Re: HijackThisLog Analysis - Larsy : MAC-NET Secures IT

MAC-NET

How to

Do more with Firefox^NEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack

Home » Spyware Protection » Hijacked Browser Analysis »

Re: HijackThisLog Analysis - Larsy

Date: 3 August 2004

Here is what you should do.

End the below suspicious process :

C:\WINDOWS\system32\imad.exe

Remove these search keys:

Remove these Hosts file redirection (O1):

O1 - Hosts: 213.203.193.164 addlogs.de
O1 - Hosts: 213.203.193.164 aldostools.com
O1 - Hosts: 213.203.193.164 download.freeweb-hosting.com
...
O1 - Hosts: 213.203.193.164 zeropaid.com
O1 - Hosts: 213.203.193.164 zuccaweb.it

Remove these additional browser plug-in keys (O2...O4):

O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing)
O2 - BHO: (no name) - {605A9953-52E6-4C42-9887-50E8FD2564AB} - C:\WINNT\system32\mdlcfba.dll
O2 - BHO: (no name) - {808DD6BD-CB13-4CD0-A3D6-B98E9F24C734} - C:\WINDOWS\System32\hiefkha.dll

O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1013.dll,InstantAccess
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKLM\..\Run: [Hot_dk] C:\Program Files\GMSoft\Dialers\Hot_dk\Hot_dk.exe /dontdial

Remove these ActiveX Objects (aka Downloaded Program Files) if you are not using them (O16):

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http:??www.drivershq.com/DD_v4.CAB
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http:??akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http:??akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http:??akamai.downloadv3.com/binaries/LiveService/LiveService_3_EN_XP.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http:??akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1040_pack_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http:??akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {A02780C3-7F77-4E28-855B-28890F3CF37A} - http:??akamai.downloadv3.com/binaries/DialHTML/EGCOMLIB_1034_pack_XP.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http:??akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1013_EN_XP.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http:??akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab

Reboot the computer and put it to safe mode. Then delete these files from your C: drive.

C:\WINDOWS\system32\imad.exe
C:\Program Files\GMSoft\Dialers\Hot_dk\Hot_dk.exe

Original log but with private information removed.

Logfile of HijackThis v1.97.7
Scan saved at 12:40:53, on 31-07-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\imad.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\ATnotes\ATnotes.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\iFinger\iFinger.exe
C:\Programmer\Microsoft Office\Office\OUTLOOK.EXE
C:\Programmer\Microsoft Office\Office\WINWORD.EXE
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Programmer\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\Winamp\winamp.exe
C:\Programmer\Winamp\Winampa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\TASKMON.EXE
C:\WINNT\GTCO\wtxpload.exe
C:\WINNT\GTCO\xpoint32.exe
C:\temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http:??www.aomi.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:??www.1md.de/kazaa-download.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:??www.msn.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file:??C:\DOCUME~1\ITTSSP~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http:??www.msn.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:??www.aomi.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file:??C:\DOCUME~1\ITTSSP~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:??g.msn.dk/0SEDADK/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:??www.aomi.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file:??C:\DOCUME~1\ITTSSP~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:??www.aomi.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file:??C:\DOCUME~1\ITTSSP~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:??red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http:??www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:??www.tdconline.dk/start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file:??C:\DOCUME~1\ITTSSP~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file:??C:\DOCUME~1\ITTSSP~1\LOKALE~1\Temp\sp.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 213.203.193.164 addlogs.de
O1 - Hosts: 213.203.193.164 aldostools.com
O1 - Hosts: 213.203.193.164 download.freeweb-hosting.com
...
O1 - Hosts: 213.203.193.164 zeropaid.com
O1 - Hosts: 213.203.193.164 zuccaweb.it
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {605A9953-52E6-4C42-9887-50E8FD2564AB} - C:\WINNT\system32\mdlcfba.dll
O2 - BHO: (no name) - {808DD6BD-CB13-4CD0-A3D6-B98E9F24C734} - C:\WINDOWS\System32\hiefkha.dll
O2 - BHO: (no name) - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Programmer\iFinger\plugins\IE.ifp
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: AdsCleaner Helper - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Programmer\AdsCleaner Trial\PAKIEPlugins.dll
O2 - BHO: BrowserHelper Class - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\SYSTEM\STOPZILLABHO.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Offliner AdFilter Helper - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - C:\WINDOWS\system32\SiPlugins.dll
O2 - BHO: Poly HTML Filter BHO - {0140DF95-9128-4053-AE72-F43F0CFCA062} - C:\WINDOWS\system32\SiKernel.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AdsCleaner Bar - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\ADSCLE~1\PAKIEGUI.dll
O3 - Toolbar: AdsCleaner Links Bar - {A8415B7A-F661-4D31-92D7-4398E50483DF} - C:\PROGRA~1\ADSCLE~1\PAKIEGUI.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1501.0\da\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: iFinger 2.0.lnk = C:\Programmer\iFinger\iFinger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - HKCU\..\Run: [AdsCleaner] C:\Programmer\AdsCleaner Trial\AdsCleaner.exe /MIN
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmer\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1013.dll,InstantAccess
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent_.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyKiller] C:\Programmer\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ControlCentreTray] C:\PROGRAMMER\XEROX\CONTROLCENTRE 2.0\XWCTRAY.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINNT\GTCO\wtxpload.exe GTCO
O4 - HKLM\..\Run: [Hot_dk] C:\Program Files\GMSoft\Dialers\Hot_dk\Hot_dk.exe /dontdial
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Job-oversigt] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Perfect Process shield] C:\Programmer\Perfect Process\ppshield.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Skan registreringsdatabase] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [STOPzilla] C:\PROGRAMMER\STOPZILLA!\STOPZILLA.EXE /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [System] C:\WINDOWS\System\plugin.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USBTA] C:\WINDOWS\System32\usbtapnp.exe
O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [XWMSUSBAPI] XWMSAPI.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Planlægningsagent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Update Price.lnk = C:\Programmer\Lindab\Price\WiseUpdt.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res:??c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add banner url(s) to AdsCleaner - C:\Programmer\AdsCleaner Trial\System\Scripts\off_banner.htm
O8 - Extra context menu item: Add selected links to Link Container - C:\Programmer\AdsCleaner Trial\System\Scripts\off_collector_sel.htm
O8 - Extra context menu item: Backward &Links - res:??c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Bookmark all links in AdsCleaner - C:\Programmer\AdsCleaner Trial\System\Scripts\off_all.htm
O8 - Extra context menu item: Bookmark selected link(s) in AdsCleaner - C:\Programmer\AdsCleaner Trial\System\Scripts\off_sel.htm
O8 - Extra context menu item: Cac&hed Snapshot of Page - res:??c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open all links in new windows - C:\Programmer\AdsCleaner Trial\System\Scripts\off_open_all.htm
O8 - Extra context menu item: Open selected link(s) in new windows - C:\Programmer\AdsCleaner Trial\System\Scripts\off_open_sel.htm
O8 - Extra context menu item: Say to AdsCleaner Team about banner - C:\Programmer\AdsCleaner Trial\System\Scripts\off_report_ad.htm
O8 - Extra context menu item: Show domain links - C:\Programmer\AdsCleaner Trial\System\Scripts\off_domain_links.htm
O8 - Extra context menu item: Si&milar Pages - res:??c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res:??c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Åbn billede i &Microsoft PhotoDraw - res:??C:\PROGRA~1\MICROS~2\Office\1030\phdintl.dll/phdContext.htm
O9 - Extra button: AdsCleaner Bar (HKLM)
O9 - Extra button: iFinger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra ´Tools´ menuitem: Messenger (HKLM)
O9 - Extra ´Tools´ menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http:??www.tdconline.dk/start
O15 - Trusted Zone: *.dba.dk
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http:??www.drivershq.com/DD_v4.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http:??office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http:??akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http:??akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http:??akamai.downloadv3.com/binaries/LiveService/LiveService_3_EN_XP.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http:??download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http:??www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http:??download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1079609913281
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http:??akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http:??akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1040_pack_XP.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http:??download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file:??D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http:??office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http:??akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https:??webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http:??uranus.hef.dk/standard/viewer/mgaxctrl.cab
O16 - DPF: {6CAFBA3E-FB85-11D3-915A-08005ACEEF64} (KPSimDialog Class) - http:??virk.dk/avguide/NyVirksomhed/plugins/kpsimie.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http:??www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file:??D:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http:??www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http:??v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38050.2478356482
O16 - DPF: {A02780C3-7F77-4E28-855B-28890F3CF37A} - http:??akamai.downloadv3.com/binaries/DialHTML/EGCOMLIB_1034_pack_XP.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https:??udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http:??scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http:??akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1013_EN_XP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http:??download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http:??akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab

Reference:

akamai.downloadv3.com