,\
    28,bb,d0,93,7f,fb,72,75,d2,c3,db,5e,66,03,93,f5,c5,d7,07,b1,60,46,92,18,e7,\
    ec,c7,eb,7f,ee,d5,51,b5,57,ca,9a,e1,8e,3c,68,d8,0e,7a,a5,5d,de,a6,7b,0c,ac,\
    d4,22,d3,e9,ee,b6,de,78,dc,95,09,37,26,0d,dc,b4,82,08,95,fa,e0,6d,fd,28,8a,\
    be,d5,86,aa,2a,0c,c1,57,92,a8,bc,f1,c5,a5,ea,4c,4c,84,7e,e5,5c,8a,77,71,74,\
    43,4b,ae,7c,be,8e,0f,9f,15,65,cd,2c,c2,07,6d,e8,00,d6,32,39,32,73,68,26,df,\
    f4,cd,9f,3b,11,bd,96,84,8d,63,12,bd,a4,a5,07,f2,08,60,5c,7f,ba,90,ea,1e,1f,\
    f9,b1,20,be,48,a9,79,f4,64,57,aa,64,c5,7f,4e,8a,3c,e8,93,99,6f,78,f6,73,49,\
    00,00,81,bd,7a,53,74,e6,7a,c7,1d,20,16,a3,80,17,d8,d6,b0,b0,ff,3c,90,10,b2,\
    af,34,19,2d,3a,37,24,6a,55,9f,15,51,53,7a,aa,e0,97,e8,7f,3e,ae,d8,db,16,b1,\
    07,3b,a4,bd,52,f7,59,fd,5b,e9,0e,b7,05,fd,12,a2,b5,14,62,6d,10,7a,7a,e8,f6,\
    99,d8,05,dc,8c,7d,9f,ed,d8,c7,85,7d,87,5f,72,97,41,76,d7,9e,53,7b,12,e6,17,\
    b4,e6,58,60,8c,ca,6a,4d,a7,28,3c,4f,cb,6b,39,e8,8f,6f,15,43,62,16,ee,05,e6,\
    6d,df,ca,22,1d,66,d5,a9,e5,c9,f3,24,e6,10,7b,0b,49,d5,13,46,35,b6,70,e6,90,\
    e7,4c,97,65,a8,1e,fb,74,40,1b,25,20,eb,9d,72,0b,f1,30,09,f9,e0,46,75,14,00,\
    00,00,aa,46,ca,7e,3c,5a,bb,a3,d6,90,b8,ba,84,0a,42,3b,b7,33,92,50

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{661F5AE2-6FCC-211A-5B48-7ECD02B0143F}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Egenskapsside for multimediefil"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM skannerbehandling"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-sikkerhetsside"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskapsside for OLE DOC-fil"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Skallutvidelse for deling"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermkort"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermtype"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermpanorering"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-sikkerhetsside"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Diskkopieringsutvidelse"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Skallutvidelser for Microsoft Windows-nettverksobjekter"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM skjermbehandling"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM skriverbehandling"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Skallutvidelser for filkomprimering"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Skallutvidelse for Web-skriver"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Hurtigmeny for kryptering"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Koffert"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Ikonutvidelse for HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Skrifter"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Skriversikkerhetsside"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Skallutvidelse for deling"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-utvidelse"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign-utvidelse"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Nettverkstilkoblinger"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Nettverkstilkoblinger"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannere og kameraer"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannere og kameraer"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannere og kameraer"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannere og kameraer"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannere og kameraer"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Skallutvidelser for Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-datakobling"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte oppgaver"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Oppgavelinje og Start-meny"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›k"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Kj›r..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internett"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-post"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative verkt›y"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Egenskapsside for tidligere versjoner"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Tidligere versjoner"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internett-verkt›ylinje"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Nedlastingsstatus"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="B*ndproxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft-tjeneste for tidligere URL-adresser"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Logg"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft-binding for URL-s›k"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbilde for Internet Explorer 4.0"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internett"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-b*nd"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Mappe for ActiveX-hurtigbuffer"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Abonnementsmappe"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Behandling av skallprogrammer"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerator for installerte programmer"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin Programpubliserer"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Uttrekking av miniatyrbilder i GDI+-filer"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Behandling av informasjon om miniatyrbilder"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Uttrekking av HTML-miniatyrbilder"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Veiviser for Web-publisering"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestille utskrifter via Weben"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Veiviserobjekt for skallpublisering"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="F* en passport-veiviser"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brukerkontoer"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanalsnarvei"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanalbehandlingsobjekt"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappe for Frakoblede filer"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Etter &personer..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmapper"
    "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
    "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
    "{fc181130-05a0-11d6-8140-000102e745a6}"="My P910i"
    "{2F25CF20-C569-11D1-B94C-00608CB45480}"="TextPad"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{694DA237-9931-4B66-BE43-AFA2A3B8148D}"=""
    "{C744CF99-DBF3-414B-BB45-B91D79CB5BDE}"=""
    "{F1D00E5B-8D03-4B44-BFD4-4FEA686A9BF4}"=""
    "{8E2C3C0C-768D-4004-9598-605D8BA487B2}"=""
    "{A29AD559-E870-475F-8E96-0D913665C489}"=""
    "{0F1A63B1-EFDD-4269-8A8F-0CCF6631782A}"=""
    "{4FB89CEA-55F4-4AF4-A216-B867A3693F59}"=""
    "{4166AF59-BBB7-4457-8B97-C5405ED2FDA2}"=""
    "{98DD0540-7AD2-4C82-8D21-02915CD9072B}"=""
    "{DEB0603D-D792-4F34-B309-64C36B9D324C}"=""
    "{D4828D98-A57B-4487-9D02-DAB1D734B6DB}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C744CF99-DBF3-414B-BB45-B91D79CB5BDE}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C744CF99-DBF3-414B-BB45-B91D79CB5BDE}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C744CF99-DBF3-414B-BB45-B91D79CB5BDE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C744CF99-DBF3-414B-BB45-B91D79CB5BDE}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rym.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{4166AF59-BBB7-4457-8B97-C5405ED2FDA2}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4166AF59-BBB7-4457-8B97-C5405ED2FDA2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4166AF59-BBB7-4457-8B97-C5405ED2FDA2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4166AF59-BBB7-4457-8B97-C5405ED2FDA2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{98DD0540-7AD2-4C82-8D21-02915CD9072B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{98DD0540-7AD2-4C82-8D21-02915CD9072B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{98DD0540-7AD2-4C82-8D21-02915CD9072B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{98DD0540-7AD2-4C82-8D21-02915CD9072B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{DEB0603D-D792-4F34-B309-64C36B9D324C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DEB0603D-D792-4F34-B309-64C36B9D324C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DEB0603D-D792-4F34-B309-64C36B9D324C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DEB0603D-D792-4F34-B309-64C36B9D324C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uhp10.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D4828D98-A57B-4487-9D02-DAB1D734B6DB}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D4828D98-A57B-4487-9D02-DAB1D734B6DB}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D4828D98-A57B-4487-9D02-DAB1D734B6DB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D4828D98-A57B-4487-9D02-DAB1D734B6DB}\InprocServer32]
    @="C:\\WINDOWS\\system32\\jnpl400.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    fp6203~1.dll Sun 5 Mar 2006 23:03:24 ..S.R 235 731 230,20 K
    gdi32.dll Thu 29 Dec 2005 3:56:08 A.... 280 064 273,50 K
    legitc~1.dll Tue 14 Feb 2006 9:20:14 A.... 550 120 537,23 K
    pncrt.dll Sat 11 Feb 2006 21:54:30 A.... 278 528 272,00 K
    pndx5016.dll Sat 11 Feb 2006 21:54:30 A.... 6 656 6,50 K
    pndx5032.dll Sat 11 Feb 2006 21:54:30 A.... 5 632 5,50 K
    rmoc3260.dll Sat 11 Feb 2006 21:54:38 A.... 176 167 172,04 K
    s32evnt1.dll Tue 31 Jan 2006 14:35:34 A.... 91 904 89,75 K
    s6pulg~1.dll Sun 5 Mar 2006 23:44:26 ..S.R 235 468 229,95 K
    spmsg.dll Mon 13 Feb 2006 19:04:48 ..... 9 144 8,93 K
    webclnt.dll Wed 4 Jan 2006 4:36:32 A.... 68 096 66,50 K
    wgalogon.dll Tue 14 Feb 2006 9:20:14 A.... 567 016 553,73 K
    wmp.dll Tue 6 Dec 2005 6:02:16 A.... 5 533 696 5,28 M
    __dele~1.dll Mon 6 Mar 2006 16:51:40 A.... 235 731 230,20 K

    14 items found: 14 files (2 H/S), 0 directories.
    Total of file sizes: 8 273 953 bytes 7,89 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Mon 6 Mar 2006 18:04:40 ..S.R 235 731 230,20 K

    1 item found: 1 file (1 H/S), 0 directories.
    Total of file sizes: 235 731 bytes 230,20 K
    **********************************************************************************
    Directory Listing of system files:
    Volumet i stasjon C er uten navn.
    Volumserienummeret er A072-E3A3

    Innhold i C:\WINDOWS\System32

    06.03.2006 18:04 235ÿ731 guard.tmp
    05.03.2006 23:44 235ÿ468 s6pulg7916.dll
    05.03.2006 23:44 dllcache
    05.03.2006 23:03 235ÿ731 fp6203joe.dll
    28.09.2004 18:29 Microsoft
    3 fil(er) 706ÿ930 byte
    2 mappe(r) 5ÿ674ÿ172ÿ416 byte ledig

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Close any programs you have open since this step requires a reboot.

    1. From the l2mfix folder on your desktop, double click l2mfix.bat

    2. Select option #2 for Run Fix by typing 2 and then pressing enter

    3. Press any key to reboot your computer.

    4. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.

    5. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

    IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!


    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Mar 2006
    Posts
    7
    Points
    0

    Default

    First of all I have to confess that I did a scan with ewido prior to doing any of the l2mfix steps you specified in your previous posts. Hope it not clutters the picture.

    Anyhow I did the l2mfix step 2, but not sure if I got it to work all right. The L2mfix console gave the following output:
    +----------------------------------+
    ¦ L2MFix Tool By Shadowwar 010406 ¦
    ¦----------------------------------¦
    ¦ 1. Run Find Log ¦
    ¦ 2. Run Fix ¦
    ¦ 3. View Readme ¦
    ¦ 4. Remove L2MFIX Account ¦
    ¦ 5. Fix Autoexec.nt/cmd.exe error ¦
    ¦ E. Exit ¦
    +----------------------------------+
    {1,2,3,4,5,E}2
    This fix will reboot automatically.
    Password will be entered automatically.
    Do not press any keys till instructed too.
    Angi passordet for L2MFIX:
    Forsøker å starte C:\WINDOWS\System32\second.bat som brukeren "DELL_LAPTOP\L2MFI
    X" ...
    Processing Cleanup.
    .Systemet finner ikke angitt fil. (System can not find specified file.)
    Systemet finner ikke angitt fil. (System can not find specified file.)
    Det finnes et annet filnavn med samme navn, eller
    filen finnes ikke. (There is another file with the same name, or the file does not exist.)
    Finner ikke (Can not find) C:\WINDOWS\System32\log.txt
    .
    updating: direct.txt (140 bytes security) (stored 0%)
    updating: log.txt (140 bytes security) (deflated 32%)
    updating: readme.txt (140 bytes security) (deflated 51%)
    updating: report.txt (140 bytes security) (deflated 61%)
    The system is ready to reboot now. The log.txt will be in
    the l2mfix folder after the reboot if it does not open
    on its own. Please fix the missing file 020 with hijackthis.
    after the reboot.
    Trykk en tast for å fortsette...
    After rebooting I can not see any trace of l2mfix starting and doing any scanning and no Notpad pops up with the log.txt file.

    Manually opened the log.txt from the l2mfix folder :
    L2mfix 010406
    Creating Account.
    Kommandoen er fullf›rt.

    Adding Administrative privleges.
    Checking for L2MFix account(0=no 1=yes):
    1
    Granting SeDebugPrivilege to L2MFIX ... successful
    Checking for L2MFix account(0=no 1=yes):
    0
    Zipping up files for submission:
    zip warning: name not matched: dlls\*.*

    zip error: Nothing to do! (backup.zip)
    updating: backregs/notibac.reg (140 bytes security) (deflated 80%)

    ***********************************************

    Logfile of HijackThis v1.99.1
    Scan saved at 23:11:24, on 06.03.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programfiler\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
    C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\ewido anti-malware\ewidoctrl.exe
    C:\Programfiler\Norton AntiVirus\navapsvc.exe
    C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Programfiler\Dell\QuickSet\quickset.exe
    C:\Programfiler\Apoint\Apoint.exe
    C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Programfiler\Apoint\Apntex.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
    C:\Programfiler\Windows Defender\MSASCui.exe
    C:\Programfiler\Sony Ericsson\Mobile\audevicemgr.exe
    c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\Programfiler\Internet Explorer\iexplore.exe
    C:\Programfiler\Messenger\msmsgs.exe
    C:\Programfiler\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [IntelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Programfiler\Logitech\Harmony Remote\harmonyClient.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = ?
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\fp6203joe.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    NO it didn't work...

    It makes it easier for me to help you if you only do what I tell you when I tell you... did you save the Ewido log ? ... I would like to see it...

    Please go to C:\WINDOWS\system32 and see if you have this file AUTOEXEC.NT

    let me know...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member
    Join Date
    Mar 2006
    Posts
    7
    Points
    0

    Default

    Sorry for the unconvinience by using ewido without telling. And I'm sorry to say that I don't have any saved report. I was kind of desperat, and I used ewido in paralell with waiting for your first reply.

    And as for AUTOEXEC.NT I find it located as you describe.

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    please download and run Look2Me-Destroyer by Atribune

    Follow the instructions here :-

    http://www.atribune.org/content/view/28/

    Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Member
    Join Date
    Mar 2006
    Posts
    7
    Points
    0

    Default

    Here are the requested logs:


    Look2Me-Destroyer V1.0.7

    Scanning for infected files.....
    Scan started at 07.03.2006 19:01:33

    Infected! C:\WINDOWS\system32\hr8q05l5e.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP114\A0029969.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP114\A0029972.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030028.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030041.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030180.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030183.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030187.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030189.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030266.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030281.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030287.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030297.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030303.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP118\A0030423.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP118\A0030432.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP118\A0030433.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030454.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030455.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030483.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030505.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030513.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030519.dll
    Infected! C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030525.dll
    Infected! C:\WINDOWS\system32\e620lgfm162a.dll
    Infected! C:\WINDOWS\system32\egsvc.dll
    Infected! C:\WINDOWS\system32\enpml1711.dll
    Infected! C:\WINDOWS\system32\fp0m03d1e.dll
    Infected! C:\WINDOWS\system32\hr8q05l5e.dll
    Infected! C:\WINDOWS\system32\mocories.dll
    Infected! C:\WINDOWS\system32\ocuninst.dll
    Infected! C:\WINDOWS\system32\s6pulg7916.dll
    Infected! C:\WINDOWS\system32\guard.tmp

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\hr8q05l5e.dll
    C:\WINDOWS\system32\hr8q05l5e.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP114\A0029969.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP114\A0029969.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP114\A0029972.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP114\A0029972.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030028.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030028.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030041.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030041.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030180.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030180.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030183.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030183.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030187.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030187.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030189.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP116\A0030189.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030266.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030266.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030281.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030281.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030287.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030287.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030297.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030297.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030303.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP117\A0030303.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP118\A0030423.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP118\A0030423.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP118\A0030432.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP118\A0030432.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP118\A0030433.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP118\A0030433.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030454.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030454.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030455.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030455.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030483.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030483.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030505.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030505.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030513.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030513.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030519.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030519.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030525.dll
    C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP119\A0030525.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\e620lgfm162a.dll
    C:\WINDOWS\system32\e620lgfm162a.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\egsvc.dll
    C:\WINDOWS\system32\egsvc.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\enpml1711.dll
    C:\WINDOWS\system32\enpml1711.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\fp0m03d1e.dll
    C:\WINDOWS\system32\fp0m03d1e.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\hr8q05l5e.dll
    C:\WINDOWS\system32\hr8q05l5e.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mocories.dll
    C:\WINDOWS\system32\mocories.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ocuninst.dll
    C:\WINDOWS\system32\ocuninst.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\s6pulg7916.dll
    C:\WINDOWS\system32\s6pulg7916.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\guard.tmp
    C:\WINDOWS\system32\guard.tmp Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{694DA237-9931-4B66-BE43-AFA2A3B8148D}"
    HKCR\Clsid\{694DA237-9931-4B66-BE43-AFA2A3B8148D}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C744CF99-DBF3-414B-BB45-B91D79CB5BDE}"
    HKCR\Clsid\{C744CF99-DBF3-414B-BB45-B91D79CB5BDE}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F1D00E5B-8D03-4B44-BFD4-4FEA686A9BF4}"
    HKCR\Clsid\{F1D00E5B-8D03-4B44-BFD4-4FEA686A9BF4}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8E2C3C0C-768D-4004-9598-605D8BA487B2}"
    HKCR\Clsid\{8E2C3C0C-768D-4004-9598-605D8BA487B2}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A29AD559-E870-475F-8E96-0D913665C489}"
    HKCR\Clsid\{A29AD559-E870-475F-8E96-0D913665C489}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0F1A63B1-EFDD-4269-8A8F-0CCF6631782A}"
    HKCR\Clsid\{0F1A63B1-EFDD-4269-8A8F-0CCF6631782A}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4FB89CEA-55F4-4AF4-A216-B867A3693F59}"
    HKCR\Clsid\{4FB89CEA-55F4-4AF4-A216-B867A3693F59}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4166AF59-BBB7-4457-8B97-C5405ED2FDA2}"
    HKCR\Clsid\{4166AF59-BBB7-4457-8B97-C5405ED2FDA2}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{98DD0540-7AD2-4C82-8D21-02915CD9072B}"
    HKCR\Clsid\{98DD0540-7AD2-4C82-8D21-02915CD9072B}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DEB0603D-D792-4F34-B309-64C36B9D324C}"
    HKCR\Clsid\{DEB0603D-D792-4F34-B309-64C36B9D324C}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D4828D98-A57B-4487-9D02-DAB1D734B6DB}"
    HKCR\Clsid\{D4828D98-A57B-4487-9D02-DAB1D734B6DB}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0375076E-87AE-465A-992C-A378A3391846}"
    HKCR\Clsid\{0375076E-87AE-465A-992C-A378A3391846}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AAFF4021-F897-49D2-BA7D-CD88A06ACF33}"
    HKCR\Clsid\{AAFF4021-F897-49D2-BA7D-CD88A06ACF33}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administratorer - Succeeded


    *************************

    Logfile of HijackThis v1.99.1
    Scan saved at 19:11:47, on 07.03.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programfiler\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
    C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\ewido anti-malware\ewidoctrl.exe
    C:\Programfiler\Norton AntiVirus\navapsvc.exe
    C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymSCUI.exe
    C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Programfiler\Dell\QuickSet\quickset.exe
    C:\Programfiler\Apoint\Apoint.exe
    C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Programfiler\Apoint\Apntex.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
    C:\Programfiler\Windows Defender\MSASCui.exe
    C:\Programfiler\Logitech\Harmony Remote\harmonyClient.exe
    C:\Programfiler\Sony Ericsson\Mobile\audevicemgr.exe
    c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Internet Explorer\iexplore.exe
    C:\PROGRA~1\TEXTPA~1\TextPad.exe
    C:\Programfiler\Messenger\msmsgs.exe
    C:\Programfiler\HijackThis\HijackThis.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [IntelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Programfiler\Logitech\Harmony Remote\harmonyClient.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = ?
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

  10. #10
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    That appears to have got it

    Please run the l2mfix option #1 again and post the log, so that i can double check it has been removed successfully...

    Is the problem resolved ?

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

Page 1 of 2 12 LastLast