Page 1 of 4 1234 LastLast
Results 1 to 10 of 40

Thread: Zlob.DNSChanger

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Unhappy Zlob.DNSChanger

    - Tried to remove it with Spybot. Spybot in safe mode always finds it again.

    - Norman Antivirus says nothing.

    - HiJackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:56:58, on 2008-09-27
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
    C:\Program Files\Norman\Npm\Bin\Zanda.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
    C:\Program Files\Norman\Npm\Bin\Zlh.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Personal\bin\Personal.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\tcpsvcs.exe
    C:\Windows\system32\svchost.exe
    C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Norman\Nvc\bin\nvcoas.exe
    C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
    C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Norman\Nvc\bin\cclaw.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Keyboard Manager Utility] "c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\WinampPro\winampa.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [6AD.tmp] C:\Windows\temp\6AD.tmp
    O4 - HKLM\..\Run: [C:\Windows\system32\kdryz.exe] C:\Windows\system32\kdryz.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdypv.exe] C:\Windows\system32\kdypv.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdwhq.exe] C:\Windows\system32\kdwhq.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdvim.exe] C:\Windows\system32\kdvim.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdwvt.exe] C:\Windows\system32\kdwvt.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdceu.exe] C:\Windows\system32\kdceu.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdfvl.exe] C:\Windows\system32\kdfvl.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdocl.exe] C:\Windows\system32\kdocl.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdoww.exe] C:\Windows\system32\kdoww.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdpib.exe] C:\Windows\system32\kdpib.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdowr.exe] C:\Windows\system32\kdowr.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdqry.exe] C:\Windows\system32\kdqry.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdnev.exe] C:\Windows\system32\kdnev.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdhnc.exe] C:\Windows\system32\kdhnc.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdjho.exe] C:\Windows\system32\kdjho.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdjls.exe] C:\Windows\system32\kdjls.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdrri.exe] C:\Windows\system32\kdrri.exe
    O4 - HKLM\..\Run: [C:\Windows\system32\kdxth.exe] C:\Windows\system32\kdxth.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
    O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0ED44734-A45E-42A2-8A1D-3AB12BDFE18D}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6860D4F3-36CF-47B9-B290-5629C8784CAD}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ACE160B2-7C7B-451E-8A73-D5EBAE05A9F7}: NameServer = 85.255.115.45,85.255.112.110
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0ED44734-A45E-42A2-8A1D-3AB12BDFE18D}: NameServer = 85.255.115.45,85.255.112.110
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdltm.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11134 bytes



    Please, help me getting rid of this.

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi grimblegromble

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


    Post:

    - mbam log
    - rsit logs (taken after mbam run)
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    Hi Shaba, and thanks a lot for helping me out!

    1) The scan is done.

    2) The log file you requested:


    Malwarebytes' Anti-Malware 1.28
    Database version: 1219
    Windows 6.0.6000

    2008-09-28 19:29:09
    mbam-log-2008-09-28 (19-29-09).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 195995
    Time elapsed: 2 hour(s), 18 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 18
    Registry Data Items Infected: 14
    Folders Infected: 1
    Files Infected: 139

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdryz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdypv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdwhq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdvim.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdwvt.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdceu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdfvl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdocl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdoww.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdpib.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdowr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdqry.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdnev.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdhnc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdjho.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdjls.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdrri.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\kdxth.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0ed44734-a45e-42a2-8a1d-3ab12bdfe18d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6860d4f3-36cf-47b9-b290-5629c8784cad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ace160b2-7c7b-451e-8a73-d5ebae05a9f7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.45,85.255.112.110 -> Quarantined and deleted successfully.

    Folders Infected:
    C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Windows\System32\kdryz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdypv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdwhq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdvim.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdwvt.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdceu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdfvl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdocl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdoww.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdpib.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdowr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdqry.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdnev.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdhnc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdjho.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdjls.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdrri.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdxth.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdahp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdahr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdajz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdapf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdbdi.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdbou.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdbsw.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdbvn.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdbxj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdbxy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdcvf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdcwq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdhxo.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdomk.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdhzw.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdiiv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdipd.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdiva.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdjcp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdjlp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdjmm.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdjuj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdkbb.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdkhm.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdkjj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdkmo.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdkqz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdksf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdksu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdlhh.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdlky.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdltm.exe (Trojan.DNSChanger) -> Delete on reboot.
    C:\Windows\System32\kdlvy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdmex.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdmpl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdmul.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdmvy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdnkg.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdnxu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdodx.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdofv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdoju.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdokr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdokv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdwaq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdwfc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdwhz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdwiv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdwju.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdwlt.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdwsf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdwxj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdxch.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdxgz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdxkt.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdxnp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdxxl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdxyu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdyec.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdyei.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdygy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdyqp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdzae.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdzgg.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdzld.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdzmp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdzpy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdztu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdzue.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdzvd.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdzyf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kddku.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kddwd.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdeao.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdefe.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdehq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdeld.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdepr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdfaw.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdfdn.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdffn.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdfgv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdfzm.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdgdx.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdgep.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdgfj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdggv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdgjb.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdgms.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdgqw.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdguq.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdgxa.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdhdc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdhfr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdhgf.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdhim.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdhtj.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdprv.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdpsl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdqef.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdqrm.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdqtc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdqud.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdqzb.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdrab.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdral.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdrdn.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdrrp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdrsg.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdrsy.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdrzp.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdscw.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdsto.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdtbl.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdtqz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdttr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdtyu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdunu.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Windows\System32\kdutz.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    D:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please post also RSIT logs
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    Sorry, somehow i forgot it...

    However RSIT isn't working properly. After half the process this dialogue pops up:

    "Line- 1:

    Error: Subscript used with non-Array variable."



    When i click OK RSIT is shut down.

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Ok, we use then this instead:

    1. Please download OTViewIt by OldTimer and save it to your Desktop.
    2. Close all applications and windows.
    3. Double-click on the OTViewIt.exeto start OTViewIt.
    4. Place a checkmark in the blue-colored "Scan All Users" checkbox.
    5. Click the blue Run Scan button.
    6. OTViewIt will now start its scan.
    7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
    8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #7
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    Thanks. Worked much better.

    - I couldn't post the whole log at once, this is the first part of OTViewIt.exe:

    OTViewIt logfile created on: 2008-09-28 21:13:19 - Run
    OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\David\Desktop
    Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16711)
    Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

    1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 61,03% Memory free
    4,00 Gb Paging File | 3,22 Gb Available in Paging File | 80,61% Paging File free
    Paging file location(s): ?:\pagefile.sys;

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 92,21 Gb Total Space | 22,14 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
    Drive D: | 45,12 Gb Total Space | 12,75 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HIPAWUFO
    Current User Name: David
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Whitelist: On
    File Age = 30 Days

    ========== Processes ==========

    [2006-11-02 11:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
    [2006-11-02 11:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
    [2007-08-28 11:56:51 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
    [2007-08-30 10:15:48 | 00,150,584 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe
    [2007-08-09 14:38:00 | 00,322,616 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe
    [2006-11-02 11:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
    [2006-11-02 11:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
    [2006-11-02 14:34:48 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
    [2007-08-28 11:50:21 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    [2007-01-11 20:54:12 | 01,359,872 | ---- | M] (Quanta Computer, INC.) -- C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
    [2007-08-09 15:40:06 | 00,183,352 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zlh.exe
    [2008-06-10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    [2006-10-27 01:00:00 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    [2008-02-11 20:13:12 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
    [2008-02-11 20:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
    [2008-02-11 20:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
    [2008-02-11 20:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
    [2008-08-15 08:46:08 | 00,910,864 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
    [2007-02-22 18:32:12 | 00,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    [2008-02-11 20:13:06 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
    [2008-03-31 13:08:10 | 00,175,160 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nip.exe
    [2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    [1999-12-13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE
    [2002-12-17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    [2006-11-02 11:45:49 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
    [2006-12-08 19:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
    [2006-11-02 14:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
    [2006-08-04 17:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
    [2008-07-07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    [2007-03-16 13:28:26 | 00,150,584 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe
    [2007-05-23 14:23:54 | 00,146,488 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcsched.exe
    [2007-12-12 12:45:14 | 00,179,256 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcoas.exe
    [2006-11-02 11:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
    [2007-03-15 13:47:56 | 00,142,392 | ---- | M] () -- C:\Program Files\Norman\Nvc\bin\CClaw.exe
    [2006-11-02 11:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
    [2008-07-19 07:10:40 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
    [2008-09-27 16:27:54 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3\firefox.exe
    [2006-12-18 23:18:54 | 01,716,224 | ---- | M] () -- C:\Program Files\DC++\DCPlusPlus.exe
    [2008-09-28 21:12:04 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTViewIt.exe

    ========== (O23) Win32 Services ==========

    [2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
    [2006-11-02 08:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
    [1999-12-13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
    [2008-01-07 09:36:56 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
    [2006-11-02 14:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
    [2006-11-02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
    [2007-08-30 10:15:48 | 00,150,584 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6 [Auto | Running])
    [2008-02-18 00:10:39 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
    [2006-11-02 14:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
    [2006-11-02 11:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
    [2006-11-02 14:36:02 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
    [2006-11-02 15:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
    [2002-12-17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [Auto | Running])
    [2002-12-17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
    [2006-11-02 14:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
    [2007-02-26 20:16:22 | 00,267,824 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
    [2007-03-16 13:28:26 | 00,150,584 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves [On_Demand | Running])
    [2007-08-09 14:38:00 | 00,322,616 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA [Auto | Running])
    [2007-12-12 12:45:14 | 00,179,256 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcoas.exe -- (nvcoas [On_Demand | Running])
    [2007-05-23 14:23:54 | 00,146,488 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcsched.exe -- (NVCScheduler [On_Demand | Running])
    [2007-08-24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
    [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
    [2006-11-02 11:46:12 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
    [2008-07-07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
    [2006-11-02 11:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
    [2007-12-10 14:59:04 | 00,353,280 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
    [2006-11-02 11:45:49 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp [Auto | Running])
    [2007-08-28 11:56:51 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
    [2006-11-02 11:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
    [2002-12-17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
    [2006-12-08 19:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler [Auto | Running])
    [2008-02-13 10:45:56 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
    [2006-11-02 11:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
    [2007-10-18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
    [2006-11-02 11:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
    File not found -- C:\Windows\system32\kdltm.exe -- (Windows Tribute Service [Auto | Stopped])
    [2007-10-25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
    [2006-11-02 14:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
    [2006-11-02 14:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
    [2006-08-04 17:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

    ========== Driver Services ==========

    [2006-11-02 11:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
    [2006-11-02 11:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
    [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
    [2006-11-02 11:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
    [2006-11-02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
    [2006-11-02 11:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
    [2006-11-02 11:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
    [2006-11-02 11:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
    [2006-11-02 10:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
    [2006-11-02 10:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
    [2006-11-02 11:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
    [2006-11-02 11:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
    File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
    [2006-11-02 10:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
    [2006-11-02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
    [2006-11-02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
    [2006-11-02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
    [2006-11-02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
    [2006-11-02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
    [2006-11-02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
    [2008-04-29 03:42:12 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Running])
    [2006-11-02 10:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
    [2006-11-02 10:55:27 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Running])
    [2008-04-29 03:42:12 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
    [2008-04-29 03:42:08 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Running])
    [2006-11-02 10:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
    [2008-02-13 10:45:59 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
    [2006-11-02 11:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
    [2006-11-02 11:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
    [2006-11-02 10:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
    [2006-11-02 10:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
    [2008-01-07 09:36:56 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
    [2006-11-02 09:30:54 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
    [2006-11-02 09:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
    [2006-11-02 14:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
    [2006-11-02 11:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
    [2006-11-02 11:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
    [2006-11-02 10:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
    [2006-11-02 11:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
    [2006-11-01 23:43:50 | 00,145,920 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService [On_Demand | Running])
    [2007-08-28 12:05:11 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
    [2006-11-02 10:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
    [2006-11-02 10:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
    [2006-11-02 11:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
    [2006-11-02 09:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
    [2006-10-18 11:09:26 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
    [2006-10-18 11:08:14 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
    [2006-11-02 11:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp [Disabled | Stopped])
    [2008-02-11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])
    [2006-10-31 14:46:36 | 00,250,368 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
    [2006-11-02 11:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
    [2008-02-11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx [On_Demand | Running])
    [2006-11-02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
    [2006-11-02 10:30:18 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm [On_Demand | Running])
    [2006-11-02 10:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
    [2006-11-02 11:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
    [2006-11-02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
    [2006-11-02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
    [2006-02-07 19:52:58 | 00,006,912 | ---- | M] (JMicron ) -- C:\Windows\System32\drivers\JGOGO.sys -- (JGOGO [Boot | Stopped])
    [2007-04-03 16:53:12 | 00,047,872 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\System32\drivers\jraid.sys -- (JRAID [Disabled | Stopped])
    [2008-02-13 10:45:55 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
    [2006-11-02 10:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
    [2006-11-02 11:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
    [2006-11-02 11:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
    [2006-11-02 11:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
    [2006-11-02 10:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
    [2006-06-19 14:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
    [2006-11-02 11:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
    [2007-12-16 11:56:45 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
    [2006-11-02 11:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
    [2007-08-28 12:01:30 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Stopped])
    [2006-11-02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
    [2006-11-02 10:31:27 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
    [2007-12-21 23:57:29 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
    [2006-11-02 11:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
    [2006-11-02 11:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
    [2006-11-02 11:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
    [2006-11-02 11:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
    [2006-11-02 10:51:13 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
    [2008-02-13 10:43:40 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
    [2007-01-02 10:55:18 | 00,020,448 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio [Auto | Running])
    [2006-10-30 10:42:28 | 01,786,880 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32 [On_Demand | Running])
    [2006-11-02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
    [2006-11-02 10:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
    [2006-11-02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
    [2006-07-14 14:55:34 | 00,105,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvatabus.sys -- (nvatabus [Disabled | Stopped])
    [2007-01-09 16:25:38 | 00,006,712 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcfsr.sys -- (nvcfsr [On_Demand | Stopped])
    [2008-02-11 15:56:46 | 00,019,512 | ---- | M] (Norman ASA) -- C:\Windows\System32\drivers\nvcv32mf.sys -- (NvcMFlt [On_Demand | Running])
    [2007-01-09 16:25:38 | 00,036,472 | ---- | M] () -- C:\Program Files\Norman\Nvc\bin\Nvcoafl4.sys -- (nvcoafl4 [On_Demand | Stopped])
    [2007-01-09 16:25:38 | 00,104,288 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\bin\Nvcoaft4.sys -- (nvcoaft4 [On_Demand | Stopped])
    [2007-01-09 16:25:38 | 00,025,528 | ---- | M] () -- C:\Program Files\Norman\Nvc\bin\Nvcoarc4.sys -- (nvcoarc4 [On_Demand | Stopped])
    [2006-07-14 14:55:42 | 00,089,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
    [2006-11-02 11:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
    [2006-11-02 11:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
    [2006-11-02 11:49:20 | 00,013,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys -- (pciide [Disabled | Stopped])
    [2006-11-02 11:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
    [2006-11-02 10:30:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys -- (Processor [Disabled | Stopped])
    [2008-01-07 09:36:57 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
    [2006-08-18 00:32:26 | 00,033,664 | ---- | M] (Quanta Computer Inc.) -- C:\Windows\System32\drivers\qkbfiltr.sys -- (qkbfiltr [On_Demand | Running])
    [2006-11-02 11:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
    [2006-11-02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
    [2006-11-02 14:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
    [2006-11-02 11:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
    [2006-11-02 10:55:23 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Running])
    [2006-11-15 18:16:24 | 00,032,256 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
    [2006-11-15 13:42:46 | 00,043,520 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
    [2006-11-15 11:35:20 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
    [2006-11-02 10:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
    [2007-04-24 11:33:42 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl [On_Demand | Stopped])
    [2007-04-24 11:33:44 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm [On_Demand | Stopped])
    [2007-04-24 11:33:46 | 00,098,696 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex [On_Demand | Stopped])
    [2006-11-02 11:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
    [2007-08-28 12:04:29 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
    [2006-11-02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
    [2008-02-13 10:45:55 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
    [2006-11-02 10:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
    [2006-11-02 10:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
    [2006-11-02 10:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
    [2006-11-02 11:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
    [2005-01-11 17:58:48 | 00,030,976 | ---- | M] (Silicon Integrated Systems Corp) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
    [2006-11-02 11:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
    [2006-11-02 10:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
    [2006-11-02 11:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
    [2008-08-27 11:18:32 | 00,715,248 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys -- (sptd [Boot | Running])
    [2007-12-21 23:57:29 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
    [2007-12-21 23:57:29 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
    [2006-11-02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
    [2006-11-02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
    [2006-11-02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
    [2006-10-27 01:00:00 | 00,179,896 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
    [2006-11-02 10:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
    [2006-11-02 10:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
    [2006-11-02 11:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Running])
    [2007-08-28 12:01:29 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
    [2007-08-28 12:01:29 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Stopped])
    [2006-11-02 11:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
    [2006-11-02 11:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
    [2006-11-02 11:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
    [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
    [2006-11-02 11:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
    [2006-11-02 10:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
    [2006-11-02 10:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
    [2007-08-28 12:02:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
    [2006-11-02 10:55:05 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci [Disabled | Stopped])
    [2006-11-02 10:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
    [2006-11-02 11:49:52 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp [On_Demand | Stopped])
    [2006-11-02 10:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
    [2006-11-02 11:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
    [2006-03-31 02:18:30 | 00,100,992 | ---- | M] (VIA Technologies inc,.ltd) -- C:\Windows\System32\drivers\viamraid.sys -- (viamraid [Disabled | Stopped])
    [2006-04-07 17:06:38 | 00,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB [On_Demand | Stopped])
    [2006-11-02 11:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
    [2006-11-02 11:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
    [2006-11-02 11:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Boot | Running])
    [2006-11-07 10:42:16 | 00,061,504 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\w200bus.sys -- (w200bus [On_Demand | Stopped])
    [2006-11-07 10:42:22 | 00,009,328 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\w200mdfl.sys -- (w200mdfl [On_Demand | Stopped])
    [2006-11-07 10:42:24 | 00,097,056 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\w200mdm.sys -- (w200mdm [On_Demand | Stopped])
    [2006-11-07 10:42:28 | 00,088,560 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\w200mgmt.sys -- (w200mgmt [On_Demand | Stopped])
    [2006-11-02 10:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
    [2006-11-02 11:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
    [2008-02-13 10:45:56 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
    [2006-11-02 02:50:52 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr [On_Demand | Stopped])
    [2006-10-18 11:08:04 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
    [2006-11-02 10:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
    [2006-11-02 11:04:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb [On_Demand | Stopped])
    [2006-11-02 10:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
    [2006-11-02 10:54:52 | 00,082,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd [On_Demand | Stopped])
    [2006-08-04 17:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])

  8. #8
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    This is the last part of OTViewIt.txt
    (Not .exe, as i wrote before, of course...)



    ========== (R ) Internet Explorer ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
    "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Default_Secondary_Page_URL"=
    "Extensions Off Page"=about:NoAdd-ons
    "Local Page"=%SystemRoot%\system32\blank.htm
    "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Security Risk Page"=about:SecurityRisk
    "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Local Page"=C:\Windows\system32\blank.htm
    "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Start Page"=http://www.gazetawyborcza.pl/0,0.html?p=4
    "StartPageCache"=

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0
    "ProxyOverride" = *.local

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Local Page"=C:\Windows\system32\blank.htm
    "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Start Page"=http://www.gazetawyborcza.pl/0,0.html?p=4
    "StartPageCache"=

    [HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0
    "ProxyOverride" = *.local

    ========== (O1) Hosts File ==========

    HOSTS File = (221616 bytes) - C:\Windows\System32\drivers\etc\Hosts
    First 25 entries...
    127.0.0.1 localhost
    ::1 localhost
    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com
    127.0.0.1 1001-search.info
    127.0.0.1 www.1001-search.info
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 132.com
    127.0.0.1 www.132.com
    127.0.0.1 136136.net
    7778 more lines...

    ========== (O2) BHO's ==========

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

    ========== (O4) Run Keys ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "6AD.tmp"=C:\Windows\temp\6AD.tmp File not found
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
    "HotKeysCmds"=C:\Windows\system32\hkcmd.exe (Intel Corporation)
    "IgfxTray"=C:\Windows\system32\igfxtray.exe (Intel Corporation)
    "Keyboard Manager Utility"="c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H (Quanta Computer, INC.)
    "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation)
    "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    "Norman ZANDA"=C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH (Norman ASA)
    "Persistence"=C:\Windows\system32\igfxpers.exe (Intel Corporation)
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    "WinampAgent"="D:\Program Files\WinampPro\winampa.exe" File not found
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
    "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
    "Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
    "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

    ========== (O6 & O7) Current Version Policies ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    "ConsentPromptBehaviorAdmin"=2
    "ConsentPromptBehaviorUser"=1
    "EnableInstallerDetection"=1
    "EnableLUA"=1
    "EnableSecureUIAPaths"=1
    "EnableVirtualization"=1
    "PromptOnSecureDesktop"=1
    "ValidateAdminCodeSignatures"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "scforceoption"=0
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "FilterAdministratorToken"=0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
    "CF_TEXT"=1
    "CF_BITMAP"=2
    "CF_OEMTEXT"=7
    "CF_DIB"=8
    "CF_PALETTE"=9
    "CF_UNICODETEXT"=13
    "CF_DIBV5"=17

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=145
    "NoLowDiskSpaceChecks"=1

    [HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=145
    "NoLowDiskSpaceChecks"=1

    ========== (O8) IE Context Menu Extensions ==========

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
    E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008-07-03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

    ========== (O9) IE Extensions ==========

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    {2670000A-7350-4f3c-8081-5663EE0C6C49}: Skicka till OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    {2670000A-7350-4f3c-8081-5663EE0C6C49}: Ski&cka till OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    {77BF5300-1474-4EC7-9980-D32B190E9B07}: Skype -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

    ========== (O12) Internet Explorer Plugins ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
    PluginsPage: "" = http://activex.microsoft.com/control...ext=%s&mime=%s
    PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

    ========== (O13) Default Prefixes ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
    ""=http://

    ========== (O15) Trusted Sites ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    32 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    32 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    32 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    32 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    32 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    32 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    32 domain(s) and sub-domain(s) not assigned to a zone.

    ========== (O16) DPF ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
    {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_03
    {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_05
    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07
    {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/ge...sh/swflash.cab -- Shockwave Flash Object

    ========== (O17) DNS Name Servers ==========

    {0ED44734-A45E-42A2-8A1D-3AB12BDFE18D} (Servers: 85.255.115.45,85.255.112.110 | Description: Intel(R) PRO/Wireless 3945ABG Network Connection)
    {6860D4F3-36CF-47B9-B290-5629C8784CAD} (Servers: 85.255.115.45,85.255.112.110 | Description: )
    {ACE160B2-7C7B-451E-8A73-D5EBAE05A9F7} (Servers: 85.255.115.45,85.255.112.110 | Description: Intel(R) PRO/100 VE Network Connection)

    ========== (O20) Winlogon Notify Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
    igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)

    ========== HKLM *SecurityProviders* ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
    "SecurityProviders"=credssp.dll
    >[2006-11-02 11:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

    ========== LSA *Security Packages* ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
    >[2006-11-02 11:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

    ========== Safeboot Options ==========

    "AlternateShell"=cmd.exe

    ========== CDRom AutoRun Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
    "AutoRun" = 1

    ========== Autorun Files on Drives ==========

    autoexec.bat [REM Dummy file for NTVDM | ]
    [2006-09-18 23:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

    autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
    [2008-09-26 18:56:38 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

    autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
    [2008-09-26 18:56:38 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]

    ========== MountPoints2 ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43dff471-7419-11dd-8cb1-0011e2fc38f9}\Shell]
    ""=AutoRun


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43dff471-7419-11dd-8cb1-0011e2fc38f9}\Shell\AutoRun\command]
    ""=F:\setup.exe -- File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [1 C:\Users\David\Desktop\*.tmp files]
    [2099-02-12 16:16:46 | 00,000,000 | ---D | C] -- C:\Photoshop CS3
    [2008-09-28 21:11:58 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTViewIt.exe
    [2008-09-28 21:11:29 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTViewIt.exe.part
    [2008-09-28 20:33:20 | 00,000,000 | ---D | C] -- C:\rsit
    [2008-09-28 19:31:12 | 00,000,000 | ---D | C] -- C:\Avenger
    [2008-09-28 16:34:34 | 00,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
    [2008-09-28 16:34:25 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2008-09-28 16:34:24 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2008-09-28 16:34:24 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2008-09-28 16:34:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2008-09-28 16:34:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2008-09-28 16:33:24 | 02,182,784 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\David\Desktop\mbam-setup.exe
    [2008-09-27 19:23:41 | 00,010,442 | ---- | C] () -- C:\Users\David\Desktop\Prag.docx
    [2008-09-27 10:27:44 | 00,001,880 | ---- | C] () -- C:\Users\David\Desktop\HijackThis.lnk
    [2008-09-27 10:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2008-09-27 00:27:02 | 01,739,891 | -H-- | C] () -- C:\Users\David\AppData\Local\IconCache.db
    [2008-09-26 23:11:45 | 21,371,86304 | -HS- | C] () -- C:\hiberfil.sys
    [2008-09-26 19:02:15 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Users\David\Desktop\spybotsd160.exe
    [2008-09-26 18:49:25 | 00,000,000 | ---D | C] -- C:\Users\David\Documents\SafeNet Sentinel
    [2008-09-26 18:49:18 | 00,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
    [2008-09-26 18:49:18 | 00,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
    [2008-09-26 18:49:18 | 00,000,114 | ---- | C] () -- C:\Windows\System32\prsgrc.tgz
    [2008-09-26 18:49:18 | 00,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
    [2008-09-26 18:47:59 | 00,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
    [2008-09-26 18:44:41 | 00,000,000 | ---D | C] -- C:\ProgramData\SPSS
    [2008-09-26 18:44:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SPSS
    [2008-09-26 18:44:39 | 00,000,000 | ---D | C] -- C:\Program Files\SPSSInc
    [2008-09-26 18:42:17 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz
    [2008-09-26 18:42:17 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
    [2008-09-26 18:42:17 | 00,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz
    [2008-09-26 18:42:17 | 00,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
    [2008-09-26 18:42:17 | 00,000,016 | -H-- | C] () -- C:\Windows\System32\servdat.slm
    [2008-09-26 18:36:34 | 00,000,103 | RHS- | C] () -- C:\autorun.inf
    [2008-09-26 18:24:56 | 00,000,000 | ---- | C] () -- C:\law.sp
    [2008-09-25 17:43:04 | 00,013,543 | ---- | C] () -- C:\Users\David\Desktop\Dagschema.docx
    [2008-09-25 14:02:26 | 00,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{5718DBEF-E062-4CEC-8000-4FFB5E87FFC7}.job
    [2008-09-22 21:25:13 | 00,000,000 | ---D | C] -- C:\Users\David\Documents\WTFMOOSOSWLLHHASHTEWPB
    [2008-09-22 20:02:56 | 00,000,000 | ---D | C] -- C:\Commandos II
    [2008-09-22 19:43:00 | 00,000,000 | ---D | C] -- C:\COMMANDOS_2
    [2008-09-14 20:49:09 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
    [2008-09-12 08:50:26 | 00,118,784 | ---- | C] () -- C:\Windows\GREUninstall.exe
    [2008-09-12 08:50:20 | 00,007,342 | ---- | C] () -- C:\Windows\mozver.dat
    [2008-09-11 21:30:14 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
    [2008-09-11 07:10:52 | 00,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Agency9
    [2008-09-08 20:47:57 | 00,000,000 | ---D | C] -- C:\Users\David\Desktop\JMG
    [2008-09-05 10:31:09 | 00,015,924 | ---- | C] () -- C:\Users\David\Desktop\gupea_2077_17254_1.pdf
    [2008-08-30 11:03:29 | 00,000,000 | ---D | C] -- C:\Users\David\Desktop\Kår-OCR mm-filer
    [2008-08-30 11:03:27 | 00,002,904 | ---- | C] () -- C:\Users\David\Desktop\Kår-OCR mm.htm

    ========== Files - Modified Within 30 Days ==========

    [1 C:\Users\David\Desktop\*.tmp files]
    [2008-09-28 21:12:04 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTViewIt.exe
    [2008-09-28 21:11:39 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTViewIt.exe.part
    [2008-09-28 21:10:09 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{435032EC-C9FE-4FEB-B18C-C8AB7458F99D}.job
    [2008-09-28 21:09:59 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5718DBEF-E062-4CEC-8000-4FFB5E87FFC7}.job
    [2008-09-28 20:31:39 | 00,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2008-09-28 20:31:39 | 00,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2008-09-28 19:36:32 | 00,613,726 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2008-09-28 19:36:32 | 00,112,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2008-09-28 19:36:31 | 00,730,302 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2008-09-28 19:31:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2008-09-28 19:31:24 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2008-09-28 19:31:22 | 21,371,86304 | -HS- | M] () -- C:\hiberfil.sys
    [2008-09-28 19:30:32 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2008-09-28 19:30:24 | 01,739,891 | -H-- | M] () -- C:\Users\David\AppData\Local\IconCache.db
    [2008-09-28 17:26:04 | 00,081,920 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008-09-28 16:34:25 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2008-09-28 16:33:26 | 02,182,784 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\David\Desktop\mbam-setup.exe
    [2008-09-28 16:28:23 | 00,000,500 | ---- | M] () -- C:\Users\David\Documents\Mina delade mappar.lnk
    [2008-09-27 19:54:06 | 00,010,442 | ---- | M] () -- C:\Users\David\Desktop\Prag.docx
    [2008-09-27 10:27:44 | 00,001,880 | ---- | M] () -- C:\Users\David\Desktop\HijackThis.lnk
    [2008-09-26 22:41:46 | 00,002,645 | ---- | M] () -- C:\Users\David\Desktop\Trafikskolan TEO.lnk
    [2008-09-26 19:33:36 | 00,085,992 | ---- | M] () -- C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
    [2008-09-26 19:02:31 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Users\David\Desktop\spybotsd160.exe
    [2008-09-26 18:58:31 | 02,107,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2008-09-26 18:56:38 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
    [2008-09-26 18:55:31 | 00,013,543 | ---- | M] () -- C:\Users\David\Desktop\Dagschema.docx
    [2008-09-26 18:49:18 | 00,001,024 | ---- | M] () -- C:\Windows\System32\grcauth2.dll
    [2008-09-26 18:49:18 | 00,001,024 | ---- | M] () -- C:\Windows\System32\grcauth1.dll
    [2008-09-26 18:49:18 | 00,000,114 | ---- | M] () -- C:\Windows\System32\prsgrc.tgz
    [2008-09-26 18:49:18 | 00,000,100 | ---- | M] () -- C:\Windows\System32\prsgrc.dll
    [2008-09-26 18:44:26 | 00,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
    [2008-09-26 18:44:26 | 00,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
    [2008-09-26 18:44:26 | 00,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm
    [2008-09-26 18:43:19 | 00,000,000 | ---- | M] () -- C:\law.sp
    [2008-09-26 18:42:17 | 00,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
    [2008-09-26 18:42:17 | 00,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
    [2008-09-12 08:50:49 | 00,000,335 | ---- | M] () -- C:\Windows\nsreg.dat
    [2008-09-12 08:50:45 | 00,007,342 | ---- | M] () -- C:\Windows\mozver.dat
    [2008-09-12 08:50:26 | 00,118,784 | ---- | M] () -- C:\Windows\GREUninstall.exe
    [2008-09-10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2008-09-10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2008-09-05 10:31:11 | 00,015,924 | ---- | M] () -- C:\Users\David\Desktop\gupea_2077_17254_1.pdf
    [2008-09-04 09:22:47 | 24,540,9861 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2008-08-30 11:03:32 | 00,002,904 | ---- | M] () -- C:\Users\David\Desktop\Kår-OCR mm.htm
    < End of report >

  9. #9
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    Here comes Extras.txt:


    OTViewIt Extras logfile created on: 2008-09-28 21:13:19 - Run
    OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\David\Desktop
    Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16711)
    Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

    1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 61,03% Memory free
    4,00 Gb Paging File | 3,22 Gb Available in Paging File | 80,61% Paging File free
    Paging file location(s): ?:\pagefile.sys;

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 92,21 Gb Total Space | 22,14 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
    Drive D: | 45,12 Gb Total Space | 12,75 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HIPAWUFO
    Current User Name: David
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Whitelist: On
    File Age = 30 Days

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval"=1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride"=0
    "AntiSpywareOverride"=0
    "FirewallOverride"=0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2533349112-1644346335-2104464119-1000]
    "EnableNotifications"=0
    "EnableNotificationsRef"=1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    ========== (O10) Winsock2 Catalogs ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
    NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
    NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
    NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    NameSpace_Catalog5\Catalog_Entries\000000000008 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)

    ========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
    ldap -- 4 = Restricted sites (Not a Default Protocol)
    news -- 4 = Restricted sites (Not a Default Protocol)
    nntp -- 4 = Restricted sites (Not a Default Protocol)
    oecmd -- 4 = Restricted sites (Not a Default Protocol)
    snews -- 4 = Restricted sites (Not a Default Protocol)

    ========== HKEY_USERS Protocol Defaults ==========


    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
    @ivt -- @ivt protocol not assigned
    file -- file protocol not assigned
    ftp -- ftp protocol not assigned
    http -- http protocol not assigned
    https -- https protocol not assigned
    shell -- shell protocol not assigned

    ========== HKEY_USERS Protocol Defaults ==========


    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
    @ivt -- @ivt protocol not assigned
    file -- file protocol not assigned
    ftp -- ftp protocol not assigned
    http -- http protocol not assigned
    https -- https protocol not assigned
    shell -- shell protocol not assigned

    ========== (O18) Protocol Handlers ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
    [2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
    [2006-10-26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
    [2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
    [2007-12-07 16:08:02 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

    ========== (O18) Protocol Filters ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
    [2006-10-26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
    "{0650BB10-BCF4-400A-85EE-04097E3046C6}"=Adobe Setup
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
    "{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}"=MSVC80_x86
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
    "{25BEC3AB-5CD4-481D-9143-215C1BBB189E}"=Sony Ericsson PC Suite
    "{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}"=Sony ACID Pro 6.0
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
    "{2B5A75F0-FD85-4094-AB00-94902398D192}"=Sony Media Manager 2.2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
    "{3F9B2FD2-1C83-4401-9967-C3636638E958}"=Adobe SING CS3
    "{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}"=VBA (2627.01)
    "{56B8B892-317E-4FDE-9E4D-44B189848A27}"=Adobe Setup
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
    "{621025AE-3510-478E-BC27-1A647150976F}"=SPSS 16.0 for Windows
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
    "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
    "{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
    "{81CD6232-10F5-4832-B3DA-1B88B1571053}"=Nero 7 Essentials
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
    "{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0015-040C-0000-0000000FF1CE}"=Microsoft Office Access MUI (French) 2007
    "{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0016-040C-0000-0000000FF1CE}"=Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0016-041D-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Swedish) 2007
    "{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0017-040C-0000-0000000FF1CE}"=Microsoft Office SharePoint Designer MUI (French) 2007
    "{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{5DD79E02-6B69-4BC5-AFA8-914C6A910458}"=Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-040C-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Swedish) 2007
    "{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0019-040C-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001A-040C-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (French) 2007
    "{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-040C-0000-0000000FF1CE}"=Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-041D-0000-0000000FF1CE}"=Microsoft Office Word MUI (Swedish) 2007
    "{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0401-0000-0000000FF1CE}"=Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{5A2F65A4-808F-4A1E-973E-92E17824982D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040B-0000-0000000FF1CE}"=Microsoft Office Proof (Finnish) 2007
    "{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0413-0000-0000000FF1CE}"=Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-041D-0000-0000000FF1CE}"=Microsoft Office Proof (Swedish) 2007
    "{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
    "{90120000-002C-040C-0000-0000000FF1CE}"=Microsoft Office Proofing (French) 2007
    "{90120000-002C-041D-0000-0000000FF1CE}"=Microsoft Office Proofing (Swedish) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0044-040C-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (French) 2007
    "{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-006E-040C-0000-0000000FF1CE}"=Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}"=Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
    "{90120000-006E-041D-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Swedish) 2007
    "{90120000-006E-041D-0000-0000000FF1CE}_HOMESTUDENTR_{C41B2E34-C30E-4989-8A9D-6B0805B33EC1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-040C-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (French) 2007
    "{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-041D-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Swedish) 2007
    "{90120000-00A1-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00BA-040C-0000-0000000FF1CE}"=Microsoft Office Groove MUI (French) 2007
    "{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0100-040C-0000-0000000FF1CE}"=Microsoft Office O MUI (French) 2007
    "{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0101-040C-0000-0000000FF1CE}"=Microsoft Office X MUI (French) 2007
    "{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
    "{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}"=FirstSteps Diagnostics
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
    "{AC76BA86-7AD7-1053-7B44-A81200000003}"=Adobe Reader 8.1.2 - Svenska
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
    "{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}"=PC Connectivity Solution
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
    "{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}"=Sony Ericsson Drivers
    "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}"=Sony Ericsson Device Data
    "{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}"=Keyboard Manager Utility
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
    "{D6BF6477-8369-489F-8DE6-3731F4B88560}"=Sony Ericsson PC Suite
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
    "{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    "{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
    "{E82FB3CE-F45D-444C-BC0D-2408DC2E2604}"=Trafikskolan TEO 2008
    "{E9E3AA67-60D9-4EE7-B1F5-EAACAB456579}"=cGeep
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
    "{F0DA7B2E-5D3F-43DB-AAA6-8835296AEA12}"=Norman Virus Control
    "{F655FEC2-EB66-4B94-8F51-B2A8EE6FE374}"=Sony Sound Forge Audio Studio 9.0
    "{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}"=Commandos 2: Men of Courage
    "{FB91E774-867B-4567-ACE7-8144EF036068}"=Olympus Digital Wave Player
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
    "{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}"=Disc2Phone
    "6A630DCEC5EEC912115F2FF59D8C2C769798D930"=Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    "Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin"=Adobe Flash Player Plugin
    "Adobe Shockwave Player"=Adobe Shockwave Player
    "Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5"=Adobe InDesign CS3
    "Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
    "Adobe_7328fdfcb73660ec8b11d5a3d5c6232"=Adobe Dreamweaver CS3
    "CNXT_HDAUDIO"=Conexant HD Audio
    "CNXT_MODEM_PCI_VEN_14F1&DEV_5045"=HDAUDIO Soft Data Fax Modem with SmartCP
    "CoffeeCup GIF Animator"=CoffeeCup GIF Animator
    "Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24
    "DC++"=DC++ 0.699
    "Gadu-Gadu"=Gadu-Gadu 7.7
    "Guitar Pro 5_is1"=Guitar Pro 5.2
    "HDMI"=Intel(R) Graphics Media Accelerator Driver
    "HijackThis"=HijackThis 2.0.2
    "HOMESTUDENTR"=Microsoft Office Home and Student 2007
    "InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}"=Keyboard Manager Utility
    "KLiteCodecPack_is1"=K-Lite Codec Pack 3.6.2 Standard
    "Libers Körkortsfrågor_is1"=Libers Körkortsfrågor
    "Mafia 1.3"=Mafia
    "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
    "MixMeister BPM Analyzer_is1"=MixMeister BPM Analyzer 1.0
    "Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
    "OMUI.fr-fr"=Microsoft Office Language Pack 2007 - French/Français
    "OpenTTD"=OpenTTD 0.5.3
    "Personal"=BankID Security Application 4.9.3
    "Privacy Guardian_is1"=Privacy Guardian 4.1
    "PROPLUS"=Microsoft Office Professional Plus 2007
    "QuicktimeAlt_is1"=QuickTime Alternative 2.2.0
    "RealAlt_is1"=Real Alternative 1.7.5
    "Soulseek2"=SoulSeek Client 157 test 12c
    "Sweet Little Piano 32"=Sweet Little Piano 32 (remove only)
    "SynTPDeinstKey"=Synaptics Pointing Device Driver
    "Winamp"=Winamp
    "WinRAR archiver"=WinRAR archiver
    "VLC media player"=VideoLAN VLC media player 0.8.6d
    "WM Recorder 12.1"=WM Recorder 12.1
    "ZEN Vision:M Series Media Explorer"=ZEN Vision:M Series Media Explorer

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "uTorrent"=µTorrent

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2533349112-1644346335-2104464119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "uTorrent"=µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2008-09-25 08:02:18 | Computer Name = hipawufo | Source = Application Error | ID = 1000
    Description = Faulting application Application Launcher.exe, version 2.2.12.63,
    time stamp 0x466921ca, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
    exception code 0xc0000005, fault offset 0x059cd200, process id 0x9ec, application
    start time 0x01c91f0668cb8920.

    Error - 2008-09-26 12:58:54 | Computer Name = hipawufo | Source = EventSystem | ID = 4609
    Description =

    Error - 2008-09-26 13:24:42 | Computer Name = hipawufo | Source = Microsoft-Windows-CAPI2 | ID = 131584
    Description =

    Error - 2008-09-26 13:38:39 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
    Description =

    Error - 2008-09-26 16:28:40 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
    Description =

    Error - 2008-09-26 16:58:02 | Computer Name = hipawufo | Source = EventSystem | ID = 4609
    Description =

    Error - 2008-09-26 17:13:08 | Computer Name = hipawufo | Source = Application Error | ID = 1000
    Description = Faulting application atbroker.exe, version 6.0.6000.16386, time stamp
    0x4549aed5, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
    exception code 0xc0000005, fault offset 0x00008fc7, process id 0xb58, application
    start time 0x01c9201ca141b02e.

    Error - 2008-09-26 17:17:17 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
    Description =

    Error - 2008-09-27 03:35:15 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
    Description =

    Error - 2008-09-28 13:36:31 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
    Description =

    [ System Events ]
    Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2008-09-26 17:12:40 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2008-09-27 03:31:35 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2008-09-27 04:52:48 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 2008-09-27 07:46:13 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 2008-09-27 10:27:03 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 2008-09-28 02:20:40 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 2008-09-28 10:28:07 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.


    < End of report >

  10. #10
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    uTorrent
    DC++
    SoulSeek Client 157 test 12c


    I'd like you to read the this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

    Please run a new OTViewIt scan when finished and post a fresh extras.txt here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •