Hi.

This forum has succesfully helped me way back in the past but now i turn here again as i have a new problem.

I recently experienced that my email, an hotmail account, bounced back with spam mails. In the sent folder i found, that it has sent to a lot of my contacts.

I changed the password at once but can't understand how someone got my password. Now i fear that there is something on my computer that will make it all happen again.

I have run following programs to check for it myself:

Malwarebyte's Anti-Malware - didn't find anything.
Spybot - search & Destroy - only found 1 tracking coockie - removed it.
F-secure Online Scan - found a lot of tracking coocikes and a Suspicious:W32/Malware!Gemini. Also it found some files it couldn't fix: IFINST26.EXE and Trojan.Generic.1355215 (i deleted the folders with the latter).

Though i'm not certain on anything here, i would really like to avoid anyone to hijack my hotmail account again and hope that i have no virus or anything else that will make my passwords and digital signatures open to all.

I have two laptops and also fear for the other, but will turn to that when this has been delt with.

Thanks in advance
Rasmus


Here are the two DDS logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by B‘rbar at 10:47:06,01 on 01-06-2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.45.1030.18.1982.880 [GMT 2:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Iomega\Home Storage Manager\Iomega Discovery.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bærbar\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.dk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [S60 PC Suite Tray] "c:\program files\samsung\samsung pc studio 7\PCSuite.exe" -onlytray
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Iomega Home Storage Manager] c:\program files\iomega\home storage manager\Iomega Discovery.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Samsung.PCSync] "c:\program files\samsung\samsung pc studio 7\PcSync2.exe" /NoDialog
StartupFolder: c:\users\brbar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\iomega~1.lnk - c:\program files\iomega\registration\Register.exe
StartupFolder: c:\users\brbar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\screen~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: danid.dk
Trusted Zone: tdc.dk\udstedelse.certifikat
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ep.fjernadgang.kb.dk/lib/royallibrary/support/plugins/ebraryRdr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://express.foto.com/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://peecee.dk/uploads/082008/UKooPlayer.ocx
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\brbar~1\appdata\roaming\mozilla\firefox\profiles\40y74aai.default\
FF - prefs.js: browser.startup.homepage - www.google.dk
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\users\bã¦rbar\appdata\roaming\mozilla\firefox\profiles\40y74aai.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-6-1 30320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-13 164048]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-13 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-4-10 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-6-1 6369648]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-6-1 57248]
R2 QSCopyEngine;QSCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2009-4-22 122880]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-8-7 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-6-1 24400]
R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009-2-25 13824]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2008-11-28 23096]
S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [2008-11-28 3768]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-5-2 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-5-2 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-5-2 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-5-2 12288]
S3 WMSvc;Tjenesten Web Management;c:\windows\system32\inetsrv\WMSvc.exe [2008-9-18 11264]
S3 wsvad_driver;Daniusoft Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-8-6 20608]

=============== Created Last 30 ================

2010-06-01 07:35:08 61440 ----a-w- c:\windows\system32\PxSecure.dll
2010-06-01 07:35:07 57248 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-06-01 07:35:07 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-06-01 07:35:05 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-06-01 07:35:04 0 d-----w- c:\program files\Prevx
2010-06-01 07:34:36 0 d-----w- c:\programdata\PrevxCSI
2010-05-31 14:45:20 0 d-----w- c:\programdata\F-Secure
2010-05-26 08:10:53 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-12 15:16:23 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-02 18:07:59 860 ----a-w- c:\users\bærbar\.recently-used.xbel
2010-05-02 15:58:20 0 d-----w- c:\programdata\FLEXnet
2010-05-02 15:52:55 0 d-----w- c:\program files\common files\Macrovision Shared

==================== Find3M ====================

2010-06-01 08:47:13 8650752 --sha-w- c:\users\bærbar\NTUSER.DAT
2010-05-30 17:31:51 77518 ----a-w- c:\programdata\nvModes.dat
2010-05-26 09:58:12 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-26 09:58:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 09:58:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-12 16:06:32 0 ----a-w- c:\users\bærbar\temp.dat
2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 20:34:10 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-29 13:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 21:48:30 533524 ----a-w- c:\windows\system32\perfh006.dat
2010-04-22 21:48:30 106532 ----a-w- c:\windows\system32\perfc006.dat
2010-03-09 16:28:40 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01:47 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-04 18:54:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-10-13 13:14:59 174 --sha-w- c:\program files\desktop.ini
2008-10-13 13:00:31 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-21 04:46:30 36364 ----a-w- c:\windows\inf\perflib\0406\perfd.dat
2006-11-21 04:46:30 36364 ----a-w- c:\windows\inf\perflib\0406\perfc.dat
2006-11-21 04:46:30 300302 ----a-w- c:\windows\inf\perflib\0406\perfi.dat
2006-11-21 04:46:30 300302 ----a-w- c:\windows\inf\perflib\0406\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-02-03 14:45:52 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 10:49:41,79 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 03-02-2008 19:08:37
System Uptime: 31-05-2010 11:16:26 (23 hours ago)

Motherboard: Quanta | | 30CF
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 | Socket S1 | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 34,188 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 1,405 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4-netværkskort
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4-netværkskort
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4-netværkskort
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport-netværkskort
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp

==== System Restore Points ===================

RP591: 12-05-2010 20:42:30 - Planlagt kontrolpunkt
RP592: 14-05-2010 10:52:52 - Windows Update
RP593: 14-05-2010 11:21:37 - Windows Update
RP594: 15-05-2010 10:17:47 - Planlagt kontrolpunkt
RP595: 16-05-2010 09:28:26 - Planlagt kontrolpunkt
RP596: 18-05-2010 15:59:46 - Windows Update
RP597: 20-05-2010 21:52:33 - Windows Update
RP598: 22-05-2010 12:59:19 - Planlagt kontrolpunkt
RP599: 24-05-2010 21:53:28 - Windows Update
RP600: 26-05-2010 11:37:59 - Windows Update
RP601: 27-05-2010 22:16:23 - Planlagt kontrolpunkt
RP602: 28-05-2010 20:29:22 - Windows Update
RP603: 29-05-2010 12:25:56 - Planlagt kontrolpunkt
RP604: 30-05-2010 12:04:12 - Planlagt kontrolpunkt
RP605: 01-06-2010 01:36:13 - Windows Update

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 8.0
Adobe Reader 8 - Dansk
Adobe Shockwave Player 11
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Any Video Converter 2.6.7
AutoUpdate
avast! Free Antivirus
BoxEasy Jukebox 1.8.2.2
BrettspielWelt
BufferChm
CCleaner (remove only)
Championship Manager 01-02
Conexant HD Audio
ContentSAFER for Wizmax
Copy
Destinations
DeviceManagementQFolder
Digital Signatur
DivX Codec
DocProc
DocProcQFolder
EmoDio
ERUNT 1.1j
ESU for Microsoft Vista
eSupportQFolder
F300
F300_Help
F300Trb
Fax
FileZilla Client 3.2.2.1
FileZilla Server (remove only)
Geomatic X-Point 6.6.26
GIMP 2.6.6
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HHD Software Free Hex Editor Neo 4.94
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Solution Center 8.0
HP Update
HP User Guides 0057
HP Wireless Assistant
HPProductAssistant
Iomega Home Storage Manager
Iomega Product Registration
Iomega QuikProtect
IrfanView (remove only)
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6
LightScribe 1.6.43.1
Magic DVD Ripper V5.3 build 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Groove MUI (Danish) 2007
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Morrowind
Mozilla Firefox (3.5.9)
MSCU for Microsoft Vista
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
Oblivion
Opdatering til Microsoft Office Excel 2007 Help (KB963678)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669)
Opdatering til Microsoft Office Word 2007 Help (KB963665)
Overførselsværktøj til Windows Live
Paint.NET v3.5.5
PC Connectivity Solution
PixiePack Codec Pack
Player
Prevx
PSSWCORE
Retrospect Express HD 2.5
ROUTE 66 Sync
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Samsung PC Studio 7
SAMSUNG SYMBIAN USB Download Driver
SamsungConnectivityCableDriver
Scan
Screamer Radio 0.3.8
SecureW2 TTLS Client 3.3.2 for Windows
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Sid Meier's Civilization 4
Skype™ 4.1
SmartAudio
SolutionCenter
SopCast 2.0.4
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
TDC fotoservice
TES Construction Set
Tilmeldingsassistent til Windows Live
Toolbox
TrayApp
TVUPlayer 2.4.7.2
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb981726)
VideoLAN VLC media player 0.8.6i
WebReg
Windows-driverpakke - Nokia Modem (06/01/2009 7.01.0.4)
Windows-driverpakke - Nokia Modem (10/05/2009 4.2)
Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
WinRAR arkivering
XviD MPEG-4 Video Codec

==== End Of File ===========================

Hi,

Logs look otherwise ok but some programs need updating. Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.

Hi thanks for your response...

Well if the logs seems fine, then i don't understand how anyone has been able to get to my hotmail and send spam from my account to my contact? Isn't that a sign that there can be something on the computer?

Well...

I ran the Secunia Personal Software Inspector (PSI) program and fixed what it found.

I would though say that my computer is getting awfully slow and in IE i couldn't log in to this site, which there has never been problems with before. It just crashes.

Weird.

Well if the logs seems fine, then i don't understand how anyone has been able to get to my hotmail and send spam from my account to my contact? Isn't that a sign that there can be something on the computer?
Your Hotmail login credientals have ended in a way or another to wrong hands at some point. Unfortunately it's not possible to say what exactly has caused that. Same thing has happened many times recently. Last fall there was made a list of credientals public (article (http://news.bbc.co.uk/2/hi/technology/8292299.stm)) and this _might_ be related to it.


I would though say that my computer is getting awfully slow and in IE i couldn't log in to this site, which there has never been problems with before. It just crashes.
Does it still happen? There have been occasional breaks now and then.

Your Hotmail login credientals have ended in a way or another to wrong hands at some point. Unfortunately it's not possible to say what exactly has caused that. Same thing has happened many times recently. Last fall there was made a list of credientals public (article (http://news.bbc.co.uk/2/hi/technology/8292299.stm)) and this _might_ be related to it.


Does it still happen? There have been occasional breaks now and then.

I just can't remember giving out my password to anything but hotmails page, not even in MSN??? but well, they tricked me well then ;-) or something...

Yes it still happens in IE, but not in Mozilla Firefox. The computer is still slow, but i find that that is a given with loads of installations and an older labtop...

Hi,

Please see how IE works without addons enabled:
Click start->all programs->accessories->system tools->Internet Explorer (no addons)

It works that way, still have the problems with regular IE.

So sounds like there is some IE addon causing it. Please disable all addons and then re-enable one by one to see which one of them is causing issues. Instructions for disabling/enabling can be found here (http://pcsupport.about.com/od/fixtheproblem/ht/disableie7addon.htm?rd=1).

So sounds like there is some IE addon causing it. Please disable all addons and then re-enable one by one to see which one of them is causing issues. Instructions for disabling/enabling can be found here (http://pcsupport.about.com/od/fixtheproblem/ht/disableie7addon.htm?rd=1).

Well, so far i have disabled all addons in the "addons that have been used in IE" and can now log in and post on this site. The CPU is still running slow however.

There is still som active addons under the menu "addons that runs without accept" - my own translation from danish.

SHould these also be deactivated?

Is it neccesary to restart the labtop every time i activate an addon?

Will start to activate them one for one according to the response :-)

There is still som active addons under the menu "addons that runs without accept" - my own translation from danish.

SHould these also be deactivated?
What addons are those?


Is it neccesary to restart the labtop every time i activate an addon?
No. Browser restart is enough.

You could try to uninstall Skype 4.1 and get the latest version (4.2 at the moment) available. Version 4.1 plugin is known to cause some slowdown issues.

Well first i already have disabled 60 addons. In the "without permission/accept" menu there is 34 deactivated and 55 active addons including a lot of XML, Java, Sharepoint, OSE- and OSW stuff. Seems to be a lot of microsoft corp. products?

I think i already did that with the security updating program earlier but will check into that again.

Hi,

Post fresh dds logs after checking situation.

Well...

Now i have activated one by one all the addons. Found that recently downloaded program PrevX with the addon: "SafeonlineBHO" (file:pxsecure.dll) was causing that i couldn't login to this site. I deactivated it again.

I also found, that the more addons activated the slower IE seemed, but don't know if this is only me searching for a problem...

Also, during the PSI scan it promted me to update to skype 4.2 which i did and thus it is not skype that are slowing my computer down.

In the beginning it started up in 15 seconds, now it takes up to 3-4 minutes. I know it is not a new laptob, but is it really eroding so fast?

And finally, should i remove the program PrevX?

Here are the DDS logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by B‘rbar at 20:35:43,69 on 13-06-2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.45.1030.18.1982.835 [GMT 2:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Iomega\Home Storage Manager\Iomega Discovery.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\Bærbar\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.dk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Iomega Home Storage Manager] c:\program files\iomega\home storage manager\Iomega Discovery.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [Samsung.PCSync] "c:\program files\samsung\samsung pc studio 7\PcSync2.exe" /NoDialog
StartupFolder: c:\users\brbar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\iomega~1.lnk - c:\program files\iomega\registration\Register.exe
StartupFolder: c:\users\brbar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\screen~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: danid.dk
Trusted Zone: tdc.dk\udstedelse.certifikat
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ep.fjernadgang.kb.dk/lib/royallibrary/support/plugins/ebraryRdr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://express.foto.com/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://peecee.dk/uploads/082008/UKooPlayer.ocx
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\brbar~1\appdata\roaming\mozilla\firefox\profiles\40y74aai.default\
FF - prefs.js: browser.startup.homepage - www.google.dk
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\bã¦rbar\appdata\roaming\mozilla\firefox\profiles\40y74aai.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-6-1 30320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-13 164048]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-13 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-4-10 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-6-1 6377352]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-6-1 61624]
R2 QSCopyEngine;QSCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2009-4-22 122880]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-8-7 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-13 40384]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-6-1 24400]
R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009-2-25 13824]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2008-11-28 23096]
S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [2008-11-28 3768]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-5-2 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-5-2 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-5-2 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-5-2 12288]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]
S3 WMSvc;Tjenesten Web Management;c:\windows\system32\inetsrv\WMSvc.exe [2008-9-18 11264]
S3 wsvad_driver;Daniusoft Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-8-6 20608]

=============== Created Last 30 ================

2010-06-04 21:17:04 0 d-----w- c:\programdata\Sun
2010-06-04 21:16:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 21:11:40 0 d-----w- c:\users\brbar~1\appdata\roaming\IrfanView
2010-06-04 21:10:05 0 d-----r- c:\program files\Skype
2010-06-04 19:57:11 0 d-----w- c:\program files\Secunia
2010-06-03 08:28:53 32 ----a-w- c:\windows\wininit.ini
2010-06-01 07:35:08 61952 ----a-w- c:\windows\system32\PxSecure.dll
2010-06-01 07:35:07 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-06-01 07:35:07 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-06-01 07:35:05 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-06-01 07:35:04 0 d-----w- c:\program files\Prevx
2010-06-01 07:34:36 0 d-----w- c:\programdata\PrevxCSI
2010-05-31 14:45:20 0 d-----w- c:\programdata\F-Secure
2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-26 08:10:53 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2010-06-13 18:36:00 8912896 --sha-w- c:\users\bærbar\NTUSER.DAT
2010-06-11 20:31:48 94382 ----a-w- c:\programdata\nvModes.dat
2010-06-06 19:33:00 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-06 19:33:00 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:58:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-12 16:06:32 0 ----a-w- c:\users\bærbar\temp.dat
2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 20:34:10 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-04 18:42:57 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 21:48:30 533524 ----a-w- c:\windows\system32\perfh006.dat
2010-04-22 21:48:30 106532 ----a-w- c:\windows\system32\perfc006.dat
2010-04-16 16:10:05 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-05 16:07:19 67072 ----a-w- c:\windows\system32\asycfilt.dll
2008-10-13 13:14:59 174 --sha-w- c:\program files\desktop.ini
2008-10-13 13:00:31 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-21 04:46:30 36364 ----a-w- c:\windows\inf\perflib\0406\perfd.dat
2006-11-21 04:46:30 36364 ----a-w- c:\windows\inf\perflib\0406\perfc.dat
2006-11-21 04:46:30 300302 ----a-w- c:\windows\inf\perflib\0406\perfi.dat
2006-11-21 04:46:30 300302 ----a-w- c:\windows\inf\perflib\0406\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-02-03 14:45:52 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 20:37:48,38 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 03-02-2008 19:08:37
System Uptime: 13-06-2010 17:50:07 (3 hours ago)

Motherboard: Quanta | | 30CF
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 | Socket S1 | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 34,368 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 1,405 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4-netværkskort
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4-netværkskort
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4-netværkskort
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport-netværkskort
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp

==== System Restore Points ===================

RP604: 30-05-2010 12:04:12 - Planlagt kontrolpunkt
RP605: 01-06-2010 01:36:13 - Windows Update
RP606: 03-06-2010 22:12:42 - Windows Update
RP607: 04-06-2010 22:55:50 - Installed Adobe Reader 8.2.0
RP608: 04-06-2010 23:08:27 - Installed Skype™ 4.2
RP609: 04-06-2010 23:13:29 - Installed Java(TM) 6 Update 20
RP610: 04-06-2010 23:33:49 - Windows Update
RP611: 07-06-2010 21:19:21 - Windows Update
RP612: 08-06-2010 16:11:38 - Planlagt kontrolpunkt
RP613: 10-06-2010 20:07:18 - Windows Update
RP614: 11-06-2010 10:06:44 - Windows Update
RP615: 13-06-2010 19:38:27 - Planlagt kontrolpunkt

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 8.0
Adobe Reader 8.2.2
Adobe Shockwave Player 11
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Any Video Converter 2.6.7
AutoUpdate
avast! Free Antivirus
BoxEasy Jukebox 1.8.2.2
BrettspielWelt
BufferChm
CCleaner (remove only)
Championship Manager 01-02
Conexant HD Audio
ContentSAFER for Wizmax
Copy
Destinations
DeviceManagementQFolder
Digital Signatur
DivX Codec
DocProc
DocProcQFolder
EmoDio
ESU for Microsoft Vista
eSupportQFolder
F300
F300_Help
F300Trb
Fax
FileZilla Client 3.2.2.1
FileZilla Server (remove only)
Geomatic X-Point 6.6.26
GIMP 2.6.6
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HHD Software Free Hex Editor Neo 4.94
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Solution Center 8.0
HP Update
HP User Guides 0057
HP Wireless Assistant
HPProductAssistant
Iomega Home Storage Manager
Iomega Product Registration
Iomega QuikProtect
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6
LightScribe 1.6.43.1
Magic DVD Ripper V5.3 build 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Groove MUI (Danish) 2007
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Morrowind
Mozilla Firefox (3.5.9)
MSCU for Microsoft Vista
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
Oblivion
Opdatering til Microsoft Office Excel 2007 Help (KB963678)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669)
Opdatering til Microsoft Office Word 2007 Help (KB963665)
Overførselsværktøj til Windows Live
Paint.NET v3.5.5
PC Connectivity Solution
PixiePack Codec Pack
Player
Prevx
PSSWCORE
Retrospect Express HD 2.5
ROUTE 66 Sync
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Samsung PC Studio 7
SAMSUNG SYMBIAN USB Download Driver
SamsungConnectivityCableDriver
Scan
Screamer Radio 0.3.8
Secunia PSI
SecureW2 TTLS Client 3.3.2 for Windows
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Sid Meier's Civilization 4
Skype™ 4.2
SmartAudio
SolutionCenter
SopCast 2.0.4
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
TDC fotoservice
TES Construction Set
Tilmeldingsassistent til Windows Live
Toolbox
TrayApp
TVUPlayer 2.4.7.2
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
VLC media player 0.9.8a
WebReg
Windows-driverpakke - Nokia Modem (06/01/2009 7.01.0.4)
Windows-driverpakke - Nokia Modem (10/05/2009 4.2)
Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
WinRAR arkivering
XviD MPEG-4 Video Codec

==== End Of File ===========================

Have you defragged hard drive?

Clean temps and defrag after that:
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

I have now run ATF Cleaner...

Still slow startup but IE seems to have more speed now.

Start up in Vista isn't the quickest process. It also matters how much RAM system has installed.

Hi,

Since malware related issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.