View Full Version : Zlob.DNSChanger
grimblegromble
2008-09-27, 12:08
- Tried to remove it with Spybot. Spybot in safe mode always finds it again.
- Norman Antivirus says nothing.
- HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:58, on 2008-09-27
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Keyboard Manager Utility] "c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\WinampPro\winampa.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [6AD.tmp] C:\Windows\temp\6AD.tmp
O4 - HKLM\..\Run: [C:\Windows\system32\kdryz.exe] C:\Windows\system32\kdryz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdypv.exe] C:\Windows\system32\kdypv.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdwhq.exe] C:\Windows\system32\kdwhq.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdvim.exe] C:\Windows\system32\kdvim.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdwvt.exe] C:\Windows\system32\kdwvt.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdceu.exe] C:\Windows\system32\kdceu.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdfvl.exe] C:\Windows\system32\kdfvl.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocl.exe] C:\Windows\system32\kdocl.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdoww.exe] C:\Windows\system32\kdoww.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdpib.exe] C:\Windows\system32\kdpib.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdowr.exe] C:\Windows\system32\kdowr.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdqry.exe] C:\Windows\system32\kdqry.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdnev.exe] C:\Windows\system32\kdnev.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdhnc.exe] C:\Windows\system32\kdhnc.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdjho.exe] C:\Windows\system32\kdjho.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdjls.exe] C:\Windows\system32\kdjls.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdrri.exe] C:\Windows\system32\kdrri.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxth.exe] C:\Windows\system32\kdxth.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ED44734-A45E-42A2-8A1D-3AB12BDFE18D}: NameServer = 85.255.115.45,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{6860D4F3-36CF-47B9-B290-5629C8784CAD}: NameServer = 85.255.115.45,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACE160B2-7C7B-451E-8A73-D5EBAE05A9F7}: NameServer = 85.255.115.45,85.255.112.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{0ED44734-A45E-42A2-8A1D-3AB12BDFE18D}: NameServer = 85.255.115.45,85.255.112.110
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdltm.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11134 bytes
Please, help me getting rid of this.
Hi grimblegromble
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Post:
- mbam log
- rsit logs (taken after mbam run)
grimblegromble
2008-09-28, 20:42
Hi Shaba, and thanks a lot for helping me out!
1) The scan is done.
2) The log file you requested:
Malwarebytes' Anti-Malware 1.28
Database version: 1219
Windows 6.0.6000
2008-09-28 19:29:09
mbam-log-2008-09-28 (19-29-09).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 195995
Time elapsed: 2 hour(s), 18 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 18
Registry Data Items Infected: 14
Folders Infected: 1
Files Infected: 139
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdryz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdypv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdwhq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdvim.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdwvt.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdceu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdfvl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdocl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdoww.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdpib.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdowr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdqry.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdnev.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdhnc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdjho.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdjls.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdrri.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdxth.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\kdryz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdypv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdwhq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdvim.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdwvt.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdceu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdfvl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdocl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdoww.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdpib.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdowr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdqry.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdnev.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdhnc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdjho.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdjls.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdrri.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdxth.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdahp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdahr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdajz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdapf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdbdi.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdbou.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdbsw.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdbvn.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdbxj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdbxy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdcvf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdcwq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdhxo.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdomk.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdhzw.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdiiv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdipd.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdiva.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdjcp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdjlp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdjmm.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdjuj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdkbb.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdkhm.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdkjj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdkmo.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdkqz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdksf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdksu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdlhh.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdlky.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdltm.exe (Trojan.DNSChanger) -> Delete on reboot.
C:\Windows\System32\kdlvy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdmex.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdmpl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdmul.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdmvy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdnkg.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdnxu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdodx.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdofv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdoju.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdokr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdokv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdwaq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdwfc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdwhz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdwiv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdwju.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdwlt.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdwsf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdwxj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdxch.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdxgz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdxkt.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdxnp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdxxl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdxyu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdyec.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdyei.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdygy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdyqp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdzae.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdzgg.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdzld.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdzmp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdzpy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdztu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdzue.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdzvd.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdzyf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kddku.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kddwd.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdeao.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdefe.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdehq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdeld.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdepr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdfaw.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdfdn.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdffn.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdfgv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdfzm.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdgdx.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdgep.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdgfj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdggv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdgjb.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdgms.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdgqw.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdguq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdgxa.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdhdc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdhfr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdhgf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdhim.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdhtj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdprv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdpsl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdqef.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdqrm.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdqtc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdqud.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdqzb.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdrab.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdral.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdrdn.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdrrp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdrsg.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdrsy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdrzp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdscw.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdsto.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdtbl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdtqz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdttr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdtyu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdunu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\kdutz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
D:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Please post also RSIT logs :)
grimblegromble
2008-09-28, 21:39
Sorry, somehow i forgot it...
However RSIT isn't working properly. After half the process this dialogue pops up:
"Line- 1:
Error: Subscript used with non-Array variable."
When i click OK RSIT is shut down.
Ok, we use then this instead:
Please download OTViewIt (http://oldtimer.geekstogo.com/OTViewIt.exe) by OldTimer and save it to your Desktop.
Close all applications and windows.
Double-click on the OTViewIt.exeto start OTViewIt.
Place a checkmark in the blue-colored "Scan All Users" checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
grimblegromble
2008-09-28, 22:26
Thanks. Worked much better.
- I couldn't post the whole log at once, this is the first part of OTViewIt.exe:
OTViewIt logfile created on: 2008-09-28 21:13:19 - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\David\Desktop
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 61,03% Memory free
4,00 Gb Paging File | 3,22 Gb Available in Paging File | 80,61% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 22,14 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 12,75 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HIPAWUFO
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2006-11-02 11:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006-11-02 11:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007-08-28 11:56:51 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007-08-30 10:15:48 | 00,150,584 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe
[2007-08-09 14:38:00 | 00,322,616 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe
[2006-11-02 11:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006-11-02 11:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006-11-02 14:34:48 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2007-08-28 11:50:21 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2007-01-11 20:54:12 | 01,359,872 | ---- | M] (Quanta Computer, INC.) -- C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
[2007-08-09 15:40:06 | 00,183,352 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zlh.exe
[2008-06-10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006-10-27 01:00:00 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008-02-11 20:13:12 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
[2008-02-11 20:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
[2008-02-11 20:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
[2008-02-11 20:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
[2008-08-15 08:46:08 | 00,910,864 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
[2007-02-22 18:32:12 | 00,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
[2008-02-11 20:13:06 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
[2008-03-31 13:08:10 | 00,175,160 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nip.exe
[2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999-12-13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE
[2002-12-17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
[2006-11-02 11:45:49 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2006-12-08 19:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
[2006-11-02 14:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006-08-04 17:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2008-07-07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
[2007-03-16 13:28:26 | 00,150,584 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe
[2007-05-23 14:23:54 | 00,146,488 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcsched.exe
[2007-12-12 12:45:14 | 00,179,256 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcoas.exe
[2006-11-02 11:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007-03-15 13:47:56 | 00,142,392 | ---- | M] () -- C:\Program Files\Norman\Nvc\bin\CClaw.exe
[2006-11-02 11:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008-07-19 07:10:40 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2008-09-27 16:27:54 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3\firefox.exe
[2006-12-18 23:18:54 | 01,716,224 | ---- | M] () -- C:\Program Files\DC++\DCPlusPlus.exe
[2008-09-28 21:12:04 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006-11-02 08:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999-12-13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2008-01-07 09:36:56 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006-11-02 14:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006-11-02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2007-08-30 10:15:48 | 00,150,584 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6 [Auto | Running])
[2008-02-18 00:10:39 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2006-11-02 14:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006-11-02 11:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2006-11-02 14:36:02 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006-11-02 15:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2002-12-17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [Auto | Running])
[2002-12-17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2006-11-02 14:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007-02-26 20:16:22 | 00,267,824 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007-03-16 13:28:26 | 00,150,584 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves [On_Demand | Running])
[2007-08-09 14:38:00 | 00,322,616 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA [Auto | Running])
[2007-12-12 12:45:14 | 00,179,256 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcoas.exe -- (nvcoas [On_Demand | Running])
[2007-05-23 14:23:54 | 00,146,488 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcsched.exe -- (NVCScheduler [On_Demand | Running])
[2007-08-24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006-11-02 11:46:12 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008-07-07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
[2006-11-02 11:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
[2007-12-10 14:59:04 | 00,353,280 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
[2006-11-02 11:45:49 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp [Auto | Running])
[2007-08-28 11:56:51 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006-11-02 11:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2002-12-17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2006-12-08 19:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler [Auto | Running])
[2008-02-13 10:45:56 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
[2006-11-02 11:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007-10-18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006-11-02 11:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- C:\Windows\system32\kdltm.exe -- (Windows Tribute Service [Auto | Stopped])
[2007-10-25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006-11-02 14:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006-11-02 14:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2006-08-04 17:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])
========== Driver Services ==========
[2006-11-02 11:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006-11-02 11:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006-11-02 11:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006-11-02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006-11-02 11:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006-11-02 11:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006-11-02 11:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006-11-02 10:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006-11-02 10:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006-11-02 11:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006-11-02 11:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2006-11-02 10:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006-11-02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006-11-02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006-11-02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006-11-02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006-11-02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006-11-02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2008-04-29 03:42:12 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Running])
[2006-11-02 10:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
[2006-11-02 10:55:27 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Running])
[2008-04-29 03:42:12 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008-04-29 03:42:08 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Running])
[2006-11-02 10:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008-02-13 10:45:59 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006-11-02 11:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006-11-02 11:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006-11-02 10:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006-11-02 10:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008-01-07 09:36:56 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006-11-02 09:30:54 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2006-11-02 09:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006-11-02 14:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006-11-02 11:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006-11-02 11:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006-11-02 10:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006-11-02 11:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006-11-01 23:43:50 | 00,145,920 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService [On_Demand | Running])
[2007-08-28 12:05:11 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006-11-02 10:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006-11-02 10:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006-11-02 11:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006-11-02 09:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2006-10-18 11:09:26 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2006-10-18 11:08:14 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2006-11-02 11:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp [Disabled | Stopped])
[2008-02-11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])
[2006-10-31 14:46:36 | 00,250,368 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006-11-02 11:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2008-02-11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx [On_Demand | Running])
[2006-11-02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006-11-02 10:30:18 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm [On_Demand | Running])
[2006-11-02 10:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006-11-02 11:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006-11-02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006-11-02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006-02-07 19:52:58 | 00,006,912 | ---- | M] (JMicron ) -- C:\Windows\System32\drivers\JGOGO.sys -- (JGOGO [Boot | Stopped])
[2007-04-03 16:53:12 | 00,047,872 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\System32\drivers\jraid.sys -- (JRAID [Disabled | Stopped])
[2008-02-13 10:45:55 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2006-11-02 10:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006-11-02 11:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006-11-02 11:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006-11-02 11:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006-11-02 10:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006-06-19 14:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006-11-02 11:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2007-12-16 11:56:45 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006-11-02 11:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2007-08-28 12:01:30 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Stopped])
[2006-11-02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2006-11-02 10:31:27 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2007-12-21 23:57:29 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006-11-02 11:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006-11-02 11:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006-11-02 11:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006-11-02 11:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2006-11-02 10:51:13 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008-02-13 10:43:40 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2007-01-02 10:55:18 | 00,020,448 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio [Auto | Running])
[2006-10-30 10:42:28 | 01,786,880 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32 [On_Demand | Running])
[2006-11-02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006-11-02 10:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006-11-02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006-07-14 14:55:34 | 00,105,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvatabus.sys -- (nvatabus [Disabled | Stopped])
[2007-01-09 16:25:38 | 00,006,712 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcfsr.sys -- (nvcfsr [On_Demand | Stopped])
[2008-02-11 15:56:46 | 00,019,512 | ---- | M] (Norman ASA) -- C:\Windows\System32\drivers\nvcv32mf.sys -- (NvcMFlt [On_Demand | Running])
[2007-01-09 16:25:38 | 00,036,472 | ---- | M] () -- C:\Program Files\Norman\Nvc\bin\Nvcoafl4.sys -- (nvcoafl4 [On_Demand | Stopped])
[2007-01-09 16:25:38 | 00,104,288 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcoaft4.sys -- (nvcoaft4 [On_Demand | Stopped])
[2007-01-09 16:25:38 | 00,025,528 | ---- | M] () -- C:\Program Files\Norman\Nvc\bin\Nvcoarc4.sys -- (nvcoarc4 [On_Demand | Stopped])
[2006-07-14 14:55:42 | 00,089,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006-11-02 11:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006-11-02 11:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006-11-02 11:49:20 | 00,013,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys -- (pciide [Disabled | Stopped])
[2006-11-02 11:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2006-11-02 10:30:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys -- (Processor [Disabled | Stopped])
[2008-01-07 09:36:57 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006-08-18 00:32:26 | 00,033,664 | ---- | M] (Quanta Computer Inc.) -- C:\Windows\System32\drivers\qkbfiltr.sys -- (qkbfiltr [On_Demand | Running])
[2006-11-02 11:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006-11-02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006-11-02 14:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006-11-02 11:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006-11-02 10:55:23 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Running])
[2006-11-15 18:16:24 | 00,032,256 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2006-11-15 13:42:46 | 00,043,520 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2006-11-15 11:35:20 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2006-11-02 10:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2007-04-24 11:33:42 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl [On_Demand | Stopped])
[2007-04-24 11:33:44 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm [On_Demand | Stopped])
[2007-04-24 11:33:46 | 00,098,696 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex [On_Demand | Stopped])
[2006-11-02 11:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2007-08-28 12:04:29 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006-11-02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008-02-13 10:45:55 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006-11-02 10:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006-11-02 10:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006-11-02 10:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006-11-02 11:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2005-01-11 17:58:48 | 00,030,976 | ---- | M] (Silicon Integrated Systems Corp) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006-11-02 11:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006-11-02 10:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2006-11-02 11:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008-08-27 11:18:32 | 00,715,248 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007-12-21 23:57:29 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2007-12-21 23:57:29 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006-11-02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006-11-02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006-11-02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006-10-27 01:00:00 | 00,179,896 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2006-11-02 10:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006-11-02 10:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006-11-02 11:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Running])
[2007-08-28 12:01:29 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2007-08-28 12:01:29 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Stopped])
[2006-11-02 11:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006-11-02 11:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006-11-02 11:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006-11-02 11:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006-11-02 10:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006-11-02 10:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2007-08-28 12:02:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2006-11-02 10:55:05 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci [Disabled | Stopped])
[2006-11-02 10:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006-11-02 11:49:52 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp [On_Demand | Stopped])
[2006-11-02 10:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006-11-02 11:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006-03-31 02:18:30 | 00,100,992 | ---- | M] (VIA Technologies inc,.ltd) -- C:\Windows\System32\drivers\viamraid.sys -- (viamraid [Disabled | Stopped])
[2006-04-07 17:06:38 | 00,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB [On_Demand | Stopped])
[2006-11-02 11:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006-11-02 11:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006-11-02 11:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Boot | Running])
[2006-11-07 10:42:16 | 00,061,504 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\w200bus.sys -- (w200bus [On_Demand | Stopped])
[2006-11-07 10:42:22 | 00,009,328 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\w200mdfl.sys -- (w200mdfl [On_Demand | Stopped])
[2006-11-07 10:42:24 | 00,097,056 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\w200mdm.sys -- (w200mdm [On_Demand | Stopped])
[2006-11-07 10:42:28 | 00,088,560 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\w200mgmt.sys -- (w200mgmt [On_Demand | Stopped])
[2006-11-02 10:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006-11-02 11:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008-02-13 10:45:56 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006-11-02 02:50:52 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr [On_Demand | Stopped])
[2006-10-18 11:08:04 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2006-11-02 10:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006-11-02 11:04:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb [On_Demand | Stopped])
[2006-11-02 10:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2006-11-02 10:54:52 | 00,082,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd [On_Demand | Stopped])
[2006-08-04 17:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])
grimblegromble
2008-09-28, 22:28
This is the last part of OTViewIt.txt
(Not .exe, as i wrote before, of course...)
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.gazetawyborcza.pl/0,0.html?p=4
"StartPageCache"=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.gazetawyborcza.pl/0,0.html?p=4
"StartPageCache"=
[HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (221616 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 1001-search.info
127.0.0.1 www.1001-search.info
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
7778 more lines...
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6AD.tmp"=C:\Windows\temp\6AD.tmp File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\Windows\system32\igfxtray.exe (Intel Corporation)
"Keyboard Manager Utility"="c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H (Quanta Computer, INC.)
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"Norman ZANDA"=C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH (Norman ASA)
"Persistence"=C:\Windows\system32\igfxpers.exe (Intel Corporation)
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"WinampAgent"="D:\Program Files\WinampPro\winampa.exe" File not found
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
[HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoLowDiskSpaceChecks"=1
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008-07-03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Skicka till OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Ski&cka till OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Skype -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
========== (O17) DNS Name Servers ==========
{0ED44734-A45E-42A2-8A1D-3AB12BDFE18D} (Servers: 85.255.115.45,85.255.112.110 | Description: Intel(R) PRO/Wireless 3945ABG Network Connection)
{6860D4F3-36CF-47B9-B290-5629C8784CAD} (Servers: 85.255.115.45,85.255.112.110 | Description: )
{ACE160B2-7C7B-451E-8A73-D5EBAE05A9F7} (Servers: 85.255.115.45,85.255.112.110 | Description: Intel(R) PRO/100 VE Network Connection)
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)
========== HKLM *SecurityProviders* ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006-11-02 11:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
========== LSA *Security Packages* ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006-11-02 11:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
autoexec.bat [REM Dummy file for NTVDM | ]
[2006-09-18 23:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
[2008-09-26 18:56:38 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
[2008-09-26 18:56:38 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43dff471-7419-11dd-8cb1-0011e2fc38f9}\Shell]
""=AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43dff471-7419-11dd-8cb1-0011e2fc38f9}\Shell\AutoRun\command]
""=F:\setup.exe -- File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\Users\David\Desktop\*.tmp files]
[2099-02-12 16:16:46 | 00,000,000 | ---D | C] -- C:\Photoshop CS3
[2008-09-28 21:11:58 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTViewIt.exe
[2008-09-28 21:11:29 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTViewIt.exe.part
[2008-09-28 20:33:20 | 00,000,000 | ---D | C] -- C:\rsit
[2008-09-28 19:31:12 | 00,000,000 | ---D | C] -- C:\Avenger
[2008-09-28 16:34:34 | 00,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2008-09-28 16:34:25 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008-09-28 16:34:24 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008-09-28 16:34:24 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008-09-28 16:34:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008-09-28 16:34:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008-09-28 16:33:24 | 02,182,784 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\David\Desktop\mbam-setup.exe
[2008-09-27 19:23:41 | 00,010,442 | ---- | C] () -- C:\Users\David\Desktop\Prag.docx
[2008-09-27 10:27:44 | 00,001,880 | ---- | C] () -- C:\Users\David\Desktop\HijackThis.lnk
[2008-09-27 10:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008-09-27 00:27:02 | 01,739,891 | -H-- | C] () -- C:\Users\David\AppData\Local\IconCache.db
[2008-09-26 23:11:45 | 21,371,86304 | -HS- | C] () -- C:\hiberfil.sys
[2008-09-26 19:02:15 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Users\David\Desktop\spybotsd160.exe
[2008-09-26 18:49:25 | 00,000,000 | ---D | C] -- C:\Users\David\Documents\SafeNet Sentinel
[2008-09-26 18:49:18 | 00,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2008-09-26 18:49:18 | 00,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2008-09-26 18:49:18 | 00,000,114 | ---- | C] () -- C:\Windows\System32\prsgrc.tgz
[2008-09-26 18:49:18 | 00,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2008-09-26 18:47:59 | 00,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
[2008-09-26 18:44:41 | 00,000,000 | ---D | C] -- C:\ProgramData\SPSS
[2008-09-26 18:44:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SPSS
[2008-09-26 18:44:39 | 00,000,000 | ---D | C] -- C:\Program Files\SPSSInc
[2008-09-26 18:42:17 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz
[2008-09-26 18:42:17 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008-09-26 18:42:17 | 00,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz
[2008-09-26 18:42:17 | 00,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008-09-26 18:42:17 | 00,000,016 | -H-- | C] () -- C:\Windows\System32\servdat.slm
[2008-09-26 18:36:34 | 00,000,103 | RHS- | C] () -- C:\autorun.inf
[2008-09-26 18:24:56 | 00,000,000 | ---- | C] () -- C:\law.sp
[2008-09-25 17:43:04 | 00,013,543 | ---- | C] () -- C:\Users\David\Desktop\Dagschema.docx
[2008-09-25 14:02:26 | 00,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{5718DBEF-E062-4CEC-8000-4FFB5E87FFC7}.job
[2008-09-22 21:25:13 | 00,000,000 | ---D | C] -- C:\Users\David\Documents\WTFMOOSOSWLLHHASHTEWPB
[2008-09-22 20:02:56 | 00,000,000 | ---D | C] -- C:\Commandos II
[2008-09-22 19:43:00 | 00,000,000 | ---D | C] -- C:\COMMANDOS_2
[2008-09-14 20:49:09 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2008-09-12 08:50:26 | 00,118,784 | ---- | C] () -- C:\Windows\GREUninstall.exe
[2008-09-12 08:50:20 | 00,007,342 | ---- | C] () -- C:\Windows\mozver.dat
[2008-09-11 21:30:14 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008-09-11 07:10:52 | 00,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Agency9
[2008-09-08 20:47:57 | 00,000,000 | ---D | C] -- C:\Users\David\Desktop\JMG
[2008-09-05 10:31:09 | 00,015,924 | ---- | C] () -- C:\Users\David\Desktop\gupea_2077_17254_1.pdf
[2008-08-30 11:03:29 | 00,000,000 | ---D | C] -- C:\Users\David\Desktop\Kår-OCR mm-filer
[2008-08-30 11:03:27 | 00,002,904 | ---- | C] () -- C:\Users\David\Desktop\Kår-OCR mm.htm
========== Files - Modified Within 30 Days ==========
[1 C:\Users\David\Desktop\*.tmp files]
[2008-09-28 21:12:04 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTViewIt.exe
[2008-09-28 21:11:39 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTViewIt.exe.part
[2008-09-28 21:10:09 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{435032EC-C9FE-4FEB-B18C-C8AB7458F99D}.job
[2008-09-28 21:09:59 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5718DBEF-E062-4CEC-8000-4FFB5E87FFC7}.job
[2008-09-28 20:31:39 | 00,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008-09-28 20:31:39 | 00,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008-09-28 19:36:32 | 00,613,726 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008-09-28 19:36:32 | 00,112,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008-09-28 19:36:31 | 00,730,302 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008-09-28 19:31:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008-09-28 19:31:24 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008-09-28 19:31:22 | 21,371,86304 | -HS- | M] () -- C:\hiberfil.sys
[2008-09-28 19:30:32 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2008-09-28 19:30:24 | 01,739,891 | -H-- | M] () -- C:\Users\David\AppData\Local\IconCache.db
[2008-09-28 17:26:04 | 00,081,920 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-28 16:34:25 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008-09-28 16:33:26 | 02,182,784 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\David\Desktop\mbam-setup.exe
[2008-09-28 16:28:23 | 00,000,500 | ---- | M] () -- C:\Users\David\Documents\Mina delade mappar.lnk
[2008-09-27 19:54:06 | 00,010,442 | ---- | M] () -- C:\Users\David\Desktop\Prag.docx
[2008-09-27 10:27:44 | 00,001,880 | ---- | M] () -- C:\Users\David\Desktop\HijackThis.lnk
[2008-09-26 22:41:46 | 00,002,645 | ---- | M] () -- C:\Users\David\Desktop\Trafikskolan TEO.lnk
[2008-09-26 19:33:36 | 00,085,992 | ---- | M] () -- C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
[2008-09-26 19:02:31 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Users\David\Desktop\spybotsd160.exe
[2008-09-26 18:58:31 | 02,107,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2008-09-26 18:56:38 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
[2008-09-26 18:55:31 | 00,013,543 | ---- | M] () -- C:\Users\David\Desktop\Dagschema.docx
[2008-09-26 18:49:18 | 00,001,024 | ---- | M] () -- C:\Windows\System32\grcauth2.dll
[2008-09-26 18:49:18 | 00,001,024 | ---- | M] () -- C:\Windows\System32\grcauth1.dll
[2008-09-26 18:49:18 | 00,000,114 | ---- | M] () -- C:\Windows\System32\prsgrc.tgz
[2008-09-26 18:49:18 | 00,000,100 | ---- | M] () -- C:\Windows\System32\prsgrc.dll
[2008-09-26 18:44:26 | 00,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2008-09-26 18:44:26 | 00,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2008-09-26 18:44:26 | 00,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm
[2008-09-26 18:43:19 | 00,000,000 | ---- | M] () -- C:\law.sp
[2008-09-26 18:42:17 | 00,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
[2008-09-26 18:42:17 | 00,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
[2008-09-12 08:50:49 | 00,000,335 | ---- | M] () -- C:\Windows\nsreg.dat
[2008-09-12 08:50:45 | 00,007,342 | ---- | M] () -- C:\Windows\mozver.dat
[2008-09-12 08:50:26 | 00,118,784 | ---- | M] () -- C:\Windows\GREUninstall.exe
[2008-09-10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008-09-10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008-09-05 10:31:11 | 00,015,924 | ---- | M] () -- C:\Users\David\Desktop\gupea_2077_17254_1.pdf
[2008-09-04 09:22:47 | 24,540,9861 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2008-08-30 11:03:32 | 00,002,904 | ---- | M] () -- C:\Users\David\Desktop\Kår-OCR mm.htm
< End of report >
grimblegromble
2008-09-28, 22:29
Here comes Extras.txt:
OTViewIt Extras logfile created on: 2008-09-28 21:13:19 - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\David\Desktop
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 61,03% Memory free
4,00 Gb Paging File | 3,22 Gb Available in Paging File | 80,61% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 22,14 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 12,75 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HIPAWUFO
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2533349112-1644346335-2104464119-1000]
"EnableNotifications"=0
"EnableNotificationsRef"=1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
NameSpace_Catalog5\Catalog_Entries\000000000008 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Protocol Defaults ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2006-10-26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007-12-07 16:08:02 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006-10-26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}"=Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger
"{212748BB-0DA5-46DE-82A1-403736DC9F27}"=MSVC80_x86
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}"=Sony Ericsson PC Suite
"{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}"=Sony ACID Pro 6.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2B5A75F0-FD85-4094-AB00-94902398D192}"=Sony Media Manager 2.2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{3F9B2FD2-1C83-4401-9967-C3636638E958}"=Adobe SING CS3
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}"=VBA (2627.01)
"{56B8B892-317E-4FDE-9E4D-44B189848A27}"=Adobe Setup
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{621025AE-3510-478E-BC27-1A647150976F}"=SPSS 16.0 for Windows
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{81CD6232-10F5-4832-B3DA-1B88B1571053}"=Nero 7 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-040C-0000-0000000FF1CE}"=Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-040C-0000-0000000FF1CE}"=Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-041D-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Swedish) 2007
"{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0017-040C-0000-0000000FF1CE}"=Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{5DD79E02-6B69-4BC5-AFA8-914C6A910458}"=Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-040C-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Swedish) 2007
"{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-040C-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-040C-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-040C-0000-0000000FF1CE}"=Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-041D-0000-0000000FF1CE}"=Microsoft Office Word MUI (Swedish) 2007
"{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0401-0000-0000000FF1CE}"=Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{5A2F65A4-808F-4A1E-973E-92E17824982D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040B-0000-0000000FF1CE}"=Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}"=Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-041D-0000-0000000FF1CE}"=Microsoft Office Proof (Swedish) 2007
"{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}"=Microsoft Office Proofing (French) 2007
"{90120000-002C-041D-0000-0000000FF1CE}"=Microsoft Office Proofing (Swedish) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-040C-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-040C-0000-0000000FF1CE}"=Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}"=Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-006E-041D-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Swedish) 2007
"{90120000-006E-041D-0000-0000000FF1CE}_HOMESTUDENTR_{C41B2E34-C30E-4989-8A9D-6B0805B33EC1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-040C-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-041D-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Swedish) 2007
"{90120000-00A1-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-040C-0000-0000000FF1CE}"=Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0100-040C-0000-0000000FF1CE}"=Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0101-040C-0000-0000000FF1CE}"=Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}"=FirstSteps Diagnostics
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1053-7B44-A81200000003}"=Adobe Reader 8.1.2 - Svenska
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}"=PC Connectivity Solution
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}"=Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}"=Sony Ericsson Device Data
"{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}"=Keyboard Manager Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D6BF6477-8369-489F-8DE6-3731F4B88560}"=Sony Ericsson PC Suite
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E82FB3CE-F45D-444C-BC0D-2408DC2E2604}"=Trafikskolan TEO 2008
"{E9E3AA67-60D9-4EE7-B1F5-EAACAB456579}"=cGeep
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{F0DA7B2E-5D3F-43DB-AAA6-8835296AEA12}"=Norman Virus Control
"{F655FEC2-EB66-4B94-8F51-B2A8EE6FE374}"=Sony Sound Forge Audio Studio 9.0
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}"=Commandos 2: Men of Courage
"{FB91E774-867B-4567-ACE7-8144EF036068}"=Olympus Digital Wave Player
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}"=Disc2Phone
"6A630DCEC5EEC912115F2FF59D8C2C769798D930"=Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5"=Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232"=Adobe Dreamweaver CS3
"CNXT_HDAUDIO"=Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045"=HDAUDIO Soft Data Fax Modem with SmartCP
"CoffeeCup GIF Animator"=CoffeeCup GIF Animator
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24
"DC++"=DC++ 0.699
"Gadu-Gadu"=Gadu-Gadu 7.7
"Guitar Pro 5_is1"=Guitar Pro 5.2
"HDMI"=Intel(R) Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}"=Keyboard Manager Utility
"KLiteCodecPack_is1"=K-Lite Codec Pack 3.6.2 Standard
"Libers Körkortsfrågor_is1"=Libers Körkortsfrågor
"Mafia 1.3"=Mafia
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MixMeister BPM Analyzer_is1"=MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"OMUI.fr-fr"=Microsoft Office Language Pack 2007 - French/Français
"OpenTTD"=OpenTTD 0.5.3
"Personal"=BankID Security Application 4.9.3
"Privacy Guardian_is1"=Privacy Guardian 4.1
"PROPLUS"=Microsoft Office Professional Plus 2007
"QuicktimeAlt_is1"=QuickTime Alternative 2.2.0
"RealAlt_is1"=Real Alternative 1.7.5
"Soulseek2"=SoulSeek Client 157 test 12c
"Sweet Little Piano 32"=Sweet Little Piano 32 (remove only)
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"Winamp"=Winamp
"WinRAR archiver"=WinRAR archiver
"VLC media player"=VideoLAN VLC media player 0.8.6d
"WM Recorder 12.1"=WM Recorder 12.1
"ZEN Vision:M Series Media Explorer"=ZEN Vision:M Series Media Explorer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2008-09-25 08:02:18 | Computer Name = hipawufo | Source = Application Error | ID = 1000
Description = Faulting application Application Launcher.exe, version 2.2.12.63,
time stamp 0x466921ca, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x059cd200, process id 0x9ec, application
start time 0x01c91f0668cb8920.
Error - 2008-09-26 12:58:54 | Computer Name = hipawufo | Source = EventSystem | ID = 4609
Description =
Error - 2008-09-26 13:24:42 | Computer Name = hipawufo | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 2008-09-26 13:38:39 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
Description =
Error - 2008-09-26 16:28:40 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
Description =
Error - 2008-09-26 16:58:02 | Computer Name = hipawufo | Source = EventSystem | ID = 4609
Description =
Error - 2008-09-26 17:13:08 | Computer Name = hipawufo | Source = Application Error | ID = 1000
Description = Faulting application atbroker.exe, version 6.0.6000.16386, time stamp
0x4549aed5, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x00008fc7, process id 0xb58, application
start time 0x01c9201ca141b02e.
Error - 2008-09-26 17:17:17 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
Description =
Error - 2008-09-27 03:35:15 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
Description =
Error - 2008-09-28 13:36:31 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
Description =
[ System Events ]
Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
Description =
Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
Description =
Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
Description =
Error - 2008-09-26 17:12:40 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7009
Description =
Error - 2008-09-27 03:31:35 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7009
Description =
Error - 2008-09-27 04:52:48 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
Error - 2008-09-27 07:46:13 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
Error - 2008-09-27 10:27:03 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
Error - 2008-09-28 02:20:40 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
Error - 2008-09-28 10:28:07 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
< End of report >
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
uTorrent
DC++
SoulSeek Client 157 test 12c
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please run a new OTViewIt scan when finished and post a fresh extras.txt here.
grimblegromble
2008-09-28, 23:07
OTViewIt Extras logfile created on: 2008-09-28 22:04:36 - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\David\Desktop
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,08% Memory free
4,00 Gb Paging File | 3,17 Gb Available in Paging File | 79,33% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 22,15 Gb Free Space | 24,02% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 12,75 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HIPAWUFO
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2533349112-1644346335-2104464119-1000]
"EnableNotifications"=0
"EnableNotificationsRef"=1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
NameSpace_Catalog5\Catalog_Entries\000000000008 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Protocol Defaults ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2006-10-26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007-12-07 16:08:02 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006-10-26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}"=Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger
"{212748BB-0DA5-46DE-82A1-403736DC9F27}"=MSVC80_x86
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}"=Sony Ericsson PC Suite
"{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}"=Sony ACID Pro 6.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2B5A75F0-FD85-4094-AB00-94902398D192}"=Sony Media Manager 2.2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{3F9B2FD2-1C83-4401-9967-C3636638E958}"=Adobe SING CS3
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}"=VBA (2627.01)
"{56B8B892-317E-4FDE-9E4D-44B189848A27}"=Adobe Setup
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{621025AE-3510-478E-BC27-1A647150976F}"=SPSS 16.0 for Windows
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{81CD6232-10F5-4832-B3DA-1B88B1571053}"=Nero 7 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-040C-0000-0000000FF1CE}"=Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-040C-0000-0000000FF1CE}"=Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-041D-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Swedish) 2007
"{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0017-040C-0000-0000000FF1CE}"=Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{5DD79E02-6B69-4BC5-AFA8-914C6A910458}"=Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-040C-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Swedish) 2007
"{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-040C-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-040C-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-040C-0000-0000000FF1CE}"=Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-041D-0000-0000000FF1CE}"=Microsoft Office Word MUI (Swedish) 2007
"{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0401-0000-0000000FF1CE}"=Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{5A2F65A4-808F-4A1E-973E-92E17824982D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040B-0000-0000000FF1CE}"=Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}"=Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-041D-0000-0000000FF1CE}"=Microsoft Office Proof (Swedish) 2007
"{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}"=Microsoft Office Proofing (French) 2007
"{90120000-002C-041D-0000-0000000FF1CE}"=Microsoft Office Proofing (Swedish) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-040C-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-040C-0000-0000000FF1CE}"=Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}"=Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-006E-041D-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Swedish) 2007
"{90120000-006E-041D-0000-0000000FF1CE}_HOMESTUDENTR_{C41B2E34-C30E-4989-8A9D-6B0805B33EC1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-040C-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-041D-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Swedish) 2007
"{90120000-00A1-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-040C-0000-0000000FF1CE}"=Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0100-040C-0000-0000000FF1CE}"=Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0101-040C-0000-0000000FF1CE}"=Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}"=FirstSteps Diagnostics
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1053-7B44-A81200000003}"=Adobe Reader 8.1.2 - Svenska
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}"=PC Connectivity Solution
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}"=Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}"=Sony Ericsson Device Data
"{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}"=Keyboard Manager Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D6BF6477-8369-489F-8DE6-3731F4B88560}"=Sony Ericsson PC Suite
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E82FB3CE-F45D-444C-BC0D-2408DC2E2604}"=Trafikskolan TEO 2008
"{E9E3AA67-60D9-4EE7-B1F5-EAACAB456579}"=cGeep
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{F0DA7B2E-5D3F-43DB-AAA6-8835296AEA12}"=Norman Virus Control
"{F655FEC2-EB66-4B94-8F51-B2A8EE6FE374}"=Sony Sound Forge Audio Studio 9.0
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}"=Commandos 2: Men of Courage
"{FB91E774-867B-4567-ACE7-8144EF036068}"=Olympus Digital Wave Player
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}"=Disc2Phone
"6A630DCEC5EEC912115F2FF59D8C2C769798D930"=Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5"=Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232"=Adobe Dreamweaver CS3
"CNXT_HDAUDIO"=Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045"=HDAUDIO Soft Data Fax Modem with SmartCP
"CoffeeCup GIF Animator"=CoffeeCup GIF Animator
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24
"Gadu-Gadu"=Gadu-Gadu 7.7
"Guitar Pro 5_is1"=Guitar Pro 5.2
"HDMI"=Intel(R) Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}"=Keyboard Manager Utility
"KLiteCodecPack_is1"=K-Lite Codec Pack 3.6.2 Standard
"Libers Körkortsfrågor_is1"=Libers Körkortsfrågor
"Mafia 1.3"=Mafia
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MixMeister BPM Analyzer_is1"=MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"OMUI.fr-fr"=Microsoft Office Language Pack 2007 - French/Français
"OpenTTD"=OpenTTD 0.5.3
"Personal"=BankID Security Application 4.9.3
"Privacy Guardian_is1"=Privacy Guardian 4.1
"PROPLUS"=Microsoft Office Professional Plus 2007
"QuicktimeAlt_is1"=QuickTime Alternative 2.2.0
"RealAlt_is1"=Real Alternative 1.7.5
"Sweet Little Piano 32"=Sweet Little Piano 32 (remove only)
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"Winamp"=Winamp
"WinRAR archiver"=WinRAR archiver
"VLC media player"=VideoLAN VLC media player 0.8.6d
"WM Recorder 12.1"=WM Recorder 12.1
"ZEN Vision:M Series Media Explorer"=ZEN Vision:M Series Media Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2008-09-25 08:02:18 | Computer Name = hipawufo | Source = Application Error | ID = 1000
Description = Faulting application Application Launcher.exe, version 2.2.12.63,
time stamp 0x466921ca, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x059cd200, process id 0x9ec, application
start time 0x01c91f0668cb8920.
Error - 2008-09-26 12:58:54 | Computer Name = hipawufo | Source = EventSystem | ID = 4609
Description =
Error - 2008-09-26 13:24:42 | Computer Name = hipawufo | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 2008-09-26 13:38:39 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
Description =
Error - 2008-09-26 16:28:40 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
Description =
Error - 2008-09-26 16:58:02 | Computer Name = hipawufo | Source = EventSystem | ID = 4609
Description =
Error - 2008-09-26 17:13:08 | Computer Name = hipawufo | Source = Application Error | ID = 1000
Description = Faulting application atbroker.exe, version 6.0.6000.16386, time stamp
0x4549aed5, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x00008fc7, process id 0xb58, application
start time 0x01c9201ca141b02e.
Error - 2008-09-26 17:17:17 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
Description =
Error - 2008-09-27 03:35:15 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
Description =
Error - 2008-09-28 13:36:31 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
Description =
[ System Events ]
Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
Description =
Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
Description =
Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
Description =
Error - 2008-09-26 17:12:40 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7009
Description =
Error - 2008-09-27 03:31:35 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7009
Description =
Error - 2008-09-27 04:52:48 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
Error - 2008-09-27 07:46:13 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
Error - 2008-09-27 10:27:03 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
Error - 2008-09-28 02:20:40 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
Error - 2008-09-28 10:28:07 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
< End of report >
Open HijackThis, click do a system scan only and checkmark this:
O4 - HKLM\..\Run: [6AD.tmp] C:\Windows\temp\6AD.tmp
Close all windows including browser and press fix checked.
Reboot.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
grimblegromble
2008-09-29, 18:26
Kaspersky is running right now, but after nearly 5h it's only scanned 333 files or 5 % of my 120 GB HD. It's exceptionally slow, is there any alternative?
Sure there is.
Please go to Eset website (http://www.eset.com/onlinescan/) to perform an online scan. Please use Internet Explorer as it uses ActiveX.
Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
grimblegromble
2008-09-29, 21:00
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3480 (20080929)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=1d733d13f641d94ba3fa5526941b6f57
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-09-29 05:59:00
# local_time=2008-09-29 07:59:00 (+0100, W. Europe Daylight Time)
# country="Sweden"
# osver=6.0.6000 NT
# scanned=551204
# found=5
# scan_time=7636
C:\download\DAEMON Tools Lite 4.11.2.zip a variant of Win32/VB.BCE trojan 8E086478B9A02F93BB43E5F31520C322
C:\download\DAEMON Tools Lite 4.11.2.zip »ZIP »DAEMON Tools Lite 4.11.2.exe a variant of Win32/VB.BCE trojan 00000000000000000000000000000000
C:\download\DAEMON Tools Lite 4.11.2.zip »ZIP »DAEMON Tools Lite 4.11.2.exe »NSIS »Tools.exe a variant of Win32/VB.BCE trojan 00000000000000000000000000000000
C:\download\DAEMON Tools Lite 4.11.2\DAEMON Tools Lite 4.11.2.exe a variant of Win32/VB.BCE trojan 282689F1A0B953691B4B901F7455767F
C:\download\DAEMON Tools Lite 4.11.2\DAEMON Tools Lite 4.11.2.exe »NSIS »Tools.exe a variant of Win32/VB.BCE trojan 00000000000000000000000000000000
Delete this unless you know it is safe:
C:\download\DAEMON Tools Lite 4.11.2.zip
Empty Recycle Bin.
Still problems?
grimblegromble
2008-09-30, 21:06
Unfortunatley, yes. If i run Spybot in safe mode it still finds Zlob.DNSChanger.
Please post then spybot report next :)
grimblegromble
2008-10-01, 00:02
- Ok, the report is attached because it was to long to post here.
- I can't visit any blogspot.com pages with any of my browsers.
(now there's another reason people shouldnt use blogger.)
Actually those entries look like to be set by Spybot after attempting remove Zlob.DNSchanger.
Please post a fresh HijackThis log next :)
grimblegromble
2008-10-01, 17:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:56, on 2008-10-01
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Keyboard Manager Utility] "c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\WinampPro\winampa.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ED44734-A45E-42A2-8A1D-3AB12BDFE18D}: NameServer = 85.255.115.45,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{6860D4F3-36CF-47B9-B290-5629C8784CAD}: NameServer = 85.255.115.45,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACE160B2-7C7B-451E-8A73-D5EBAE05A9F7}: NameServer = 85.255.115.45,85.255.112.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{0ED44734-A45E-42A2-8A1D-3AB12BDFE18D}: NameServer = 85.255.115.45,85.255.112.110
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdltm.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10108 bytes
Yes, those appear to be back.
It might be router dnschanger.
Which router you have (model/brand)?
grimblegromble
2008-10-01, 17:39
Dlink dir-615
OK, this is what has to be done.
1) Download router manual here (http://www.dlink.com/products/support.asp?pid=565&sec=1)
2) Reset your router according to that manual.
3) Change router default password.
4) Ensure that DHCP settings are the ones your ISP uses.
5) Re-run MBAM.
Post:
- a fresh HijackThis log
- mbam report.
grimblegromble
2008-10-01, 21:10
Malwarebytes' Anti-Malware 1.28
Database version: 1219
Windows 6.0.6000
2008-10-01 20:05:47
mbam-log-2008-10-01 (20-05-41).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 195752
Time elapsed: 1 hour(s), 41 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:35, on 2008-10-01
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\WinampPro\winamp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Keyboard Manager Utility] "c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\WinampPro\winampa.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ED44734-A45E-42A2-8A1D-3AB12BDFE18D}: NameServer = 85.255.115.45,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{6860D4F3-36CF-47B9-B290-5629C8784CAD}: NameServer = 85.255.115.45,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACE160B2-7C7B-451E-8A73-D5EBAE05A9F7}: NameServer = 85.255.115.45,85.255.112.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{0ED44734-A45E-42A2-8A1D-3AB12BDFE18D}: NameServer = 85.255.115.45,85.255.112.110
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdltm.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9974 bytes
Did you let MBAM remove what it found and rebooted afterwards?
grimblegromble
2008-10-01, 21:38
No, I didn't. Shall i reset the router again before i do it?
grimblegromble
2008-10-02, 00:30
Malwarebytes' Anti-Malware 1.28
Database version: 1219
Windows 6.0.6000
2008-10-01 23:23:33
mbam-log-2008-10-01 (23-23-33).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 195293
Time elapsed: 1 hour(s), 41 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:06, on 2008-10-01
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Keyboard Manager Utility] "c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\WinampPro\winampa.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdltm.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9381 bytes
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Open HijackThis, click do a system scan only and checkmark these:
O20 - AppInit_DLLs:
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdltm.exe (file missing)
Close all windows including browser and press fix checked.
Reboot.
Post back a fresh HijackThis log.
grimblegromble
2008-10-02, 11:25
¨Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:00, on 2008-10-02
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Keyboard Manager Utility] "c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\WinampPro\winampa.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9103 bytes
That looks very good :)
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
grimblegromble
2008-10-02, 18:24
I still can't get Kaspersky to work. ESET finds no threats, but i don't know if it's possible to get a detailed report without buying it..
Please then try this instead:
Please run this online scan:
Panda ActiveScan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm)
Once you are on the Panda site, click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log
grimblegromble
2008-10-05, 10:27
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-05 01:03:38
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.3903.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@atdmt[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@bs.serving-sys[2].txt
00205140 Cookie/Research-int TrackingCookie No 0 Yes No C:\Users\David\AppData\Roaming\Mozilla\Profiles\default\kph4zdxa.slt\cookies.txt[.research-int.se/]
00205140 Cookie/Research-int TrackingCookie No 0 Yes No C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@research-int[1].txt
00205140 Cookie/Research-int TrackingCookie No 0 Yes No C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vev5ciue.default\cookies-1.txt[.research-int.se/]
00387058 W32/Flux.DP.worm Virus/Worm No 1 Yes No C:\autorun.inf
02934030 Trj/Rizalof.RV Virus/Trojan No 1 No No C:\download\ps_cs3_extended_keygen.rar[PS CS3+EXTENDED KEYGEN\ADOBE_CS3_Family_Keygen_Activation_Collection\ADOBE CS3 Family Keygen+Activation Collection\PhotoShop CS3 Extended Keygen + Activation.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location �y���*s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �y���*s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
grimblegromble
2008-10-05, 10:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28:30, on 2008-10-05
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Keyboard Manager Utility] "c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\WinampPro\winampa.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9510 bytes
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
grimblegromble
2008-10-05, 18:37
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2 - Svenska
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
BankID Security Application 4.9.3
cGeep
CoffeeCup GIF Animator
Combined Community Codec Pack 2008-01-24
Commandos 2: Men of Courage
Conexant HD Audio
Disc2Phone
ESET Online Scanner
FirstSteps Diagnostics
Gadu-Gadu 7.7
Guitar Pro 5.2
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Keyboard Manager Utility
K-Lite Codec Pack 3.6.2 Standard
Libers Körkortsfrågor
Mafia
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Language Pack 2007 - French/Français
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
Microsoft Office O MUI (French) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer MUI (French) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Swedish) 2007
Microsoft Office X MUI (French) 2007
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
MixMeister BPM Analyzer 1.0
Mozilla Firefox (3.0.3)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Nero 7 Essentials
Norman Virus Control
Olympus Digital Wave Player
OpenTTD 0.5.3
Panda ActiveScan 2.0
PC Connectivity Solution
PDF Settings
Privacy Guardian 4.1
QuickTime Alternative 2.2.0
Real Alternative 1.7.5
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Microsoft Office Word 2007 (KB950113)
Skype™ 3.6
Sony ACID Pro 6.0
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite
Sony Media Manager 2.2
Sony Sound Forge Audio Studio 9.0
SPSS 16.0 for Windows
Spybot - Search & Destroy
Sweet Little Piano 32 (remove only)
Synaptics Pointing Device Driver
Trafikskolan TEO 2008
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb955433)
VideoLAN VLC media player 0.8.6d
Winamp
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Live installer
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
WM Recorder 12.1
ZEN Vision:M Series Media Explorer
It looks like that your Adobe CS3 programs are not legit.
So uninstall them and post back a fresh uninstall list, please.
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.