Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 40

Thread: Zlob.DNSChanger

  1. #11
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    OTViewIt Extras logfile created on: 2008-09-28 22:04:36 - Run 2
    OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\David\Desktop
    Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16711)
    Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

    1,99 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,08% Memory free
    4,00 Gb Paging File | 3,17 Gb Available in Paging File | 79,33% Paging File free
    Paging file location(s): ?:\pagefile.sys;

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 92,21 Gb Total Space | 22,15 Gb Free Space | 24,02% Space Free | Partition Type: NTFS
    Drive D: | 45,12 Gb Total Space | 12,75 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HIPAWUFO
    Current User Name: David
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Whitelist: On
    File Age = 30 Days

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval"=1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride"=0
    "AntiSpywareOverride"=0
    "FirewallOverride"=0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2533349112-1644346335-2104464119-1000]
    "EnableNotifications"=0
    "EnableNotificationsRef"=1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    ========== (O10) Winsock2 Catalogs ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
    NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
    NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
    NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    NameSpace_Catalog5\Catalog_Entries\000000000008 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)

    ========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
    ldap -- 4 = Restricted sites (Not a Default Protocol)
    news -- 4 = Restricted sites (Not a Default Protocol)
    nntp -- 4 = Restricted sites (Not a Default Protocol)
    oecmd -- 4 = Restricted sites (Not a Default Protocol)
    snews -- 4 = Restricted sites (Not a Default Protocol)

    ========== HKEY_USERS Protocol Defaults ==========


    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
    @ivt -- @ivt protocol not assigned
    file -- file protocol not assigned
    ftp -- ftp protocol not assigned
    http -- http protocol not assigned
    https -- https protocol not assigned
    shell -- shell protocol not assigned

    ========== HKEY_USERS Protocol Defaults ==========


    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
    @ivt -- @ivt protocol not assigned
    file -- file protocol not assigned
    ftp -- ftp protocol not assigned
    http -- http protocol not assigned
    https -- https protocol not assigned
    shell -- shell protocol not assigned

    ========== (O18) Protocol Handlers ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
    [2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
    [2006-10-26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
    [2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
    [2007-12-07 16:08:02 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

    ========== (O18) Protocol Filters ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
    [2006-10-26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
    "{0650BB10-BCF4-400A-85EE-04097E3046C6}"=Adobe Setup
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
    "{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}"=MSVC80_x86
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
    "{25BEC3AB-5CD4-481D-9143-215C1BBB189E}"=Sony Ericsson PC Suite
    "{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}"=Sony ACID Pro 6.0
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
    "{2B5A75F0-FD85-4094-AB00-94902398D192}"=Sony Media Manager 2.2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
    "{3F9B2FD2-1C83-4401-9967-C3636638E958}"=Adobe SING CS3
    "{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}"=VBA (2627.01)
    "{56B8B892-317E-4FDE-9E4D-44B189848A27}"=Adobe Setup
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
    "{621025AE-3510-478E-BC27-1A647150976F}"=SPSS 16.0 for Windows
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
    "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
    "{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
    "{81CD6232-10F5-4832-B3DA-1B88B1571053}"=Nero 7 Essentials
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
    "{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0015-040C-0000-0000000FF1CE}"=Microsoft Office Access MUI (French) 2007
    "{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0016-040C-0000-0000000FF1CE}"=Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0016-041D-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Swedish) 2007
    "{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0017-040C-0000-0000000FF1CE}"=Microsoft Office SharePoint Designer MUI (French) 2007
    "{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{5DD79E02-6B69-4BC5-AFA8-914C6A910458}"=Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-040C-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Swedish) 2007
    "{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0019-040C-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001A-040C-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (French) 2007
    "{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-040C-0000-0000000FF1CE}"=Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-041D-0000-0000000FF1CE}"=Microsoft Office Word MUI (Swedish) 2007
    "{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0401-0000-0000000FF1CE}"=Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{5A2F65A4-808F-4A1E-973E-92E17824982D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040B-0000-0000000FF1CE}"=Microsoft Office Proof (Finnish) 2007
    "{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0413-0000-0000000FF1CE}"=Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-041D-0000-0000000FF1CE}"=Microsoft Office Proof (Swedish) 2007
    "{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
    "{90120000-002C-040C-0000-0000000FF1CE}"=Microsoft Office Proofing (French) 2007
    "{90120000-002C-041D-0000-0000000FF1CE}"=Microsoft Office Proofing (Swedish) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0044-040C-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (French) 2007
    "{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-006E-040C-0000-0000000FF1CE}"=Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}"=Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
    "{90120000-006E-041D-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Swedish) 2007
    "{90120000-006E-041D-0000-0000000FF1CE}_HOMESTUDENTR_{C41B2E34-C30E-4989-8A9D-6B0805B33EC1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-040C-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (French) 2007
    "{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-041D-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Swedish) 2007
    "{90120000-00A1-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00BA-040C-0000-0000000FF1CE}"=Microsoft Office Groove MUI (French) 2007
    "{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0100-040C-0000-0000000FF1CE}"=Microsoft Office O MUI (French) 2007
    "{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0101-040C-0000-0000000FF1CE}"=Microsoft Office X MUI (French) 2007
    "{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
    "{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}"=FirstSteps Diagnostics
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
    "{AC76BA86-7AD7-1053-7B44-A81200000003}"=Adobe Reader 8.1.2 - Svenska
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
    "{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}"=PC Connectivity Solution
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
    "{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}"=Sony Ericsson Drivers
    "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}"=Sony Ericsson Device Data
    "{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}"=Keyboard Manager Utility
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
    "{D6BF6477-8369-489F-8DE6-3731F4B88560}"=Sony Ericsson PC Suite
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
    "{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    "{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
    "{E82FB3CE-F45D-444C-BC0D-2408DC2E2604}"=Trafikskolan TEO 2008
    "{E9E3AA67-60D9-4EE7-B1F5-EAACAB456579}"=cGeep
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
    "{F0DA7B2E-5D3F-43DB-AAA6-8835296AEA12}"=Norman Virus Control
    "{F655FEC2-EB66-4B94-8F51-B2A8EE6FE374}"=Sony Sound Forge Audio Studio 9.0
    "{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}"=Commandos 2: Men of Courage
    "{FB91E774-867B-4567-ACE7-8144EF036068}"=Olympus Digital Wave Player
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
    "{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}"=Disc2Phone
    "6A630DCEC5EEC912115F2FF59D8C2C769798D930"=Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    "Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin"=Adobe Flash Player Plugin
    "Adobe Shockwave Player"=Adobe Shockwave Player
    "Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5"=Adobe InDesign CS3
    "Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
    "Adobe_7328fdfcb73660ec8b11d5a3d5c6232"=Adobe Dreamweaver CS3
    "CNXT_HDAUDIO"=Conexant HD Audio
    "CNXT_MODEM_PCI_VEN_14F1&DEV_5045"=HDAUDIO Soft Data Fax Modem with SmartCP
    "CoffeeCup GIF Animator"=CoffeeCup GIF Animator
    "Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24
    "Gadu-Gadu"=Gadu-Gadu 7.7
    "Guitar Pro 5_is1"=Guitar Pro 5.2
    "HDMI"=Intel(R) Graphics Media Accelerator Driver
    "HijackThis"=HijackThis 2.0.2
    "HOMESTUDENTR"=Microsoft Office Home and Student 2007
    "InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}"=Keyboard Manager Utility
    "KLiteCodecPack_is1"=K-Lite Codec Pack 3.6.2 Standard
    "Libers Körkortsfrågor_is1"=Libers Körkortsfrågor
    "Mafia 1.3"=Mafia
    "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
    "MixMeister BPM Analyzer_is1"=MixMeister BPM Analyzer 1.0
    "Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
    "OMUI.fr-fr"=Microsoft Office Language Pack 2007 - French/Français
    "OpenTTD"=OpenTTD 0.5.3
    "Personal"=BankID Security Application 4.9.3
    "Privacy Guardian_is1"=Privacy Guardian 4.1
    "PROPLUS"=Microsoft Office Professional Plus 2007
    "QuicktimeAlt_is1"=QuickTime Alternative 2.2.0
    "RealAlt_is1"=Real Alternative 1.7.5
    "Sweet Little Piano 32"=Sweet Little Piano 32 (remove only)
    "SynTPDeinstKey"=Synaptics Pointing Device Driver
    "Winamp"=Winamp
    "WinRAR archiver"=WinRAR archiver
    "VLC media player"=VideoLAN VLC media player 0.8.6d
    "WM Recorder 12.1"=WM Recorder 12.1
    "ZEN Vision:M Series Media Explorer"=ZEN Vision:M Series Media Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2008-09-25 08:02:18 | Computer Name = hipawufo | Source = Application Error | ID = 1000
    Description = Faulting application Application Launcher.exe, version 2.2.12.63,
    time stamp 0x466921ca, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
    exception code 0xc0000005, fault offset 0x059cd200, process id 0x9ec, application
    start time 0x01c91f0668cb8920.

    Error - 2008-09-26 12:58:54 | Computer Name = hipawufo | Source = EventSystem | ID = 4609
    Description =

    Error - 2008-09-26 13:24:42 | Computer Name = hipawufo | Source = Microsoft-Windows-CAPI2 | ID = 131584
    Description =

    Error - 2008-09-26 13:38:39 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
    Description =

    Error - 2008-09-26 16:28:40 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
    Description =

    Error - 2008-09-26 16:58:02 | Computer Name = hipawufo | Source = EventSystem | ID = 4609
    Description =

    Error - 2008-09-26 17:13:08 | Computer Name = hipawufo | Source = Application Error | ID = 1000
    Description = Faulting application atbroker.exe, version 6.0.6000.16386, time stamp
    0x4549aed5, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
    exception code 0xc0000005, fault offset 0x00008fc7, process id 0xb58, application
    start time 0x01c9201ca141b02e.

    Error - 2008-09-26 17:17:17 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
    Description =

    Error - 2008-09-27 03:35:15 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
    Description =

    Error - 2008-09-28 13:36:31 | Computer Name = hipawufo | Source = WerSvc | ID = 5007
    Description =

    [ System Events ]
    Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2008-09-26 16:59:05 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2008-09-26 17:12:40 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2008-09-27 03:31:35 | Computer Name = hipawufo | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2008-09-27 04:52:48 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 2008-09-27 07:46:13 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 2008-09-27 10:27:03 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 2008-09-28 02:20:40 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 2008-09-28 10:28:07 | Computer Name = hipawufo | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.


    < End of report >

  2. #12
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Open HijackThis, click do a system scan only and checkmark this:

    O4 - HKLM\..\Run: [6AD.tmp] C:\Windows\temp\6AD.tmp

    Close all windows including browser and press fix checked.

    Reboot.

    Please go to Kaspersky website and perform an online antivirus scan.

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.


    If you need a tutorial, see here
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #13
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    Kaspersky is running right now, but after nearly 5h it's only scanned 333 files or 5 % of my 120 GB HD. It's exceptionally slow, is there any alternative?

  4. #14
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Sure there is.

    Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

    1. Check (tick) this box: YES, I accept the Terms of Use.
    2. Click on the Start button next to it.
    3. When prompted to run ActiveX. click Yes.
    4. You will be asked to install an ActiveX. Click Install.
    5. Once installed, the scanner will be initialized.
    6. After the scanner is initialized, click Start.
    7. Uncheck (untick) Remove found threats box.
    8. Check (tick) Scan unwanted applications.
    9. Click on Scan.
    10. It will start scanning. Please be patient.
    11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #15
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    # version=4
    # OnlineScanner.ocx=1.0.0.635
    # OnlineScannerDLLA.dll=1, 0, 0, 79
    # OnlineScannerDLLW.dll=1, 0, 0, 78
    # OnlineScannerUninstaller.exe=1, 0, 0, 49
    # vers_standard_module=3480 (20080929)
    # vers_arch_module=1.064 (20080214)
    # vers_adv_heur_module=1.066 (20070917)
    # EOSSerial=1d733d13f641d94ba3fa5526941b6f57
    # end=finished
    # remove_checked=false
    # unwanted_checked=true
    # utc_time=2008-09-29 05:59:00
    # local_time=2008-09-29 07:59:00 (+0100, W. Europe Daylight Time)
    # country="Sweden"
    # osver=6.0.6000 NT
    # scanned=551204
    # found=5
    # scan_time=7636
    C:\download\DAEMON Tools Lite 4.11.2.zip a variant of Win32/VB.BCE trojan 8E086478B9A02F93BB43E5F31520C322
    C:\download\DAEMON Tools Lite 4.11.2.zip »ZIP »DAEMON Tools Lite 4.11.2.exe a variant of Win32/VB.BCE trojan 00000000000000000000000000000000
    C:\download\DAEMON Tools Lite 4.11.2.zip »ZIP »DAEMON Tools Lite 4.11.2.exe »NSIS »Tools.exe a variant of Win32/VB.BCE trojan 00000000000000000000000000000000
    C:\download\DAEMON Tools Lite 4.11.2\DAEMON Tools Lite 4.11.2.exe a variant of Win32/VB.BCE trojan 282689F1A0B953691B4B901F7455767F
    C:\download\DAEMON Tools Lite 4.11.2\DAEMON Tools Lite 4.11.2.exe »NSIS »Tools.exe a variant of Win32/VB.BCE trojan 00000000000000000000000000000000

  6. #16
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Delete this unless you know it is safe:

    C:\download\DAEMON Tools Lite 4.11.2.zip

    Empty Recycle Bin.

    Still problems?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #17
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    Unfortunatley, yes. If i run Spybot in safe mode it still finds Zlob.DNSChanger.

  8. #18
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please post then spybot report next
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #19
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    - Ok, the report is attached because it was to long to post here.

    - I can't visit any blogspot.com pages with any of my browsers.

    (now there's another reason people shouldnt use blogger.)

  10. #20
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Actually those entries look like to be set by Spybot after attempting remove Zlob.DNSchanger.

    Please post a fresh HijackThis log next
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •