Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Error massage saing c\windows\config\lsass.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 8th, 2009, 12:23 pm

When my computer starts, i get and error massage saing c\windows\config\lsass.exe
plz help.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:58, on 08-07-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\wf2k.exe
c:\programmer\winfast\wftvfm\wfwiz.exe
c:\programmer\microsoft intellipoint\point32.exe
c:\windows\rthdcpl.exe
c:\programmer\microsoft office\office12\groovemonitor.exe
c:\windows\system32\rundll32.exe
c:\programmer\java\jre6\bin\jusched.exe
c:\programmer\eset\eset nod32 antivirus\egui.exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
c:\programmer\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe
c:\windows\system32\ctfmon.exe
c:\programmer\spybot - search & destroy\teatimer.exe
c:\programmer\windows media player\wmpnscfg.exe
c:\programmer\steam\steam.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
c:\programmer\magicdisc\magicdisc.exe
c:\programmer\microsoft office\office12\onenotem.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmer\mozilla firefox\firefox.exe
c:\programmer\vuze\azureus.exe
C:\WINDOWS\system32\cidaemon.exe
c:\programmer\trend micro\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15087&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmer\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmer\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\programmer\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - C:\WINDOWS\system32\AcroIEHelpe5.dll (file missing)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFast Schedule] C:\Programmer\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [swg] c:\programmer\google\googletoolbarnotifier\googletoolbarnotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Programmer\MagicDisc\MagicDisc.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://c:\programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://c:\programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://c:\programmer\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\programmer\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programmer\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programmer\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostation ... awflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/acti ... afekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/po ... der_v6.cab
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Documents and Settings\Rasmus\Skrivebord\spil\3D Model Trains\monki.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programmer\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - c:\windows\system32\hpzipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Ventrilo - Unknown owner - C:\Programmer\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 14035 bytes
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm
Advertisement
Register to Remove

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 12th, 2009, 12:44 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is postedis ticked on the POST A REPLY page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 13th, 2009, 9:26 am

DDS

DDS (Ver_09-06-26.01) - NTFSx86
Run by Rasmus at 11:18:35,75 on 13-07-2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1030.18.1023.263 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\wf2k.exe
c:\programmer\winfast\wftvfm\wfwiz.exe
c:\programmer\microsoft intellipoint\point32.exe
c:\windows\rthdcpl.exe
c:\programmer\microsoft office\office12\groovemonitor.exe
c:\windows\system32\rundll32.exe
c:\programmer\java\jre6\bin\jusched.exe
c:\programmer\eset\eset nod32 antivirus\egui.exe
c:\programmer\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe
c:\windows\system32\ctfmon.exe
c:\programmer\spybot - search & destroy\teatimer.exe
c:\programmer\steam\steam.exe
c:\programmer\windows media player\wmpnscfg.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
c:\programmer\magicdisc\magicdisc.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\programmer\microsoft office\office12\onenotem.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmer\videolan\vlc\vlc.exe
C:\WINDOWS\system32\cidaemon.exe
c:\programmer\mozilla firefox\firefox.exe
c:\documents and settings\rasmus\skrivebord\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://eu.ask.com?o=15087&l=dis
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\programmer\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\programmer\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mWinlogon: Shell=Explorer.exe c:\windows\config\lsass.exe
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\programmer\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\programmer\bitcomet\tools\BitCometBHO_1.2.2.28.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\programmer\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Adobe PDF Reader Link Helper: {b782ede4-ccb3-4e3e-981f-96c68116f38c} - c:\windows\system32\AcroIEHelpe5.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\programmer\textware\quickfind\plugins\IEHelp.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmer\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] c:\programmer\google\googletoolbarnotifier\googletoolbarnotifier.exe
uRun: [MsnMsgr] "c:\programmer\windows live\messenger\MsnMsgr.Exe" /background
uRun: [NVIDIA nTune] "c:\programmer\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programmer\fælles filer\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\programmer\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "c:\programmer\steam\Steam.exe" -silent
uRun: [WMPNSCFG] c:\programmer\windows media player\WMPNSCFG.exe
mRun: [WinFoxV2] c:\windows\system32\WF2K.EXE
mRun: [WinFast2KLoadDefault] rundll32.exe c:\windows\system32\wf2kcpl.dll,DllLoadDefaultSettings
mRun: [WinFast Schedule] c:\programmer\winfast\wftvfm\WFWIZ.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SkyTel] SkyTel.EXE
mRun: [IntelliPoint] "c:\programmer\microsoft intellipoint\point32.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GrooveMonitor] "c:\programmer\microsoft office\office12\GrooveMonitor.exe"
mRun: [NBKeyScan] "c:\programmer\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
mRun: [egui] "c:\programmer\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\rasmus\menuen~1\progra~1\start\magicd~1.lnk - c:\programmer\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\rasmus\menuen~1\progra~1\start\screen~1.lnk - c:\programmer\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adober~1.lnk - c:\programmer\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &D&ownload &with BitComet - c:\programmer\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\programmer\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\programmer\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\programmer\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programmer\partygaming\partypoker\RunApp.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\programmer\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\programmer\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://webnode1.xstream.dk/radiostation ... awflow.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDow ... eqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDow ... eqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZI ... b56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... wflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/acti ... afekey.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/po ... der_v6.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmer\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programmer\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\programmer\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rasmus\applic~1\mozilla\firefox\profiles\jfeux6ma.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?cl ... e=en_US&q=
FF - plugin: c:\programmer\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\programmer\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-12-4 93848]
R2 ekrn;ESET Service;c:\programmer\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R3 WFIOCTL;WFIOCTL;c:\programmer\winfast\wftvfm\WFIOCTL.sys [2007-2-10 9446]
R4 WINFOXIO;WINFOXIO;c:\windows\system32\drivers\WINFOXIO.sys [2007-2-10 9600]
S0 ati1mdxx;ati1mdxx;c:\windows\system32\drivers\ati1mdxx.sys --> c:\windows\system32\drivers\ati1mdxx.sys [?]
S0 ati3mtxx;ati3mtxx;c:\windows\system32\drivers\ati3mtxx.sys --> c:\windows\system32\drivers\ati3mtxx.sys [?]
S2 caerf;Center Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\rasmus\lokale~1\temp\nrg134.tmp --> c:\docume~1\rasmus\lokale~1\temp\NRG134.tmp [?]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-07-08 18:01 <DIR> --d----- c:\programmer\Trend Micro
2009-07-04 20:20 <DIR> --d----- c:\programmer\Steam
2009-07-02 11:01 12,794,013 a------- c:\windows\system32\SteamUI_894.pkg
2009-06-30 01:38 <DIR> --d----- c:\programmer\Maxis
2009-06-28 18:57 <DIR> --d----- C:\~MSSETUP.T
2009-06-28 16:15 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-26 14:06 82,380 a------- c:\windows\system32\drivers\AFS2K.SYS
2009-06-26 14:04 <DIR> --d----- c:\programmer\fælles filer\Hewlett-Packard
2009-06-26 11:09 <DIR> --d----- c:\programmer\GPLGS
2009-06-26 11:09 87,552 a------- c:\windows\system32\cpwmon2k.dll
2009-06-26 11:08 <DIR> --d----- c:\programmer\Acro Software
2009-06-20 00:19 <DIR> --d----- c:\windows\system32\SteamApps
2009-06-13 13:15 <DIR> --dsh--- c:\windows\ftpcache

==================== Find3M ====================

2009-07-11 20:43 34 a------- c:\documents and settings\rasmus\jagex_runescape_preferences.dat
2009-05-22 16:56 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-18 09:40 4,096 a------- c:\windows\system32\01.tmp
2009-05-12 22:52 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-05-12 22:52 109,080 a------- c:\windows\system32\OpenAL32.dll
2008-10-31 19:13 22,328 a------- c:\docume~1\rasmus\applic~1\PnkBstrK.sys
2007-09-18 22:06 81,920 a------- c:\docume~1\rasmus\applic~1\ezpinst.exe
2007-09-18 22:06 47,360 a------- c:\docume~1\rasmus\applic~1\pcouffin.sys
2007-03-29 23:27 774,144 a------- c:\programmer\RngInterstitial.dll
2008-12-01 23:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2008-12-01 15:11 49,152 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008112420081201\index.dat
2008-12-08 08:00 98,304 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008120120081208\index.dat
2008-12-08 17:55 49,152 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008120820081209\index.dat
2008-12-10 00:29 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008120920081210\index.dat
2008-12-10 19:56 98,304 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008121020081211\index.dat

============= FINISH: 11:18:55,59 ===============

attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 09-02-2007 23:29:34
System Uptime: 13-07-2009 11:02:26 (0 hours ago)

Motherboard: MSI | | MS-7309
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | CPU 1 | 2009/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 153 GiB total, 68,844 GiB free.
D: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-tastatur eller Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standardtastaturer)
Name: Standard 101/102-tastatur eller Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&38D79619&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&38D79619&0
Service: i8042prt

==== System Restore Points ===================

RP35: 12-04-2009 19:39:38 - Installed GRID
RP36: 12-04-2009 20:11:24 - Installed DirectX
RP37: 14-04-2009 19:44:11 - Systemkontrolpunkt
RP38: 15-04-2009 20:21:56 - Systemkontrolpunkt
RP39: 17-04-2009 17:02:11 - Systemkontrolpunkt
RP40: 19-04-2009 15:32:50 - Systemkontrolpunkt
RP41: 21-04-2009 19:42:53 - Systemkontrolpunkt
RP42: 23-04-2009 13:03:21 - Systemkontrolpunkt
RP43: 24-04-2009 19:54:34 - Systemkontrolpunkt
RP44: 26-04-2009 12:49:24 - Systemkontrolpunkt
RP45: 29-04-2009 14:13:12 - Systemkontrolpunkt
RP46: 30-04-2009 16:48:25 - Systemkontrolpunkt
RP47: 01-05-2009 17:10:55 - Systemkontrolpunkt
RP48: 02-05-2009 17:13:45 - Systemkontrolpunkt
RP49: 03-05-2009 19:31:40 - Systemkontrolpunkt
RP50: 04-05-2009 22:12:04 - Systemkontrolpunkt
RP51: 06-05-2009 11:26:06 - Systemkontrolpunkt
RP52: 07-05-2009 12:13:25 - Systemkontrolpunkt
RP53: 08-05-2009 14:07:00 - Systemkontrolpunkt
RP54: 10-05-2009 01:57:22 - Systemkontrolpunkt
RP55: 11-05-2009 08:22:46 - Systemkontrolpunkt
RP56: 12-05-2009 09:21:21 - Systemkontrolpunkt
RP57: 13-05-2009 10:18:53 - Systemkontrolpunkt
RP58: 14-05-2009 21:42:03 - Systemkontrolpunkt
RP59: 15-05-2009 22:19:25 - Systemkontrolpunkt
RP60: 16-05-2009 12:39:53 - Installed SigmaTel MSCN Audio Player
RP61: 16-05-2009 12:48:56 - Removed SigmaTel MSCN Audio Player
RP62: 18-05-2009 22:20:53 - Systemkontrolpunkt
RP63: 20-05-2009 17:27:27 - Systemkontrolpunkt
RP64: 21-05-2009 18:00:34 - Systemkontrolpunkt
RP65: 22-05-2009 16:56:29 - Installed Java(TM) 6 Update 13
RP66: 23-05-2009 19:01:02 - Removed GRID
RP67: 24-05-2009 20:33:46 - Systemkontrolpunkt
RP68: 25-05-2009 21:09:56 - Systemkontrolpunkt
RP69: 27-05-2009 07:45:17 - Systemkontrolpunkt
RP70: 28-05-2009 16:04:11 - Systemkontrolpunkt
RP71: 29-05-2009 18:21:24 - Systemkontrolpunkt
RP72: 31-05-2009 05:26:13 - Systemkontrolpunkt
RP73: 01-06-2009 14:40:24 - Systemkontrolpunkt
RP74: 02-06-2009 20:27:47 - Systemkontrolpunkt
RP75: 03-06-2009 21:30:08 - Systemkontrolpunkt
RP76: 04-06-2009 08:39:12 - Removed ESET NOD32 Antivirus
RP77: 04-06-2009 08:41:39 - Installed ESET NOD32 Antivirus
RP78: 05-06-2009 09:14:19 - Systemkontrolpunkt
RP79: 06-06-2009 14:42:12 - Installeret The Sims 3
RP80: 07-06-2009 17:03:46 - Installeret The Sims 3
RP81: 08-06-2009 17:09:20 - Systemkontrolpunkt
RP82: 09-06-2009 17:34:18 - Systemkontrolpunkt
RP83: 10-06-2009 21:19:16 - Systemkontrolpunkt
RP84: 12-06-2009 13:58:16 - Systemkontrolpunkt
RP85: 13-06-2009 13:20:33 - Removed Far Cry 2
RP86: 13-06-2009 13:23:53 - Installed Prototype(TM)
RP87: 13-06-2009 14:27:03 - Removed Prototype(TM)
RP88: 13-06-2009 14:28:14 - Installed Prototype(TM)
RP89: 14-06-2009 18:13:07 - Systemkontrolpunkt
RP90: 15-06-2009 21:27:52 - Systemkontrolpunkt
RP91: 16-06-2009 13:15:47 - Installed DirectX
RP92: 17-06-2009 13:44:19 - Systemkontrolpunkt
RP93: 17-06-2009 22:09:18 - Removed Prototype(TM)
RP94: 19-06-2009 13:00:38 - Systemkontrolpunkt
RP95: 20-06-2009 00:14:29 - Removed Steam
RP96: 20-06-2009 00:16:32 - Installed Steam
RP97: 21-06-2009 11:37:56 - Systemkontrolpunkt
RP98: 22-06-2009 14:01:37 - Systemkontrolpunkt
RP99: 23-06-2009 14:12:27 - Systemkontrolpunkt
RP100: 24-06-2009 16:57:41 - Systemkontrolpunkt
RP101: 25-06-2009 17:00:02 - Systemkontrolpunkt
RP102: 26-06-2009 11:08:55 - Printerdriveren CutePDF Writer er installeret
RP103: 26-06-2009 14:03:27 - Installed HP Photo and Imaging 2.0 - All-in-One
RP104: 26-06-2009 14:04:47 - Installed HP Photo and Imaging 2.0 - All-in-One Drivers
RP105: 26-06-2009 14:07:12 - Installed hp psc 1200 series
RP106: 27-06-2009 15:49:53 - Systemkontrolpunkt
RP107: 28-06-2009 16:13:21 - Removed HP Photo and Imaging 2.0 - All-in-One
RP108: 28-06-2009 16:14:38 - Removed HP Photo and Imaging 2.0 - All-in-One Drivers
RP109: 28-06-2009 16:15:15 - Removed hp psc 1200 series
RP110: 29-06-2009 16:25:10 - Systemkontrolpunkt
RP111: 30-06-2009 22:38:30 - Systemkontrolpunkt
RP112: 02-07-2009 12:25:38 - Systemkontrolpunkt
RP113: 03-07-2009 15:41:35 - Systemkontrolpunkt
RP114: 04-07-2009 17:38:55 - Systemkontrolpunkt
RP115: 04-07-2009 20:15:59 - Removed Steam
RP116: 04-07-2009 20:17:15 - Removed Counter-Strike: Source
RP117: 04-07-2009 20:17:45 - Removed Counter-Strike: Source
RP118: 04-07-2009 20:20:52 - Installed Steam
RP119: 05-07-2009 20:46:28 - Systemkontrolpunkt
RP120: 06-07-2009 22:30:22 - Systemkontrolpunkt
RP121: 07-07-2009 22:30:49 - Systemkontrolpunkt
RP122: 08-07-2009 22:45:50 - Systemkontrolpunkt
RP123: 10-07-2009 19:35:01 - Systemkontrolpunkt

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.1.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
Ask Toolbar
Autodesk DWF Viewer
Backburner
BitCometBeta [20080522]
CD-ORD
Cherry Dolls 1.0
Collab
Counter-Strike: Source
CutePDF Writer 2.7
Deckadance
Diablo II
Dungeon Keeper 2
ESET NOD32 Antivirus
Fallout 3
FL Studio 8
Garena
Google Toolbar for Internet Explorer
Graphmatica
Gyldendals Røde Ordbøger Dansk-Engelsk/Engelsk-Dansk Ordbog
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix til Windows Internet Explorer 7 (KB947864)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB952287)
HotKey
HP Memories Disc
hp psc 1200 series
IL-2 Sturmovik Series Ultimate Edition
IL Download Manager
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 5.1.2
LiveUpdate 1.90 (Symantec Corporation)
Magic ISO Maker v5.3 (build 0221)
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.7.97
MathType 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 5.4
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Proofing Tools
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Groove MUI (Danish) 2007
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Software Update for Web Folders (Danish) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
mIRC
Mozilla Firefox (3.0.11)
Mozilla Sunbird (0.9)
mplayer.com
MS Access 97 SP2
MSI Live Update 3
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Nero - Burning Rom
Nero BackItUp 2 Essentials
Nero Media Player
Nero OEM
NeroVision Express 2
neroxml
Nokia Connectivity Cable Driver
NVIDIA Drivers
NVIDIA nTune
Opdatering til Windows XP (KB951072-v2)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB967715)
OpenAL
PDF Settings
PokerStars
RealArcade
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB928090)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB929969)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB931768)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB933566)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB937143)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB939653)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
Sikkerhedsopdatering til Windows Media Player 9 (KB917734)
Sikkerhedsopdatering til Windows XP (KB923689)
Sikkerhedsopdatering til Windows XP (KB923789)
Sikkerhedsopdatering til Windows XP (KB938464)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951376)
Sikkerhedsopdatering til Windows XP (KB951698)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB953839)
Sikkerhedsopdatering til Windows XP (KB954211)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956391)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956841)
Sikkerhedsopdatering til Windows XP (KB957095)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB960715)
SimCity 3000 World Edition
SONAR 7 Producer Edition
Sony ACID Pro 6.0
Sony Media Manager 2.2
SpellForce 2 - Shadow Wars
Spybot - Search & Destroy
Steam
Super nude patch II 2.8
System Requirements Lab
The Sims™ 3
Toxic Biohazard
ToxicIII
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Ventrilo Client
VLC media player 0.9.9
Vuze
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Billedgalleri
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinFast PVR
WinFast(R) Display Driver
WinFox V1.0 Setup
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

13-07-2009 11:04:33, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
13-07-2009 11:04:33, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
13-07-2009 11:04:33, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
13-07-2009 11:04:09, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11-07-2009 18:03:28, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11-07-2009 17:04:32, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
11-07-2009 17:04:32, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
11-07-2009 17:04:32, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
10-07-2009 17:47:21, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
10-07-2009 17:47:21, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
10-07-2009 17:47:21, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
10-07-2009 17:46:53, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
09-07-2009 11:25:51, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
09-07-2009 11:25:51, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
09-07-2009 11:25:51, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
09-07-2009 11:25:21, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
09-07-2009 00:25:50, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
08-07-2009 17:43:44, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
08-07-2009 17:43:44, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
08-07-2009 17:43:44, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
08-07-2009 17:43:14, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
08-07-2009 12:50:03, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
08-07-2009 12:50:03, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
08-07-2009 12:50:03, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
08-07-2009 12:49:41, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
07-07-2009 13:18:44, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
07-07-2009 13:18:44, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
07-07-2009 13:18:44, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
07-07-2009 13:18:20, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
06-07-2009 13:42:32, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
06-07-2009 13:42:32, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
06-07-2009 13:42:32, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
06-07-2009 13:42:08, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

Gmer

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-13 15:18:59
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8584E630 ZwAssignProcessToJobObject
SSDT sptd.sys ZwCreateKey [0xF72BAC04]
SSDT sptd.sys ZwEnumerateKey [0xF72BAD48]
SSDT sptd.sys ZwEnumerateValueKey [0xF72BB0C0]
SSDT sptd.sys ZwOpenKey [0xF72BAAE2]
SSDT 8584DA60 ZwOpenProcess
SSDT 8584DE80 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF72BB18A]
SSDT sptd.sys ZwQueryValueKey [0xF72BB022]
SSDT sptd.sys ZwSetValueKey [0xF72BB212]
SSDT 8584E460 ZwSuspendProcess
SSDT 8584E280 ZwSuspendThread
SSDT 8584DC90 ZwTerminateProcess
SSDT 8584E0B0 ZwTerminateThread

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86FD8C78

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Udfs \UdfsCdRom 86A6CEB0
Device \FileSystem\Udfs \UdfsDisk 86A6CEB0

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\nvata \Device\00000070 86FD80E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F8B7C8
Device \Driver\Cdrom \Device\CdRom0 86DE4510
Device \FileSystem\Rdbss \Device\FsWrap 86C46EB0
Device \Driver\Cdrom \Device\CdRom1 86DE4510
Device \Driver\Cdrom \Device\CdRom2 86DE4510
Device \Driver\NetBT \Device\NetBt_Wins_Export 86A86590
Device \Driver\NetBT \Device\NetbiosSmb 86A86590
Device \Driver\NetBT \Device\NetBT_Tcpip_{094F871E-E5C1-47F9-9085-F5AE573C81B0} 86A86590
Device \Driver\Disk \Device\Harddisk0\DR0 86FD8EB0
Device \Driver\nvata \Device\NvAta0 86FD80E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B07EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B07EB0
Device \FileSystem\Npfs \Device\NamedPipe 869E7728
Device \Driver\Ftdisk \Device\FtControl 86F8B7C8
Device \FileSystem\Msfs \Device\Mailslot 86C5BE60
Device \FileSystem\Cdfs \Cdfs 86A17D98

---- Threads - GMER 1.0.15 ----

Thread System [4:460] 8584C790

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] caerf <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@DisplayName Center Microsoft
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@Description Giver mulighed for adresseovers?ttelse, adressering, navnefortolkning og/eller tjenester til forebyggelse af uautoriseret brug for netv?rksadresser p? et hjemmenetv?rk eller mindre kontornetv?rk.
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf\Parameters@ServiceDll C:\WINDOWS\system32\owjnfwb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1241238434
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1318536720
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1121503677
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0x9E 0xC2 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0x9E 0xC2 0x69 ...
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@DisplayName Center Microsoft
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@Description Giver mulighed for adresseovers?ttelse, adressering, navnefortolkning og/eller tjenester til forebyggelse af uautoriseret brug for netv?rksadresser p? et hjemmenetv?rk eller mindre kontornetv?rk.
Reg HKLM\SYSTEM\ControlSet004\Services\caerf\Parameters
Reg HKLM\SYSTEM\ControlSet004\Services\caerf\Parameters@ServiceDll C:\WINDOWS\system32\owjnfwb.dll
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0x9E 0xC2 0x69 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Rasmus\Dokumenter\Musik\Musik\alt mit rock\papa roach\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\PA1AE1~1.MP3 3408000 bytes
File C:\Documents and Settings\Rasmus\Dokumenter\Musik\Musik\alt mit rock\papa roach\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\PAPARO~1.MP3 4167056 bytes
File C:\Documents and Settings\Rasmus\Dokumenter\Musik\Musik\alt mit rock\papa roach\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\PAPARO~2.MP3 2989372 bytes
File C:\Documents and Settings\Rasmus\Dokumenter\Musik\Musik\alt mit rock\papa roach\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\PAPARO~3.MP3 6418690 bytes
File C:\Documents and Settings\Rasmus\Dokumenter\Musik\Musik\alt mit rock\papa roach\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\PAPARO~4.MP3 5435687 bytes
ADS C:\System Volume Information\_restore{F93DDD88-1481-43C6-A0CD-3ED05822FDB3}\RP77\A0029318.exe:ext.exe 25088 bytes executable

---- EOF - GMER 1.0.15 ----
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 13th, 2009, 10:10 am

Hi

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitCometBeta [20080522] | LimeWire 5.1.2 | Vuze

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.

Create an Uninstall List
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button
  • Click on the Save list... button and specify where you would like to save this file
  • When you press the Save button a notepad will open with the contents of that file
  • Copy/paste the contents of that notepad here in your next reply
Rooter.exe
Download Rooter.exe from Here & save it to your desktop.
SCAN
  • Double-click on Rooter.exe on your desktop, to run the tool
  • The Rooter interface will appear, with a variety of options displayed
  • Click on Scan
  • Once the scan has finished a log will open called "Rooter#.txt. The log can also be found at %systemdrive%\Rooter$\Rooter#.txt (# is the number assigned to the report)
  • Click Close to exit the program
  • Copy/paste the contents of Rooter#.txt in your next reply
To post in next reply:
Uninstall List
Rooter.exe log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 13th, 2009, 12:03 pm

Hi :)

Uninstall list

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.1.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
Ask Toolbar
Autodesk DWF Viewer
Backburner
CD-ORD
Cherry Dolls 1.0
Collab
CutePDF Writer 2.7
Deckadance
Diablo II
Dungeon Keeper 2
Fallout 3
FL Studio 8
Garena
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Graphmatica
Gyldendals Røde Ordbøger Dansk-Engelsk/Engelsk-Dansk Ordbog
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix til Windows Internet Explorer 7 (KB947864)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB952287)
HotKey
HP Memories Disc
hp psc 1200 series
IL Download Manager
IL-2 Sturmovik Series Ultimate Edition
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LiveUpdate 1.90 (Symantec Corporation)
Magic ISO Maker v5.3 (build 0221)
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.7.97
MathType 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Proofing Tools
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Groove MUI (Danish) 2007
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
mIRC
Mozilla Firefox (3.0.11)
Mozilla Sunbird (0.9)
mplayer.com
MS Access 97 SP2
MSI Live Update 3
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Nero - Burning Rom
Nero BackItUp 2 Essentials
Nero Media Player
NeroVision Express 2
neroxml
Nokia Connectivity Cable Driver
NVIDIA Drivers
NVIDIA nTune
Opdatering til Windows XP (KB951072-v2)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB967715)
OpenAL
PDF Settings
PokerStars
RealArcade
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB928090)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB931768)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB933566)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB937143)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB939653)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows Media Player 9 (KB917734)
Sikkerhedsopdatering til Windows XP (KB923789)
Sikkerhedsopdatering til Windows XP (KB938464)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951698)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB953839)
Sikkerhedsopdatering til Windows XP (KB954211)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956391)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956841)
Sikkerhedsopdatering til Windows XP (KB957095)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB960715)
SimCity 3000 World Edition
SONAR 7 Producer Edition
Sony ACID Pro 6.0
Sony Media Manager 2.2
SpellForce 2 - Shadow Wars
Spybot - Search & Destroy
Super nude patch II 2.8
System Requirements Lab
The Sims™ 3
Toxic Biohazard
ToxicIII
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Ventrilo Client
VLC media player 0.9.9
Windows Communication Foundation
Windows Imaging Component
Windows Live Billedgalleri
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinFast PVR
WinFast(R) Display Driver
WinFox V1.0 Setup
WinRAR archiver

Rooter

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 75 Stepping 2, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.11
Mozilla Firefox 3.0.11 (da)
.
C:\ [Fixed-NTFS] .. ( Total:153 Go - Free:73 Go )
D:\ [CD_Rom]
F:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 18:01.38
Path : c:\documents and settings\rasmus\skrivebord\rooter.exe
User : Rasmus ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (760)
______ \??\C:\WINDOWS\system32\csrss.exe (808)
______ \??\C:\WINDOWS\system32\winlogon.exe (832)
______ C:\WINDOWS\system32\services.exe (880)
______ C:\WINDOWS\system32\lsass.exe (892)
______ C:\WINDOWS\system32\svchost.exe (1048)
______ C:\WINDOWS\system32\svchost.exe (1108)
______ C:\WINDOWS\System32\svchost.exe (1204)
______ C:\WINDOWS\system32\svchost.exe (1244)
______ C:\WINDOWS\system32\svchost.exe (1300)
______ C:\WINDOWS\system32\svchost.exe (1344)
______ C:\WINDOWS\system32\spoolsv.exe (1552)
______ C:\WINDOWS\Explorer.exe (1932)
______ c:\windows\system32\wf2k.exe (2032)
______ c:\programmer\winfast\wftvfm\wfwiz.exe (172)
______ c:\programmer\microsoft intellipoint\point32.exe (228)
______ c:\windows\rthdcpl.exe (244)
______ c:\programmer\microsoft office\office12\groovemonitor.exe (272)
______ c:\windows\system32\rundll32.exe (288)
______ c:\programmer\java\jre6\bin\jusched.exe (296)
______ c:\programmer\eset\eset nod32 antivirus\egui.exe (304)
______ c:\programmer\google\googletoolbarnotifier\googletoolbarnotifier.exe (472)
______ c:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe (504)
______ c:\windows\system32\ctfmon.exe (524)
______ c:\programmer\spybot - search & destroy\teatimer.exe (532)
______ c:\programmer\windows media player\wmpnscfg.exe (620)
______ C:\Programmer\Bonjour\mDNSResponder.exe (720)
______ C:\WINDOWS\system32\cisvc.exe (916)
______ c:\programmer\magicdisc\magicdisc.exe (1324)
______ C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe (1396)
______ c:\programmer\microsoft office\office12\onenotem.exe (1408)
______ C:\WINDOWS\System32\svchost.exe (1548)
______ C:\Programmer\Java\jre6\bin\jqs.exe (1720)
______ C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe (1740)
______ C:\WINDOWS\system32\nvsvc32.exe (2160)
______ C:\WINDOWS\System32\snmp.exe (2224)
______ C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe (2332)
______ C:\Programmer\Windows Media Player\WMPNetwk.exe (2532)
______ C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe (3352)
______ C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe (3520)
______ C:\WINDOWS\System32\alg.exe (4088)
______ C:\WINDOWS\system32\DllHost.exe (3220)
______ C:\WINDOWS\system32\cidaemon.exe (2876)
______ c:\programmer\videolan\vlc\vlc.exe (2720)
______ c:\programmer\mozilla firefox\firefox.exe (2696)
______ c:\windows\system32\notepad.exe (3148)
______ c:\documents and settings\rasmus\skrivebord\rooter.exe (2900)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:164686523904)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\Tasks\Symantec NetDetect.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\Rasmus\Skrivebord\spil\wormes\winzip\keygen.exe
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 18:03.06
.
C:\Rooter$\Rooter_1.txt - (13/07/2009 | 18:03.06).c
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 13th, 2009, 8:30 pm

Hi

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Ask Toolbar

If some programs listed are not present, please do not panic

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
New HijackThis log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 13th, 2009, 11:17 pm

Hi
I got a problem after I have complete the scan on my computer it restarted and now it won’t open again every time it comes to login on to windows it frees up in 5 to 8 min and then it restarts again...

There is also a Microsoft windows recovery consol when I start my computer but I don’t know how I work.. please help as fast as possible.
Are there any things I can do???
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 14th, 2009, 3:07 am

Hi
We'll try this first:
  • Reboot your computer & tap the f8 key (or f5 key) repeatedly until you see the Windows Advanced Options Menu
  • Using the arrow keys scroll down to Disable automatic restart upon system failure & press Enter
  • Select you Operating System then press Enter & see if it boots normally
If you get a Blue Screen, write down everything on the screen & post the information back here.
There are a couple of other things we can try if this doesn't work so let me know how you go.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 14th, 2009, 10:31 am

Hi

When I start my computer and press F8 and get into the Windows Advanced Options Menu and then I selected the Disable automatic restart upon system failure...
When I got to that point where it normally restarts it just turned into black screen the computer was stile powered up but it didn’t had any screen...
I’m not sure that I know where to find the boot menu I’m only pressing the F8 bottom and selecting the Disable automatic restart upon system failure.
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 14th, 2009, 9:23 pm

Hi
We'll try this next:
  • Reboot your computer & tap the f8 key (or f5 key) repeatedly until you see the Windows Advanced Options Menu
  • Using the arrow keys scroll down to Last Known Good Configuration (your most recent settings that worked) & press Enter
  • Select your Operating System then press Enter & see if it boots normally
Let me know how you go. We still have other options if this doesn't work.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 15th, 2009, 5:26 am

hi

stille nothing its just restarting after the 8 min
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 15th, 2009, 7:16 am

Hi
  • Restart your computer
  • Before Windows loads, you will be prompted to choose which Operating System to start
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto. Type 1 and press enter
  • At the C:\Windows prompt, type the following bolded text, and press Enter:
cd erdnt\subs

  • At the next prompt, type the following bolded text, and press Enter:
batch erdnt.con

  • The erunt backups will begin copying
  • At the next prompt, type the following bolded text, and press Enter:
exit

Windows will now begin loading.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 15th, 2009, 10:21 am

hi

After I was one with the Microsoft Windows Recovery Console and typed exit it restarted and began to log on to windows but I did still restart.
Then I tried to disable automatic restart upon system failure and this time I got a blue screen.

blue screen.
stop: C0000145 {programfejl}
det lykkedes ikke at initialisere programmet korrekt (0xc0000142). klik på ok for at afslutte programmet.

blue screen. (english)
stop: C0000145 {Application Error}
Failed to initialize the program correctly (0xc0000142).
Click OK to exit the program.

translatet with google translate..
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm

Re: Error massage saing c\windows\config\lsass.exe

Unread postby jmw3 » July 15th, 2009, 12:27 pm

Hi
When you try to boot, how far in to the boot sequence do you get before it restarts? Does it get to the XP splash screen or does it restart before that?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Error massage saing c\windows\config\lsass.exe

Unread postby Rasmus1112 » July 15th, 2009, 2:07 pm

hi

There stands welcome and when there has past 8 min i just get a glimpse of the desktop and then it restart.
Rasmus1112
Regular Member
 
Posts: 24
Joined: July 8th, 2009, 12:09 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware