Solved Google search hijacked

Status
Not open for further replies.
C

Carolus

Posts: 11   +0
Hello

Seach result look ok but clicking the link I'am redirected to another address. Also Microsoft Security Essentiels is down.

I have followed the 4 steps.

See attached, I'am afraid that some of it is in Danish. Hope I can get some help anyway:)


alwarebytes Anti-Malware (Prøveversion) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.27.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carl-Johan B. Madsen :: FUSSINGB-CJBM1 [administrator]
Beskyttelse: Slået fra
27-12-2012 14:33:46
mbam-log-2012-12-27 (14-33-46).txt
Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 224502
Tid gået: 27 minut(ter), 29 sekund(er)
Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)
Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)
Registreringsdatabasenøgler Inficeret: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Sat I karantæne og slettet succesfuldt.
Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)
Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)
Inficerede Mapper: 2
C:\Programmer\MyWaySA (PUP.MyWebSearch) -> Sat I karantæne og slettet succesfuldt.
C:\Programmer\MyWaySA\SrchAsDe (PUP.MyWebSearch) -> Sat I karantæne og slettet succesfuldt.
Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)
(færdig)
Malwarebytes Anti-Malware (Prøveversion) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.27.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carl-Johan B. Madsen :: FUSSINGB-CJBM1 [administrator]
Beskyttelse: Slået fra
27-12-2012 15:02:10
mbam-log-2012-12-27 (15-02-10).txt
Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 224607
Tid gået: 3 minut(ter), 38 sekund(er)
Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)
Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)
Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)
Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)
Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)
Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)
Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)
(færdig)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Carl-Johan B. Madsen at 15:22:59 on 2012-12-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.3582.2230 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmer\Java\jre7\bin\jqs.exe
C:\Programmer\McAfee\SiteAdvisor\McSACore.exe
C:\Programmer\BUFFALO\NASNAVI\nassvc.exe
C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Programmer\Secunia\PSI\sua.exe
C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe
C:\Programmer\Windows Media Player\WMPNetwk.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\CCleaner\CCleaner.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.dk/
uSearch Bar = hxxp://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DJ
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\programmer\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\programmer\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programmer\java\jre7\bin\ssv.dll
BHO: Hjælp til tilmelding til Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\programmer\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\programmer\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\programmer\microsoft office\office14\URLREDIR.DLL
BHO: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\programmer\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programmer\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\programmer\mcafee\siteadvisor\McIEPlg.dll
TB: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\programmer\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\programmer\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\programmer\windows media player\WMPNSCFG.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTDVDDET] "c:\programmer\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\programmer\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nmctxth] "c:\programmer\fælles filer\pure networks shared\platform\nmctxth.exe"
mRun: [Adobe ARM] "c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre7\bin\jusched.exe"
mRun: [MSC] "c:\programmer\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: S&end til OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programmer\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\programmer\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
Trusted Zone: www.sa.dk
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparostjyl.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351090639921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 193.162.153.164 194.239.134.83
TCP: Interfaces\{D06812AA-0D08-41EF-BE66-F3821FCDC6FD} : DHCPNameServer = 193.162.153.164 194.239.134.83
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programmer\fælles filer\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\programmer\mcafee\siteadvisor\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\programmer\fælles filer\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\programmer\mcafee\siteadvisor\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\programmer\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\programmer\windows defender\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 IAANTMon;Intel(R) Matrix Storage Event Monitor;c:\programmer\intel\intel matrix storage manager\IAANTMon.exe [2006-3-18 86140]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmer\mcafee\siteadvisor\McSACore.exe [2008-10-2 95232]
R2 NasPmService;NAS PM Service;c:\programmer\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\programmer\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 Secunia Update Agent;Secunia Update Agent;c:\programmer\secunia\psi\sua.exe --start-service --> c:\programmer\secunia\psi\sua.exe --start-service [?]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~2\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~2\cache\my.cnf squeezemysql --> c:\progra~1\squeez~2\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~2\cache\my.cnf SqueezeMySQL [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\ec168bda.sys --> c:\windows\system32\drivers\EC168BDA.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\programmer\secunia\psi\psia.exe --start-service --> c:\programmer\secunia\psi\PSIA.exe --start-service [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-9-17 14336]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\programmer\samsung\samsung pc share manager\WiselinkPro.exe [2009-1-8 4136960]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 WinDefend;Windows Defender;c:\programmer\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== File Associations ===============
.
ShellExec: MRSIDV~1.EXE: open="c:\progra~2\lizard~1\mrsidv~1\MRSIDV~1.EXE""" %1""
.
=============== Created Last 30 ================
.
2012-12-27 13:32:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-27 13:32:09 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2012-12-27 10:14:12 73728 ----a-r- c:\documents and settings\carl-johan b. madsen\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-27 10:14:12 73728 ----a-r- c:\documents and settings\carl-johan b. madsen\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-27 10:14:12 73728 ----a-r- c:\documents and settings\carl-johan b. madsen\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-12-27 10:07:33 -------- d-----w- c:\programmer\Microsoft Security Client
2012-12-27 09:16:41 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-12-27 09:16:41 -------- d-----w- c:\documents and settings\carl-johan b. madsen\lokale indstillinger\application data\MFAData
2012-12-27 09:16:41 -------- d-----w- c:\documents and settings\carl-johan b. madsen\lokale indstillinger\application data\Avg2013
2012-12-27 09:16:41 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-12-26 20:47:48 -------- d-----w- c:\windows\Microsoft Antimalware
2012-12-26 20:08:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-26 20:08:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-26 19:11:53 -------- d-----w- c:\programmer\Microsoft Security Client(2)
2012-12-26 16:25:14 -------- d-----w- c:\programmer\Enigma Software Group
2012-12-26 16:19:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-26 15:14:47 -------- d-----w- c:\documents and settings\carl-johan b. madsen\application data\TestApp
2012-12-26 09:29:19 -------- d-----w- c:\documents and settings\carl-johan b. madsen\application data\Malwarebytes
2012-12-26 09:28:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-12-25 21:47:39 -------- d-----w- c:\programmer\Panda Security
2012-12-12 15:30:51 110592 --sha-r- c:\windows\system32\rpcns4Z.dll
2012-12-11 15:00:40 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{19a050b3-f5ad-46b5-9440-10464ab1b9e4}\mpengine.dll
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd(2).dll
2012-11-13 11:55:06 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd(3).dll
2012-11-02 02:04:03 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12:31 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12:31 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:48 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04:31 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 15:24:38,39 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10-04-2006 18:54:08
System Uptime: 27-12-2012 10:45:16 (5 hours ago)
.
Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 38,251 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT
.
==== System Restore Points ===================
.
RP1: 13-12-2012 15:15:35 - Systemkontrolpunkt
RP2: 17-12-2012 18:19:02 - Systemkontrolpunkt
RP3: 23-12-2012 11:52:07 - Software Distribution Service 3.0
RP4: 25-12-2012 21:51:50 - Systemkontrolpunkt
RP5: 26-12-2012 09:29:06 - Removed Sophos Anti-Virus
RP6: 26-12-2012 09:36:52 - Removed Sophos AutoUpdate
RP7: 26-12-2012 09:50:50 - Software Distribution Service 3.0
RP8: 26-12-2012 12:12:36 - Removed Java(TM) 6 Update 3
RP9: 26-12-2012 12:13:12 - Removed Java(TM) 6 Update 33
RP10: 26-12-2012 17:25:13 - Installerede SpyHunter
RP11: 26-12-2012 20:01:55 - Fjernede SpyHunter
RP12: 26-12-2012 20:58:40 - Gendan handling
RP13: 26-12-2012 21:19:10 - Software Distribution Service 3.0
RP14: 27-12-2012 10:42:09 - Removed Sophos Anti-Virus
RP15: 27-12-2012 11:02:20 - Removed Java(TM) 6 Update 3
RP16: 27-12-2012 11:03:17 - Removed Sophos AutoUpdate
RP17: 27-12-2012 11:13:58 - Installed Sophos Virus Removal Tool.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) - Dansk
Adobe Shockwave Player 11.6
Advertising Center
Age of Empires III
AO Værktøj
ArcSoft Panorama Maker 3
Arkibas
Audacity 1.3.0
Bluesoleil2.6.0.8 Release 070517
Brother's Keeper 6.6
BUFFALO LinkStation(LS-WTGL/R1) Setup Guide
BUFFALO NAS Navigator
Caesar 3
Caesar IV
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CanoScan 8800F
CCleaner
Cisco Network Magic
CivCity
Color LaserJet 2600n
DAGE version 2.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Dell CinePlayer
Dell Driver Reset Tool
Dell Media Experience
Dell System Restore
DMX Update
ER Mapper ECW JPEG 2000 Plug-in for Internet Explorer [3.6.0.55]
FastStone Image Viewer 2.8
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPL MPEG-1/2 DirectShow Decoder Filter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix til Windows Internet Explorer 7 (KB947864)
Hotfix til Windows XP (KB2570791)
Hotfix til Windows XP (KB2633952)
Hotfix til Windows XP (KB2756822)
Hotfix til Windows XP (KB2779562)
HP Billed-cd
HP Photo and Imaging 2.3 - Scanjet 4600 Series
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
IrfanView (remove only)
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 33
Lizardtech DjVu Control
Lizardtech DjVu Control (autoinstall)
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DAN Language Pack
Microsoft .NET Framework 4 Client Profile DAN sprogpakke
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Base Smart Card Crypto-udbyder
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Danish) 2010
Microsoft Office Excel MUI (Danish) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (Danish) 2010
Microsoft Office Outlook MUI (Danish) 2010
Microsoft Office PowerPoint MUI (Danish) 2010
Microsoft Office Proof (Danish) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (Danish) 2010
Microsoft Office Publisher MUI (Danish) 2010
Microsoft Office Shared MUI (Danish) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Danish) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (Danish) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Morbus Gravis
MrSID Browser Plug-in 1.3
MrSID Viewer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
My Way Search Assistant
MySQL Connector/ODBC 3.51
Nero BackItUp
Nero BackItUp 4 Essentials
Nero ControlCenter
Nero Installer
Network Magic
NVIDIA Drivers
Opdatering til Microsoft Windows (KB971513)
Opdatering til Windows Internet Explorer 8 (KB2447568)
Opdatering til Windows Internet Explorer 8 (KB972636)
Opdatering til Windows Internet Explorer 8 (KB976662)
Opdatering til Windows Internet Explorer 8 (KB976749)
Opdatering til Windows Internet Explorer 8 (KB980182)
Opdatering til Windows XP (KB2541763)
Opdatering til Windows XP (KB2607712)
Opdatering til Windows XP (KB2616676)
Opdatering til Windows XP (KB2641690)
Opdatering til Windows XP (KB2661254-v2)
Opdatering til Windows XP (KB2718704)
Opdatering til Windows XP (KB2736233)
Opdatering til Windows XP (KB2749655)
Overførselsværktøj til Windows Live
PC Connectivity Solution
PDFCreator
pdfforge Toolbar v4.6
PhotoPad Image Editor
PhotoStage Slideshow Producer
Picasa 3
Praetorians
Print Server
Pure Networks Platform
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SAMSUNG PC Share Manager
Secunia PSI (2.0.0.3003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Security Update for Windows Search 4 - KB963093
Segoe UI
ShareIns
Sierra Utilities
Sikkerhedsopdatering til Microsoft Windows (KB2564958)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB928090)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB929969)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB931768)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB933566)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB937143)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB939653)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB969897)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB972260)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2183461)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2360131)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2416400)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2482017)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2497640)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2510531)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2530548)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2544521)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2559049)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2586448)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2618444)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2647516)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2675157)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2699988)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2722913)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2744842)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2761465)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB972260)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB974455)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB976325)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB981332)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB982381)
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player 10 (KB911565)
Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
Sikkerhedsopdatering til Windows XP (KB2412687)
Sikkerhedsopdatering til Windows XP (KB2476490)
Sikkerhedsopdatering til Windows XP (KB2485663)
Sikkerhedsopdatering til Windows XP (KB2491683)
Sikkerhedsopdatering til Windows XP (KB2503658)
Sikkerhedsopdatering til Windows XP (KB2503665)
Sikkerhedsopdatering til Windows XP (KB2506212)
Sikkerhedsopdatering til Windows XP (KB2506223)
Sikkerhedsopdatering til Windows XP (KB2507618)
Sikkerhedsopdatering til Windows XP (KB2507938)
Sikkerhedsopdatering til Windows XP (KB2508272)
Sikkerhedsopdatering til Windows XP (KB2508429)
Sikkerhedsopdatering til Windows XP (KB2509553)
Sikkerhedsopdatering til Windows XP (KB2511455)
Sikkerhedsopdatering til Windows XP (KB2535512)
Sikkerhedsopdatering til Windows XP (KB2536276-v2)
Sikkerhedsopdatering til Windows XP (KB2536276)
Sikkerhedsopdatering til Windows XP (KB2544893-v2)
Sikkerhedsopdatering til Windows XP (KB2544893)
Sikkerhedsopdatering til Windows XP (KB2555917)
Sikkerhedsopdatering til Windows XP (KB2562937)
Sikkerhedsopdatering til Windows XP (KB2566454)
Sikkerhedsopdatering til Windows XP (KB2567053)
Sikkerhedsopdatering til Windows XP (KB2567680)
Sikkerhedsopdatering til Windows XP (KB2570222)
Sikkerhedsopdatering til Windows XP (KB2570947)
Sikkerhedsopdatering til Windows XP (KB2584146)
Sikkerhedsopdatering til Windows XP (KB2585542)
Sikkerhedsopdatering til Windows XP (KB2592799)
Sikkerhedsopdatering til Windows XP (KB2598479)
Sikkerhedsopdatering til Windows XP (KB2603381)
Sikkerhedsopdatering til Windows XP (KB2618451)
Sikkerhedsopdatering til Windows XP (KB2619339)
Sikkerhedsopdatering til Windows XP (KB2620712)
Sikkerhedsopdatering til Windows XP (KB2621440)
Sikkerhedsopdatering til Windows XP (KB2624667)
Sikkerhedsopdatering til Windows XP (KB2631813)
Sikkerhedsopdatering til Windows XP (KB2633171)
Sikkerhedsopdatering til Windows XP (KB2639417)
Sikkerhedsopdatering til Windows XP (KB2641653)
Sikkerhedsopdatering til Windows XP (KB2646524)
Sikkerhedsopdatering til Windows XP (KB2647518)
Sikkerhedsopdatering til Windows XP (KB2653956)
Sikkerhedsopdatering til Windows XP (KB2655992)
Sikkerhedsopdatering til Windows XP (KB2659262)
Sikkerhedsopdatering til Windows XP (KB2660465)
Sikkerhedsopdatering til Windows XP (KB2676562)
Sikkerhedsopdatering til Windows XP (KB2685939)
Sikkerhedsopdatering til Windows XP (KB2686509)
Sikkerhedsopdatering til Windows XP (KB2691442)
Sikkerhedsopdatering til Windows XP (KB2695962)
Sikkerhedsopdatering til Windows XP (KB2698365)
Sikkerhedsopdatering til Windows XP (KB2705219)
Sikkerhedsopdatering til Windows XP (KB2707511)
Sikkerhedsopdatering til Windows XP (KB2709162)
Sikkerhedsopdatering til Windows XP (KB2712808)
Sikkerhedsopdatering til Windows XP (KB2718523)
Sikkerhedsopdatering til Windows XP (KB2719985)
Sikkerhedsopdatering til Windows XP (KB2723135)
Sikkerhedsopdatering til Windows XP (KB2724197)
Sikkerhedsopdatering til Windows XP (KB2727528)
Sikkerhedsopdatering til Windows XP (KB2731847)
Sikkerhedsopdatering til Windows XP (KB2753842-v2)
Sikkerhedsopdatering til Windows XP (KB2753842)
Sikkerhedsopdatering til Windows XP (KB2758857)
Sikkerhedsopdatering til Windows XP (KB2761226)
Sikkerhedsopdatering til Windows XP (KB2770660)
Sikkerhedsopdatering til Windows XP (KB2779030)
Sikkerhedsopdatering til Windows XP (KB923689)
Sonic Activation Module
Sonic Update Manager
Sonos Controller
Sophos Virus Removal Tool
Sound Blaster X-Fi
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
Squeezebox Server 7.5.4
swMSM
TDC Digital Signatur CSP
Tilmeldingsassistent til Windows Live
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WebFldrs XP
Windows Defender
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Essentials
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Hello Dragon Master Jay

Thank you very very much for you help. :D I have spend nearlig 2 days of my precius xmas hollidays trying solving this problem.

After running Combo-Fix, my computer is running correctly again and both Windows Defender and Microsoft Security Essential is up and running again.


Carolus

If it has any interrest, here is the results from Combo-Fix.

ComboFix 12-12-27.03 - Carl-Johan B. Madsen 27-12-2012 21:08:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.3582.2998 [GMT 1:00]
Kører fra: c:\documents and settings\Carl-Johan B. Madsen\Dokumenter\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Carl-Johan B. Madsen\WINDOWS
C:\t.txt
c:\windows\~GLC0000.TMP
c:\windows\~GLH0000.TMP
c:\windows\system32\Oleaut32.1
c:\windows\system32\SET99.tmp
c:\windows\system32\setb0.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-11-27 til 2012-12-27 )))))))))))))))))))))))))))))))))))
.
.
2012-12-27 13:32 . 2012-12-27 13:32 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2012-12-27 13:32 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-27 10:14 . 2012-12-27 10:14 73728 ----a-r- c:\documents and settings\Carl-Johan B. Madsen\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-27 10:14 . 2012-12-27 10:14 73728 ----a-r- c:\documents and settings\Carl-Johan B. Madsen\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-27 10:14 . 2012-12-27 10:14 73728 ----a-r- c:\documents and settings\Carl-Johan B. Madsen\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-12-27 10:07 . 2012-12-27 10:07 -------- d-----w- c:\programmer\Microsoft Security Client
2012-12-27 09:16 . 2012-12-27 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-12-27 09:16 . 2012-12-27 09:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-12-27 09:16 . 2012-12-27 09:16 -------- d-----w- c:\documents and settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\MFAData
2012-12-27 09:16 . 2012-12-27 09:16 -------- d-----w- c:\documents and settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Avg2013
2012-12-26 20:47 . 2012-12-26 20:47 -------- d-----w- c:\windows\Microsoft Antimalware
2012-12-26 20:08 . 2012-12-26 20:08 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-26 16:25 . 2012-12-26 16:25 -------- d-----w- c:\programmer\Enigma Software Group
2012-12-26 16:19 . 2012-12-26 16:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-26 15:14 . 2012-12-26 15:14 -------- d-----w- c:\documents and settings\Carl-Johan B. Madsen\Application Data\TestApp
2012-12-26 09:29 . 2012-12-26 09:29 -------- d-----w- c:\documents and settings\Carl-Johan B. Madsen\Application Data\Malwarebytes
2012-12-26 09:28 . 2012-12-26 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-12-25 21:47 . 2012-12-25 21:47 -------- d-----w- c:\programmer\Panda Security
2012-12-12 15:30 . 2012-12-12 15:30 110592 --sha-r- c:\windows\system32\rpcns4Z.dll
2012-12-11 15:00 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{19A050B3-F5AD-46B5-9440-10464AB1B9E4}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-09-17 15:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 12:23 . 2004-09-17 15:17 290560 ----a-w- c:\windows\system32\atmfd(2).dll
2012-11-13 11:55 . 2004-09-17 15:18 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 18:00 . 2007-04-08 15:48 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-06 00:41 . 2004-09-17 15:17 290560 ----a-w- c:\windows\system32\atmfd(3).dll
2012-11-02 02:04 . 2004-09-17 15:17 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2004-09-17 15:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2004-09-17 15:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2004-09-17 15:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-09-17 15:18 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2004-09-17 15:18 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((( Start steder I reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"CTDVDDET"="c:\programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"nmctxth"="c:\programmer\Fælles filer\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MSC"="c:\programmer\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Squeezebox Server-ikon I systembakken.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Squeezebox Server-ikon I systembakken.lnk
backup=c:\windows\pss\Squeezebox Server-ikon I systembakken.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Carl-Johan B. Madsen^Menuen Start^Programmer^Start^BUFFALO NAS Navigator.lnk]
path=c:\documents and settings\Carl-Johan B. Madsen\Menuen Start\Programmer\Start\BUFFALO NAS Navigator.lnk
backup=c:\windows\pss\BUFFALO NAS Navigator.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Carl-Johan B. Madsen^Menuen Start^Programmer^Start^NAS Scheduler.lnk]
path=c:\documents and settings\Carl-Johan B. Madsen\Menuen Start\Programmer\Start\NAS Scheduler.lnk
backup=c:\windows\pss\NAS Scheduler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\programmer\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDrvEmulator]
2005-11-04 18:07 49152 ------w- c:\programmer\Creative\Shared Files\Module Loader\DLLML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 16:06 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 03:12 94208 ----a-w- c:\programmer\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 07:56 139264 ----a-w- c:\programmer\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 16:50 221184 ----a-w- c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 16:50 81920 ----a-w- c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 16:05 1695232 ----a-w- c:\programmer\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-09-24 11:57 2254120 ----a-w- c:\programmer\Nero\Nero BackItUp 4\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-08 00:53 472112 ----a-w- c:\programmer\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-17 06:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 09:42 69632 ----a-w- c:\programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-15 08:30 204288 ------w- c:\programmer\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Sierra On-Line\\SIGSPat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\Hpqdirec.exe"=
"c:\\Programmer\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Programmer\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Programmer\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Programmer\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Programmer\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Programmer\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe"= c:\programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:Squeezebox Server 9000 tcp (UI)
"9090:TCP"= 9090:TCP:Squeezebox Server 9090 tcp (UI)
"3483:UDP"= 3483:UDP:Squeezebox Server 3483 udp
"3483:TCP"= 3483:TCP:Squeezebox Server 3483 tcp
"67:UDP"= 67:UDP:DHCP Discovery Service
"9001:TCP"= 9001:TCP:Squeezebox Server 9001 tcp (UI)
"9002:TCP"= 9002:TCP:Squeezebox Server 9002 tcp (UI)
"9003:TCP"= 9003:TCP:Squeezebox Server 9003 tcp (UI)
"9004:TCP"= 9004:TCP:Squeezebox Server 9004 tcp (UI)
"9005:TCP"= 9005:TCP:Squeezebox Server 9005 tcp (UI)
"9006:TCP"= 9006:TCP:Squeezebox Server 9006 tcp (UI)
"9007:TCP"= 9007:TCP:Squeezebox Server 9007 tcp (UI)
"9008:TCP"= 9008:TCP:Squeezebox Server 9008 tcp (UI)
"9009:TCP"= 9009:TCP:Squeezebox Server 9009 tcp (UI)
"9010:TCP"= 9010:TCP:Squeezebox Server 9010 tcp (UI)
"9100:TCP"= 9100:TCP:Squeezebox Server 9100 tcp (UI)
"8000:TCP"= 8000:TCP:Squeezebox Server 8000 tcp (UI)
"10000:TCP"= 10000:TCP:Squeezebox Server 10000 tcp (UI)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Fjernadministration
.
R2 MBAMScheduler;MBAMScheduler;c:\programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe [27-12-2012 14:32 399432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmer\McAfee\SiteAdvisor\McSACore.exe [02-10-2008 19:30 95232]
R2 NasPmService;NAS PM Service;c:\programmer\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\programmer\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 Secunia Update Agent;Secunia Update Agent;c:\programmer\Secunia\PSI\sua.exe --start-service --> c:\programmer\Secunia\PSI\sua.exe --start-service [?]
S2 MBAMService;MBAMService;c:\programmer\Malwarebytes' Anti-Malware\mbamservice.exe [27-12-2012 14:32 676936]
S2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~2\Cache\my.cnf SqueezeMySQL --> c:\progra~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~2\Cache\my.cnf SqueezeMySQL [?]
S3 EC168BDA;EC168BDA service;c:\windows\system32\DRIVERS\EC168BDA.sys --> c:\windows\system32\DRIVERS\EC168BDA.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27-12-2012 14:32 22856]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01-09-2010 09:30 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\programmer\Secunia\PSI\PSIA.exe --start-service --> c:\programmer\Secunia\PSI\PSIA.exe --start-service [?]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\programmer\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [08-01-2009 08:38 4136960]
S4 WinDefend;Windows Defender;c:\programmer\Windows Defender\MsMpEng.exe [03-11-2006 17:19 13592]
.
--- Andre Services/Drivers I Hukommelsen ---
.
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSCHEDULER
*NewlyCreated* - MBAMSERVICE
*NewlyCreated* - WS2IFSL
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2011-03-01 18:18]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2011-03-01 18:18]
.
2012-12-27 c:\windows\Tasks\ircbzr.job
- c:\windows\system32\rpcns4Z.dll [2012-12-12 15:30]
.
2012-03-15 c:\windows\Tasks\photopadShakeIcon.job
- c:\programmer\NCH Software\PhotoPad\photopad.exe [2011-07-27 16:16]
.
2011-07-27 c:\windows\Tasks\photostageShakeIcon.job
- c:\programmer\NCH Software\PhotoStage\photostage.exe [2011-07-27 16:15]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: S&end til OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: www.sa.dk
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
.
- - - - TOMME GENVEJE FJERNET - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\programmer\Java\jre7\bin\jusched.exe
MSConfigStartUp-LELA - c:\programmer\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-27 21:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\S-1-5-21-517972044-2121963301-3140073391-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5b,fb,95,14,fd,f6,67,62,50,3b,70,d4,c0,ff,a2,8d,13,2e,4e,a7,48,2b,46,
42,e7,3e,c5,de,03,93,3a,e9,4b,3a,13,30,5c,3d,f9,3b,b0,d7,df,97,71,87,02,27,\
"??"=hex:26,f5,42,1e,6f,3c,45,c9,90,b6,87,3a,dc,35,1d,7f
.
Gennemført tid: 2012-12-27 21:33:27
ComboFix-quarantined-files.txt 2012-12-27 20:33
.
Pre-Kørsel: 41.027.125.248 byte ledig
Post-Kørsel: 42.070.646.784 byte ledig
.
- - End Of File - - 07956BC42D719A08D09B3D7F372C5AD4
 
Let's do the following, please:

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
I have run TDSSKILLER With the following result: part1

12:08:26.0453 2292 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:08:26.0671 2292 ============================================================
12:08:26.0671 2292 Current date / time: 2012/12/29 12:08:26.0671
12:08:26.0671 2292 SystemInfo:
12:08:26.0671 2292
12:08:26.0671 2292 OS Version: 5.1.2600 ServicePack: 3.0
12:08:26.0671 2292 Product type: Workstation
12:08:26.0671 2292 ComputerName: FUSSINGB-CJBM1
12:08:26.0671 2292 UserName: Carl-Johan B. Madsen
12:08:26.0671 2292 Windows directory: C:\WINDOWS
12:08:26.0671 2292 System windows directory: C:\WINDOWS
12:08:26.0671 2292 Processor architecture: Intel x86
12:08:26.0671 2292 Number of processors: 2
12:08:26.0671 2292 Page size: 0x1000
12:08:26.0671 2292 Boot type: Normal boot
12:08:26.0671 2292 ============================================================
12:08:28.0296 2292 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:08:28.0375 2292 ============================================================
12:08:28.0375 2292 \Device\Harddisk0\DR0:
12:08:28.0375 2292 MBR partitions:
12:08:28.0375 2292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x123EC0EE
12:08:28.0375 2292 ============================================================
12:08:28.0421 2292 C: <-> \Device\Harddisk0\DR0\Partition1
12:08:28.0421 2292 ============================================================
12:08:28.0421 2292 Initialize success
12:08:28.0421 2292 ============================================================
12:09:10.0750 5552 ============================================================
12:09:10.0750 5552 Scan started
12:09:10.0750 5552 Mode: Manual; SigCheck; TDLFS;
12:09:10.0750 5552 ============================================================
12:09:11.0203 5552 ================ Scan system memory ========================
12:09:11.0203 5552 System memory - ok
12:09:11.0203 5552 ================ Scan services =============================
12:09:11.0296 5552 Abiosdsk - ok
12:09:11.0312 5552 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:09:11.0625 5552 abp480n5 - ok
12:09:11.0687 5552 [ 991B6D6FE2A4D70CAF76C41334E60926 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:09:11.0828 5552 ACPI - ok
12:09:11.0843 5552 [ 6F99FE216DE8C4875DBB12937620DA0C ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:09:11.0968 5552 ACPIEC - ok
12:09:12.0078 5552 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:09:12.0093 5552 AdobeFlashPlayerUpdateSvc - ok
12:09:12.0125 5552 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:09:12.0234 5552 adpu160m - ok
12:09:12.0250 5552 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:09:12.0375 5552 aec - ok
12:09:12.0453 5552 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:09:12.0484 5552 AFD - ok
12:09:12.0531 5552 [ B34B1AB0A7690A0E2301FEC6D17B2FC1 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
12:09:12.0546 5552 AFS2K ( UnsignedFile.Multi.Generic ) - warning
12:09:12.0546 5552 AFS2K - detected UnsignedFile.Multi.Generic (1)
12:09:12.0609 5552 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:09:12.0734 5552 agp440 - ok
12:09:12.0765 5552 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:09:12.0906 5552 agpCPQ - ok
12:09:12.0921 5552 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:09:12.0984 5552 Aha154x - ok
12:09:13.0000 5552 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:09:13.0109 5552 aic78u2 - ok
12:09:13.0125 5552 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:09:13.0234 5552 aic78xx - ok
12:09:13.0265 5552 [ 6642DB68B97ECB8088FBA2D2539FDB7E ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:09:13.0390 5552 Alerter - ok
12:09:13.0406 5552 [ AB74A1B7500ACA7D43D84804CBDF11FB ] ALG C:\WINDOWS\System32\alg.exe
12:09:13.0468 5552 ALG - ok
12:09:13.0484 5552 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:09:13.0609 5552 AliIde - ok
12:09:13.0640 5552 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:09:13.0796 5552 alim1541 - ok
12:09:13.0828 5552 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:09:13.0984 5552 amdagp - ok
12:09:14.0015 5552 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
12:09:14.0078 5552 amsint - ok
12:09:14.0078 5552 AppMgmt - ok
12:09:14.0125 5552 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
12:09:14.0234 5552 asc - ok
12:09:14.0250 5552 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:09:14.0328 5552 asc3350p - ok
12:09:14.0375 5552 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:09:14.0500 5552 asc3550 - ok
12:09:14.0609 5552 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:09:14.0625 5552 aspnet_state - ok
12:09:14.0640 5552 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:09:14.0796 5552 AsyncMac - ok
12:09:14.0812 5552 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:09:14.0921 5552 atapi - ok
12:09:14.0921 5552 Atdisk - ok
12:09:14.0953 5552 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:09:15.0093 5552 Atmarpc - ok
12:09:15.0156 5552 [ F6C00138B3F637DDE807005B16E61DCC ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:09:15.0281 5552 AudioSrv - ok
12:09:15.0296 5552 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:09:15.0406 5552 audstub - ok
12:09:15.0437 5552 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:09:15.0546 5552 Beep - ok
12:09:15.0578 5552 [ 51C84408E87A52187E25D839C58BDC45 ] BITS C:\WINDOWS\system32\qmgr.dll
12:09:15.0718 5552 BITS - ok
12:09:15.0734 5552 [ 852A1BD08E7DFEB9E30B5440881C0501 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
12:09:15.0796 5552 BlueletAudio - ok
12:09:15.0796 5552 [ 8FC27B12A02B43947787F0EF1885DF9B ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
12:09:15.0812 5552 BlueletSCOAudio - ok
12:09:15.0859 5552 [ E93DC965521ACE0132093FB203C5C9EE ] Browser C:\WINDOWS\System32\browser.dll
12:09:15.0890 5552 Browser - ok
12:09:15.0921 5552 [ C5CCE2B26F73F8CF7F3C82159E79AA08 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
12:09:15.0937 5552 BT - ok
12:09:15.0968 5552 [ DA473D279420234170DA795F1CAD4479 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
12:09:15.0984 5552 Btcsrusb - ok
12:09:16.0031 5552 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:09:16.0140 5552 BthEnum - ok
12:09:16.0140 5552 [ CE643D0918123D76A5CAAB008FCA9663 ] BTHidEnum C:\WINDOWS\system32\Drivers\vbtenum.sys
12:09:16.0156 5552 BTHidEnum - ok
12:09:16.0171 5552 [ DFCA4FE4C8AEC786B4D0F432EB730F48 ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
12:09:16.0187 5552 BTHidMgr - ok
12:09:16.0203 5552 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
12:09:16.0343 5552 BTHMODEM - ok
12:09:16.0390 5552 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:09:16.0500 5552 BthPan - ok
12:09:16.0546 5552 [ ED6A84EFD4EDD74FB73F8B39473D8A39 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
12:09:16.0593 5552 BTHPORT - ok
12:09:16.0640 5552 [ A424CC7B4F08346655422B1EA2736718 ] BthServ C:\WINDOWS\System32\bthserv.dll
12:09:16.0781 5552 BthServ - ok
12:09:16.0796 5552 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:09:16.0937 5552 BTHUSB - ok
12:09:17.0109 5552 [ 4F26303BECBB7CC5CA8FF39593124CF2 ] BTNetFilter C:\Programmer\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
12:09:17.0125 5552 BTNetFilter - ok
12:09:17.0234 5552 catchme - ok
12:09:17.0265 5552 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:09:17.0375 5552 cbidf - ok
12:09:17.0390 5552 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:09:17.0500 5552 cbidf2k - ok
12:09:17.0625 5552 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Programmer\Canon\CAL\CALMAIN.exe
12:09:17.0640 5552 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
12:09:17.0640 5552 CCALib8 - detected UnsignedFile.Multi.Generic (1)
12:09:17.0687 5552 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:09:17.0812 5552 CCDECODE - ok
12:09:17.0875 5552 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:09:17.0953 5552 cd20xrnt - ok
12:09:17.0968 5552 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:09:18.0078 5552 Cdaudio - ok
12:09:18.0093 5552 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:09:18.0203 5552 Cdfs - ok
12:09:18.0265 5552 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:09:18.0390 5552 Cdrom - ok
12:09:18.0406 5552 Changer - ok
12:09:18.0453 5552 [ 1838615C98AFA3A0AC1F4B15A113A82F ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:09:18.0562 5552 CiSvc - ok
12:09:18.0578 5552 [ 5CEA9FBC68FBD66A91E7EF09900AB566 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:09:18.0703 5552 ClipSrv - ok
12:09:18.0734 5552 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:09:18.0750 5552 clr_optimization_v2.0.50727_32 - ok
12:09:18.0843 5552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:09:18.0859 5552 clr_optimization_v4.0.30319_32 - ok
12:09:18.0906 5552 [ 5F473210A23E33AFAFEF3CF42B064D88 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:09:19.0015 5552 CmdIde - ok
12:09:19.0015 5552 COMSysApp - ok
12:09:19.0046 5552 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:09:19.0171 5552 Cpqarray - ok
12:09:19.0187 5552 [ 325D42794A21D1717B98F354ACF499E2 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:09:19.0312 5552 CryptSvc - ok
12:09:19.0359 5552 [ 8A9C65CE4FE6E8CB24CE06BA28D951A0 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
12:09:19.0390 5552 ctac32k - ok
12:09:19.0437 5552 [ 47236971DFB3E03690B98E41665D0924 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
12:09:19.0468 5552 ctaud2k - ok
12:09:19.0531 5552 [ 5A0EEB00B02FC78605AA9D3590B24978 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
12:09:19.0546 5552 ctdvda2k - ok
12:09:19.0578 5552 [ 2381CF056C15271F6B8DAB50FF82CF3A ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
12:09:19.0593 5552 ctprxy2k - ok
12:09:19.0640 5552 [ DA1C530DE86C85A701138B30FB145AF3 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
12:09:19.0656 5552 ctsfm2k - ok
12:09:19.0687 5552 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:09:19.0812 5552 dac2w2k - ok
12:09:19.0812 5552 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:09:19.0968 5552 dac960nt - ok
12:09:20.0031 5552 [ 059187B38452A01BB3B397691DDF3552 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:09:20.0062 5552 DcomLaunch - ok
12:09:20.0125 5552 [ A6E52FA9ADA7F92DEF4206C0F64F6784 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:09:20.0250 5552 Dhcp - ok
12:09:20.0265 5552 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:09:20.0390 5552 Disk - ok
12:09:20.0421 5552 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
12:09:20.0421 5552 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
12:09:20.0421 5552 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
12:09:20.0437 5552 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
12:09:20.0453 5552 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
12:09:20.0453 5552 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
12:09:20.0453 5552 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
12:09:20.0468 5552 DLADResN ( UnsignedFile.Multi.Generic ) - warning
12:09:20.0468 5552 DLADResN - detected UnsignedFile.Multi.Generic (1)
12:09:20.0468 5552 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
12:09:20.0468 5552 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
12:09:20.0468 5552 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
12:09:20.0484 5552 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
12:09:20.0484 5552 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
12:09:20.0484 5552 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
12:09:20.0500 5552 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
12:09:20.0500 5552 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
12:09:20.0500 5552 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
12:09:20.0515 5552 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
12:09:20.0515 5552 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
12:09:20.0515 5552 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
12:09:20.0531 5552 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
12:09:20.0531 5552 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
12:09:20.0531 5552 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
12:09:20.0546 5552 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
12:09:20.0546 5552 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
12:09:20.0546 5552 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
12:09:20.0546 5552 dmadmin - ok
12:09:20.0609 5552 [ 8A3088F97B2CAA3340BBB068F314E596 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:09:20.0734 5552 dmboot - ok
12:09:20.0781 5552 [ 6D152A2781FFBD6A63A1E58801240E8E ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:09:20.0921 5552 dmio - ok
12:09:20.0968 5552 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:09:21.0109 5552 dmload - ok
12:09:21.0171 5552 [ 6428446DF3FE5C3B439973FB4C43D38E ] dmserver C:\WINDOWS\System32\dmserver.dll
12:09:21.0296 5552 dmserver - ok
12:09:21.0375 5552 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:09:21.0500 5552 DMusic - ok
12:09:21.0546 5552 [ 42970873BC779A19C2BAAD3FC0D5833A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:09:21.0578 5552 Dnscache - ok
12:09:21.0625 5552 [ 0B8193A12175EAE5BC34063A63C49CFF ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:09:21.0750 5552 Dot3svc - ok
12:09:21.0765 5552 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:09:21.0921 5552 dpti2o - ok
12:09:21.0921 5552 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:09:22.0046 5552 drmkaud - ok
12:09:22.0046 5552 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
12:09:22.0046 5552 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
12:09:22.0046 5552 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
12:09:22.0062 5552 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
12:09:22.0062 5552 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
12:09:22.0062 5552 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
12:09:22.0093 5552 [ 391242693D1D56FFAD5782DD3A5DE29F ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:09:22.0218 5552 E100B - ok
12:09:22.0265 5552 [ 0849EACDC01487573ADD86F5E470806C ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:09:22.0296 5552 e1express - ok
12:09:22.0328 5552 [ 95885EC4562461D3AD78AA6AC714D32F ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:09:22.0437 5552 EapHost - ok
12:09:22.0453 5552 EC168BDA - ok
12:09:22.0468 5552 [ 661CF27263F3E0B553BE050A42D357DB ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
12:09:22.0500 5552 emupia - ok
12:09:22.0562 5552 [ 396038F82CB672D83E792092319024AA ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:09:22.0671 5552 ERSvc - ok
12:09:22.0734 5552 [ 32F091E3425759B126760F44B5E931C9 ] Eventlog C:\WINDOWS\system32\services.exe
12:09:22.0765 5552 Eventlog - ok
12:09:22.0828 5552 [ 72B9667D6F9FF2A85FCC43FDD7C8ED9F ] EventSystem C:\WINDOWS\system32\es.dll
12:09:22.0859 5552 EventSystem - ok
12:09:22.0906 5552 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:09:23.0015 5552 Fastfat - ok
12:09:23.0046 5552 [ A17D630FABFE7B796CBDBEE79F9E6612 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:09:23.0078 5552 FastUserSwitchingCompatibility - ok
12:09:23.0140 5552 [ B49EBD8514D56838D8D2601E2AB7FFD6 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:09:23.0265 5552 Fax - ok
12:09:23.0296 5552 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:09:23.0406 5552 Fdc - ok
12:09:23.0437 5552 [ BB52A20854CF3E8E0474EE7167C7A3A5 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:09:23.0562 5552 Fips - ok
12:09:23.0593 5552 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:09:23.0734 5552 Flpydisk - ok
12:09:23.0734 5552 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:09:23.0859 5552 FltMgr - ok
12:09:23.0937 5552 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:09:23.0953 5552 FontCache3.0.0.0 - ok
12:09:23.0984 5552 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:09:24.0109 5552 Fs_Rec - ok
12:09:24.0125 5552 [ 0A58505B5D0ABA661D2FF59CD8CF79B9 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:09:24.0250 5552 Ftdisk - ok
12:09:24.0312 5552 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:09:24.0421 5552 Gpc - ok
12:09:24.0531 5552 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programmer\Google\Update\GoogleUpdate.exe
12:09:24.0546 5552 gupdate - ok
12:09:24.0546 5552 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programmer\Google\Update\GoogleUpdate.exe
12:09:24.0562 5552 gupdatem - ok
12:09:24.0609 5552 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
12:09:24.0625 5552 gusvc - ok
12:09:24.0687 5552 [ 862D4185D43128FEF7818711F8F30436 ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys
12:09:24.0734 5552 ha20x2k - ok
12:09:24.0843 5552 [ 9E256613B0A999DDD2AA889E340CD402 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:09:24.0968 5552 helpsvc - ok
12:09:25.0031 5552 [ 8DBCD76C2A538C26357831DD14CD792F ] HidServ C:\WINDOWS\System32\hidserv.dll
12:09:25.0156 5552 HidServ - ok
12:09:25.0218 5552 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:09:25.0343 5552 HidUsb - ok
12:09:25.0390 5552 [ 8751C1091AF19D3787798DA90FFB0902 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:09:25.0500 5552 hkmsvc - ok
12:09:25.0531 5552 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
12:09:25.0640 5552 hpn - ok
12:09:25.0703 5552 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:09:25.0718 5552 HTTP - ok
12:09:25.0750 5552 [ 8E23B6943D42D0BE0419F3FFFDE93A31 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:09:25.0875 5552 HTTPFilter - ok
12:09:25.0906 5552 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:09:26.0015 5552 i2omgmt - ok
12:09:26.0062 5552 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:09:26.0171 5552 i2omp - ok
12:09:26.0187 5552 [ 42F890598EFB480076558CA3CC151107 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:09:26.0328 5552 i8042prt - ok
12:09:26.0421 5552 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
12:09:26.0453 5552 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
12:09:26.0453 5552 IAANTMon - detected UnsignedFile.Multi.Generic (1)
12:09:26.0484 5552 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
12:09:26.0515 5552 iastor - ok
12:09:26.0671 5552 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:09:26.0671 5552 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:09:26.0671 5552 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:09:26.0734 5552 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:09:26.0781 5552 idsvc - ok
12:09:26.0812 5552 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:09:26.0937 5552 Imapi - ok
12:09:27.0000 5552 [ F73C9C37D4B7453C2CB7DCFD2640C75F ] ImapiService C:\WINDOWS\system32\imapi.exe
12:09:27.0109 5552 ImapiService - ok
12:09:27.0156 5552 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:09:27.0265 5552 ini910u - ok
12:09:27.0296 5552 [ 3BCDDA95F24D21D4B050C9F0F531C88B ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:09:27.0421 5552 IntelIde - ok
12:09:27.0484 5552 [ D1CD31B6CD4A99F3B82AEC84CFDD4CBA ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:09:27.0609 5552 intelppm - ok
12:09:27.0640 5552 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:09:27.0781 5552 Ip6Fw - ok
12:09:27.0796 5552 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:09:27.0921 5552 IpFilterDriver - ok
12:09:27.0968 5552 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:09:28.0078 5552 IpInIp - ok
12:09:28.0109 5552 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:09:28.0234 5552 IpNat - ok
12:09:28.0250 5552 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:09:28.0375 5552 IPSec - ok
12:09:28.0406 5552 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:09:28.0453 5552 IRENUM - ok
12:09:28.0484 5552 [ 3CE6EC5903C59223B61F6A0B9B84B022 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:09:28.0625 5552 isapnp - ok
12:09:28.0718 5552 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programmer\Java\jre7\bin\jqs.exe
12:09:28.0734 5552 JavaQuickStarterService - ok
12:09:28.0750 5552 [ 32E823DFD0A7F18CF3B024F78C7AA7DD ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:09:28.0875 5552 Kbdclass - ok
12:09:28.0875 5552 [ 530D40F58095397B6B8AA5A0FDD074A5 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:09:29.0000 5552 kbdhid - ok
12:09:29.0015 5552 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:09:29.0140 5552 kmixer - ok
12:09:29.0203 5552 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:09:29.0218 5552 KSecDD - ok
12:09:29.0281 5552 [ F429B46A773ED6B84025C8EA9949188F ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:09:29.0312 5552 lanmanserver - ok
12:09:29.0375 5552 [ 62D286F1131AAD51B6D8D8249A27B8CA ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:09:29.0406 5552 lanmanworkstation - ok
12:09:29.0406 5552 lbrtfdc - ok
12:09:29.0468 5552 [ 508C79641EB2256D7B8FD9ED64AA7B53 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:09:29.0593 5552 LmHosts - ok
12:09:29.0656 5552 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:09:29.0671 5552 MBAMProtector - ok
12:09:29.0781 5552 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:09:29.0812 5552 MBAMScheduler - ok
12:09:29.0875 5552 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe
12:09:29.0906 5552 MBAMService - ok
12:09:30.0031 5552 [ 2241BA95626E55BE848A455273DDB018 ] McAfee SiteAdvisor Service C:\Programmer\McAfee\SiteAdvisor\McSACore.exe
12:09:30.0046 5552 McAfee SiteAdvisor Service - ok
12:09:30.0093 5552 [ 6C585D70D270607FF861D762494B25E2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:09:30.0234 5552 Messenger - ok
12:09:30.0265 5552 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:09:30.0390 5552 mnmdd - ok
12:09:30.0437 5552 [ 8184E5463AB9BB8CFB37A28852DB16C5 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:09:30.0593 5552 mnmsrvc - ok
12:09:30.0656 5552 [ 67AC997DB66FDFD07738DF58B45CD1B9 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:09:30.0781 5552 Modem - ok
12:09:30.0812 5552 [ 22774A2AB832972ECA2CE227819F5AF0 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:09:30.0937 5552 Mouclass - ok
12:09:30.0968 5552 [ 39F0A46109B167707018E8889D5FEC93 ] mouhid C:\WINDOWS\system32\
 
Part2:

DRIVERS\mouhid.sys
12:09:31.0093 5552 mouhid - ok
12:09:31.0093 5552 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:09:31.0218 5552 MountMgr - ok
12:09:31.0265 5552 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
12:09:31.0375 5552 MPE - ok
12:09:31.0453 5552 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:09:31.0468 5552 MpFilter - ok
12:09:31.0640 5552 [ A69630D039C38018689190234F866D77 ] MpKsl876d07b1 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5750B51-E434-4852-9FB1-D97E92908032}\MpKsl876d07b1.sys
12:09:31.0656 5552 MpKsl876d07b1 - ok
12:09:31.0703 5552 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:09:31.0828 5552 mraid35x - ok
12:09:31.0843 5552 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:09:31.0953 5552 MRxDAV - ok
12:09:32.0015 5552 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:09:32.0031 5552 MRxSmb - ok
12:09:32.0046 5552 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:09:32.0156 5552 Msfs - ok
12:09:32.0156 5552 MSIServer - ok
12:09:32.0187 5552 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:09:32.0296 5552 MSKSSRV - ok
12:09:32.0390 5552 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Programmer\Microsoft Security Client\MsMpEng.exe
12:09:32.0406 5552 MsMpSvc - ok
12:09:32.0453 5552 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:09:32.0578 5552 MSPCLOCK - ok
12:09:32.0640 5552 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:09:32.0781 5552 MSPQM - ok
12:09:32.0796 5552 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:09:32.0906 5552 mssmbios - ok
12:09:32.0953 5552 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:09:33.0062 5552 MSTEE - ok
12:09:33.0093 5552 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:09:33.0125 5552 Mup - ok
12:09:33.0156 5552 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:09:33.0281 5552 NABTSFEC - ok
12:09:33.0328 5552 [ 8FF76BFF355B66E320BC1E4429C22657 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:09:33.0468 5552 napagent - ok
12:09:33.0546 5552 NasPmService - ok
12:09:33.0546 5552 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:09:33.0656 5552 NDIS - ok
12:09:33.0703 5552 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:09:33.0843 5552 NdisIP - ok
12:09:33.0875 5552 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:09:33.0890 5552 NdisTapi - ok
12:09:33.0937 5552 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:09:34.0046 5552 Ndisuio - ok
12:09:34.0062 5552 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:09:34.0187 5552 NdisWan - ok
12:09:34.0250 5552 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:09:34.0265 5552 NDProxy - ok
12:09:34.0343 5552 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
12:09:34.0375 5552 Nero BackItUp Scheduler 4.0 - ok
12:09:34.0390 5552 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:09:34.0500 5552 NetBIOS - ok
12:09:34.0531 5552 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:09:34.0640 5552 NetBT - ok
12:09:34.0687 5552 [ 1B81D1D833268A82F979CB4CC8F7A4EF ] NetDDE C:\WINDOWS\system32\netdde.exe
12:09:34.0828 5552 NetDDE - ok
12:09:34.0828 5552 [ 1B81D1D833268A82F979CB4CC8F7A4EF ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:09:34.0937 5552 NetDDEdsdm - ok
12:09:35.0000 5552 [ AC9FCA8BCD685ABDB9928B1964B731A2 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:09:35.0125 5552 Netlogon - ok
12:09:35.0187 5552 [ 7B4A4A94389364565C2334A82FCDDF67 ] Netman C:\WINDOWS\System32\netman.dll
12:09:35.0296 5552 Netman - ok
12:09:35.0421 5552 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Programmer\Intel\PROSetWired\NCS\Sync\NetSvc.exe
12:09:35.0453 5552 NetSvc ( UnsignedFile.Multi.Generic ) - warning
12:09:35.0453 5552 NetSvc - detected UnsignedFile.Multi.Generic (1)
12:09:35.0500 5552 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:09:35.0515 5552 NetTcpPortSharing - ok
12:09:35.0562 5552 [ 3B0979E9506755266C100F43D3700CA7 ] Nla C:\WINDOWS\System32\mswsock.dll
12:09:35.0578 5552 Nla - ok
12:09:35.0671 5552 [ CD569FA91EC6F59D045C19D0D3850F44 ] nmservice C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe
12:09:35.0703 5552 nmservice - ok
12:09:35.0734 5552 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:09:35.0859 5552 Npfs - ok
12:09:35.0890 5552 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:09:36.0000 5552 Ntfs - ok
12:09:36.0015 5552 [ AC9FCA8BCD685ABDB9928B1964B731A2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:09:36.0125 5552 NtLmSsp - ok
12:09:36.0171 5552 [ 1FE8446399F6044504F569014A2599B3 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:09:36.0312 5552 NtmsSvc - ok
12:09:36.0312 5552 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:09:36.0437 5552 Null - ok
12:09:36.0640 5552 [ 5950E6CC9FB3FABB61604D395DBC8550 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:09:36.0843 5552 nv - ok
12:09:36.0890 5552 [ 9FE764D5EECCA13B0932FAB81A4A5A6F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:09:36.0906 5552 NVSvc - ok
12:09:36.0968 5552 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:09:37.0109 5552 NwlnkFlt - ok
12:09:37.0140 5552 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:09:37.0250 5552 NwlnkFwd - ok
12:09:37.0312 5552 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
12:09:37.0328 5552 ose - ok
12:09:37.0562 5552 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Programmer\Fælles filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:09:37.0734 5552 osppsvc - ok
12:09:37.0765 5552 [ 99F877A7BB6FEB5AF1184EAFE937C208 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
12:09:37.0781 5552 ossrv - ok
12:09:37.0828 5552 [ 9E048790F33FE5F4FA9D27B5650A1DD5 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:09:37.0937 5552 Parport - ok
12:09:37.0968 5552 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:09:38.0109 5552 PartMgr - ok
12:09:38.0140 5552 [ 48E97AF5B876301131E9D1B0C43212C3 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:09:38.0281 5552 ParVdm - ok
12:09:38.0281 5552 [ 5D756DA95BD1E2F6E495704715532FDC ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:09:38.0390 5552 PCI - ok
12:09:38.0406 5552 PCIDump - ok
12:09:38.0421 5552 [ 69CE0D409C11347196147EA4C6C02364 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:09:38.0515 5552 PCIIde - ok
12:09:38.0562 5552 [ E980B6D0CA6ACBA679A0AC810AB9A57C ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:09:38.0703 5552 Pcmcia - ok
12:09:38.0703 5552 PDCOMP - ok
12:09:38.0718 5552 PDFRAME - ok
12:09:38.0718 5552 PDRELI - ok
12:09:38.0718 5552 PDRFRAME - ok
12:09:38.0765 5552 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
12:09:38.0875 5552 perc2 - ok
12:09:38.0875 5552 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:09:39.0015 5552 perc2hib - ok
12:09:39.0125 5552 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Programmer\Nero\Nero BackItUp 4\IoctlSvc.exe
12:09:39.0140 5552 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
12:09:39.0140 5552 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
12:09:39.0156 5552 [ 32F091E3425759B126760F44B5E931C9 ] PlugPlay C:\WINDOWS\system32\services.exe
12:09:39.0171 5552 PlugPlay - ok
12:09:39.0234 5552 [ 36FCAC4FA28B462CA867742DEA59B0D0 ] pnarp C:\WINDOWS\system32\DRIVERS\pnarp.sys
12:09:39.0250 5552 pnarp - ok
12:09:39.0250 5552 [ AC9FCA8BCD685ABDB9928B1964B731A2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:09:39.0375 5552 PolicyAgent - ok
12:09:39.0421 5552 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:09:39.0546 5552 PptpMiniport - ok
12:09:39.0546 5552 [ AC9FCA8BCD685ABDB9928B1964B731A2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:09:39.0656 5552 ProtectedStorage - ok
12:09:39.0656 5552 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:09:39.0781 5552 PSched - ok
12:09:39.0812 5552 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
12:09:39.0828 5552 PSI - ok
12:09:39.0859 5552 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:09:39.0984 5552 Ptilink - ok
12:09:40.0046 5552 [ D8AC00388262B1A4878A7EE12F31D376 ] purendis C:\WINDOWS\system32\DRIVERS\purendis.sys
12:09:40.0062 5552 purendis - ok
12:09:40.0125 5552 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:09:40.0140 5552 PxHelp20 - ok
12:09:40.0156 5552 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:09:40.0265 5552 ql1080 - ok
12:09:40.0281 5552 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:09:40.0421 5552 Ql10wnt - ok
12:09:40.0453 5552 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:09:40.0593 5552 ql12160 - ok
12:09:40.0593 5552 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:09:40.0703 5552 ql1240 - ok
12:09:40.0734 5552 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:09:40.0875 5552 ql1280 - ok
12:09:40.0890 5552 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:09:41.0000 5552 RasAcd - ok
12:09:41.0031 5552 [ 82C008EC993ABA0BBC9D178B25F71746 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:09:41.0140 5552 RasAuto - ok
12:09:41.0187 5552 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:09:41.0296 5552 Rasl2tp - ok
12:09:41.0359 5552 [ 8A18F96203BE26AD7E6A4AF765610527 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:09:41.0468 5552 RasMan - ok
12:09:41.0500 5552 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:09:41.0609 5552 RasPppoe - ok
12:09:41.0609 5552 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:09:41.0718 5552 Raspti - ok
12:09:41.0750 5552 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:09:41.0859 5552 Rdbss - ok
12:09:41.0875 5552 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:09:41.0984 5552 RDPCDD - ok
12:09:42.0015 5552 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:09:42.0156 5552 rdpdr - ok
12:09:42.0218 5552 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:09:42.0234 5552 RDPWD - ok
12:09:42.0265 5552 [ 2C0AB39D91E3C9118A191A48F7BD67F6 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:09:42.0406 5552 RDSessMgr - ok
12:09:42.0468 5552 [ D2EA9DAE9A9F1BF40C0EA1D1D7C5592C ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:09:42.0578 5552 redbook - ok
12:09:42.0625 5552 [ BD3EA2FCA2D32B003874BA4819F1818C ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:09:42.0734 5552 RemoteAccess - ok
12:09:42.0750 5552 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:09:42.0890 5552 RFCOMM - ok
12:09:42.0906 5552 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:09:43.0015 5552 ROOTMODEM - ok
12:09:43.0046 5552 [ 9FABC6ADD7A3212EA934E62943DE252C ] RpcLocator C:\WINDOWS\system32\locator.exe
12:09:43.0156 5552 RpcLocator - ok
12:09:43.0203 5552 [ 059187B38452A01BB3B397691DDF3552 ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:09:43.0234 5552 RpcSs - ok
12:09:43.0296 5552 [ 72309905945D7EAAB911B376F86B95E6 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:09:43.0421 5552 RSVP - ok
12:09:43.0437 5552 [ AC9FCA8BCD685ABDB9928B1964B731A2 ] SamSs C:\WINDOWS\system32\lsass.exe
12:09:43.0546 5552 SamSs - ok
12:09:43.0578 5552 [ C8BF6AE55768820130ECF35A6E4D64CC ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:09:43.0687 5552 SCardSvr - ok
12:09:43.0734 5552 [ 7D53DC5DE342AF26401A3CBBBC8CAFB8 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:09:43.0859 5552 Schedule - ok
12:09:43.0906 5552 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:09:43.0968 5552 Secdrv - ok
12:09:44.0000 5552 [ 31C48478030803C99A050C47C22D4A9D ] seclogon C:\WINDOWS\System32\seclogon.dll
12:09:44.0109 5552 seclogon - ok
12:09:44.0171 5552 Secunia PSI Agent - ok
12:09:44.0171 5552 Secunia Update Agent - ok
12:09:44.0187 5552 [ 1DDA52FBBD05D3FA61A209447FA54AEF ] SENS C:\WINDOWS\system32\sens.dll
12:09:44.0296 5552 SENS - ok
12:09:44.0359 5552 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:09:44.0468 5552 serenum - ok
12:09:44.0484 5552 [ 680ED46039EBD4C23EB708F1AF6B9E5D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:09:44.0609 5552 Serial - ok
12:09:44.0703 5552 [ 78546CD2ECA6DD6BDCD4B13048621F88 ] ServiceLayer C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
12:09:44.0718 5552 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
12:09:44.0718 5552 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
12:09:44.0765 5552 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\
 
Part3:

drivers\Sfloppy.sys
12:09:44.0875 5552 Sfloppy - ok
12:09:44.0937 5552 [ 27BB7647B600A43147AA2D2C297660F0 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:09:45.0062 5552 SharedAccess - ok
12:09:45.0078 5552 [ A17D630FABFE7B796CBDBEE79F9E6612 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:09:45.0093 5552 ShellHWDetection - ok
12:09:45.0109 5552 Simbad - ok
12:09:45.0140 5552 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:09:45.0281 5552 sisagp - ok
12:09:45.0312 5552 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:09:45.0421 5552 SLIP - ok
12:09:45.0468 5552 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:09:45.0546 5552 Sparrow - ok
12:09:45.0609 5552 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:09:45.0718 5552 splitter - ok
12:09:45.0750 5552 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:09:45.0796 5552 Spooler - ok
12:09:45.0812 5552 SqueezeMySQL - ok
12:09:45.0828 5552 [ B3ECB8B07F7991132C71C1B16A82FFE3 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:09:45.0890 5552 sr - ok
12:09:45.0906 5552 [ 1E8F91A7CD08BDB7482746F97365E12E ] srservice C:\WINDOWS\system32\srsvc.dll
12:09:45.0968 5552 srservice - ok
12:09:46.0046 5552 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:09:46.0062 5552 Srv - ok
12:09:46.0109 5552 [ B1D1003D618961EB936A0717E74CB147 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:09:46.0171 5552 SSDPSRV - ok
12:09:46.0218 5552 [ 787E2A34B0BE4B102843D0659811C7AC ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:09:46.0343 5552 stisvc - ok
12:09:46.0390 5552 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:09:46.0531 5552 streamip - ok
12:09:46.0562 5552 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:09:46.0703 5552 swenum - ok
12:09:46.0703 5552 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:09:46.0828 5552 swmidi - ok
12:09:46.0828 5552 SwPrv - ok
12:09:46.0859 5552 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:09:46.0968 5552 symc810 - ok
12:09:47.0031 5552 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:09:47.0140 5552 symc8xx - ok
12:09:47.0203 5552 SYMIDSCO - ok
12:09:47.0218 5552 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:09:47.0359 5552 sym_hi - ok
12:09:47.0406 5552 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:09:47.0515 5552 sym_u3 - ok
12:09:47.0531 5552 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:09:47.0656 5552 sysaudio - ok
12:09:47.0687 5552 [ 6453945E83873CDC17E81B0E6A71E707 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:09:47.0796 5552 SysmonLog - ok
12:09:47.0828 5552 [ DD04BA74CF4D5D223675B1BD8326648E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:09:47.0937 5552 TapiSrv - ok
12:09:47.0984 5552 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:09:48.0000 5552 Tcpip - ok
12:09:48.0062 5552 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:09:48.0203 5552 TDPIPE - ok
12:09:48.0234 5552 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:09:48.0375 5552 TDTCP - ok
12:09:48.0390 5552 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:09:48.0500 5552 TermDD - ok
12:09:48.0562 5552 [ 14C8EC0AA06A33CCC5407E4324F91312 ] TermService C:\WINDOWS\System32\termsrv.dll
12:09:48.0687 5552 TermService - ok
12:09:48.0687 5552 [ A17D630FABFE7B796CBDBEE79F9E6612 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:09:48.0718 5552 Themes - ok
12:09:48.0750 5552 [ 9B0EDFA321A32202B0D0D94B853F0A78 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
12:09:48.0890 5552 TosIde - ok
12:09:48.0921 5552 [ F9D5FFA46CDE05C235EA258C02BA8A66 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:09:49.0031 5552 TrkWks - ok
12:09:49.0062 5552 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:09:49.0156 5552 Udfs - ok
12:09:49.0187 5552 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
12:09:49.0234 5552 ultra - ok
12:09:49.0296 5552 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:09:49.0421 5552 Update - ok
12:09:49.0453 5552 [ D091AA5963C06AFEC8BFC3D5B1B24647 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:09:49.0515 5552 upnphost - ok
12:09:49.0562 5552 [ 925EDCAE2170355679E1D2D1E638F68E ] UPS C:\WINDOWS\System32\ups.exe
12:09:49.0687 5552 UPS - ok
12:09:49.0734 5552 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:09:49.0843 5552 usbaudio - ok
12:09:49.0890 5552 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:09:50.0000 5552 usbccgp - ok
12:09:50.0078 5552 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:09:50.0187 5552 usbehci - ok
12:09:50.0203 5552 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:09:50.0312 5552 usbhub - ok
12:09:50.0359 5552 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:09:50.0500 5552 usbscan - ok
12:09:50.0500 5552 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:09:50.0625 5552 USBSTOR - ok
12:09:50.0687 5552 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:09:50.0796 5552 usbuhci - ok
12:09:50.0843 5552 [ 51750B0539986186C6931FC40D171521 ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
12:09:50.0859 5552 VComm - ok
12:09:50.0921 5552 [ 6D9C891C0A761AFED1F3609C2E56F2B9 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
12:09:50.0937 5552 VcommMgr - ok
12:09:50.0953 5552 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:09:51.0062 5552 VgaSave - ok
12:09:51.0109 5552 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:09:51.0203 5552 viaagp - ok
12:09:51.0234 5552 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:09:51.0343 5552 ViaIde - ok
12:09:51.0375 5552 [ 69D9E1DE5F897580F8B1D1957528B0B2 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:09:51.0484 5552 VolSnap - ok
12:09:51.0484 5552 vsdatant - ok
12:09:51.0531 5552 [ 3F5D90C4BB1C6A75E264E8D7148EB3CE ] VSS C:\WINDOWS\System32\vssvc.exe
12:09:51.0593 5552 VSS - ok
12:09:51.0609 5552 [ 1C398054BA3D3E75E991F548AB8D763F ] w32time C:\WINDOWS\system32\w32time.dll
12:09:51.0718 5552 w32time - ok
12:09:51.0734 5552 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:09:51.0843 5552 Wanarp - ok
12:09:51.0843 5552 WDICA - ok
12:09:51.0859 5552 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:09:51.0968 5552 wdmaud - ok
12:09:51.0984 5552 [ 1A85AD583CD64227203BDC1FE2AFA520 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:09:52.0109 5552 WebClient - ok
12:09:52.0203 5552 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Programmer\Windows Defender\MsMpEng.exe
12:09:52.0218 5552 WinDefend - ok
12:09:52.0328 5552 [ C16C23396F1C1BA7D170C54EC4E78F1B ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:09:52.0453 5552 winmgmt - ok
12:09:52.0531 5552 [ ABE4DAF361BB0A3EDE089CC2CC9C415B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
12:09:52.0593 5552 WinRM - ok
12:09:52.0812 5552 [ 871A8AABE38EF9EAD4400A32778F9546 ] WiselinkPro C:\Programmer\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
12:09:52.0984 5552 WiselinkPro ( UnsignedFile.Multi.Generic ) - warning
12:09:52.0984 5552 WiselinkPro - detected UnsignedFile.Multi.Generic (1)
12:09:53.0046 5552 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:09:53.0078 5552 WmdmPmSN - ok
12:09:53.0140 5552 [ A11D7A4DBABBF29BD66E189905C21D4E ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:09:53.0265 5552 WmiApSrv - ok
12:09:53.0375 5552 [ 6EE45AD8DBEF8785B8CD312736626EBE ] WMPNetworkSvc C:\Programmer\Windows Media Player\WMPNetwk.exe
12:09:53.0406 5552 WMPNetworkSvc - ok
12:09:53.0546 5552 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:09:53.0578 5552 WPFFontCache_v0400 - ok
12:09:53.0640 5552 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:09:53.0750 5552 WS2IFSL - ok
12:09:53.0796 5552 [ BC71BC51DD57E792851D31795F3EDBF1 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:09:53.0906 5552 wscsvc - ok
12:09:53.0921 5552 WSearch - ok
12:09:53.0953 5552 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:09:54.0062 5552 WSTCODEC - ok
12:09:54.0093 5552 [ 2BC349942C6CE07736F78BEC266816CE ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:09:54.0203 5552 wuauserv - ok
12:09:54.0250 5552 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:09:54.0281 5552 WudfPf - ok
12:09:54.0296 5552 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:09:54.0312 5552 WudfRd - ok
12:09:54.0343 5552 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:09:54.0375 5552 WudfSvc - ok
12:09:54.0453 5552 [ F335FB0F45374C2EA9C3EBA798EB550D ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:09:54.0593 5552 WZCSVC - ok
12:09:54.0609 5552 [ 3FEE6C536D5BFC0F1B6BCA56F97D1F80 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:09:54.0718 5552 xmlprov - ok
12:09:54.0734 5552 ================ Scan global ===============================
12:09:54.0796 5552 [ 0F8B96647BAEE41953B838F8E29C7069 ] C:\WINDOWS\system32\basesrv.dll
12:09:54.0859 5552 [ 4A8D86E8E4E8918B302D1B95509C8631 ] C:\WINDOWS\system32\winsrv.dll
12:09:54.0875 5552 [ 4A8D86E8E4E8918B302D1B95509C8631 ] C:\WINDOWS\system32\winsrv.dll
12:09:54.0875 5552 [ 32F091E3425759B126760F44B5E931C9 ] C:\WINDOWS\system32\services.exe
12:09:54.0890 5552 [Global] - ok
12:09:54.0890 5552 ================ Scan MBR ==================================
12:09:54.0906 5552 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
12:09:55.0296 5552 \Device\Harddisk0\DR0 - ok
12:09:55.0296 5552 ================ Scan VBR ==================================
12:09:55.0328 5552 [ C1B981FC2B124A28B6EC518E660A8E7F ] \Device\Harddisk0\DR0\Partition1
12:09:55.0328 5552 \Device\Harddisk0\DR0\Partition1 - ok
12:09:55.0328 5552 ============================================================
12:09:55.0328 5552 Scan finished
12:09:55.0328 5552 ============================================================
12:09:55.0437 4972 Detected object count: 19
12:09:55.0437 4972 Actual detected object count: 19
12:11:58.0359 4972 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0359 4972 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0359 4972 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0359 4972 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0359 4972 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0359 4972 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0359 4972 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0359 4972 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0359 4972 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0359 4972 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0359 4972 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0359 4972 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0359 4972 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0359 4972 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0359 4972 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0359 4972 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0359 4972 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0359 4972 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0375 4972 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0375 4972 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0375 4972 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0375 4972 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0375 4972 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0375 4972 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0375 4972 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0375 4972 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0375 4972 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0375 4972 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0375 4972 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0375 4972 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0375 4972 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0375 4972 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0375 4972 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0375 4972 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0375 4972 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0375 4972 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:58.0375 4972 WiselinkPro ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:58.0375 4972 WiselinkPro ( UnsignedFile.Multi.Generic ) - User select action: Skip
 
OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
Attached the result from OTL Part 1

OTL logfile created on: 29-12-2012 23:10:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3,50 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 75,95% Memory free
5,34 Gb Paging File | 4,55 Gb Available in Paging File | 85,30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 145,96 Gb Total Space | 38,02 Gb Free Space | 26,05% Space Free | Partition Type: NTFS

Computer Name: FUSSINGB-CJBM1 | User Name: Carl-Johan B. Madsen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-12-29 23:10:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\OTL.exe
PRC - [2012-10-23 15:35:40 | 000,095,232 | ---- | M] (McAfee, Inc.) -- C:\Programmer\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-09-24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programmer\Java\jre7\bin\jqs.exe
PRC - [2012-09-12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programmer\Microsoft Security Client\MsMpEng.exe
PRC - [2012-09-12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Security Client\msseces.exe
PRC - [2011-04-19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programmer\Secunia\PSI\sua.exe
PRC - [2010-01-09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Fælles filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009-07-07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009-07-07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008-09-24 12:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008-09-24 12:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Programmer\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008-04-14 17:05:54 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Outlook Express\msimn.exe
PRC - [2008-04-14 17:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-29 12:59:20 | 000,245,760 | R--- | M] (BUFFALO INC.) -- C:\Programmer\BUFFALO\NASNAVI\nassvc.exe
PRC - [2006-11-03 17:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Defender\MSASCui.exe
PRC - [2006-03-02 04:53:36 | 000,717,312 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2005-10-14 12:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2005-09-30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programmer\Canon\CAL\CALMAIN.exe
PRC - [2005-09-08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005-06-17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (No Company Name) ==========

MOD - [2012-07-27 21:51:46 | 000,300,544 | ---- | M] () -- C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.DAN
MOD - [2009-07-13 16:37:04 | 000,152,112 | ---- | M] () -- C:\Programmer\Fælles filer\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009-07-13 16:37:04 | 000,098,304 | ---- | M] () -- C:\Programmer\Fælles filer\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008-09-30 13:05:22 | 000,071,696 | ---- | M] () -- c:\Programmer\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2008-09-30 13:05:18 | 000,207,376 | ---- | M] () -- c:\Programmer\McAfee\SiteAdvisor\cntscan.dll
MOD - [2008-09-30 13:05:16 | 000,117,264 | ---- | M] () -- c:\Programmer\McAfee\SiteAdvisor\apengine.dll
MOD - [2001-10-28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [2001-03-15 14:39:38 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\PRTdlink.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012-12-28 09:00:49 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-10-23 15:35:40 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programmer\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programmer\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-09-12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programmer\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011-04-19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programmer\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011-04-19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programmer\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011-04-14 08:20:14 | 004,149,248 | ---- | M] () [Auto | Stopped] -- C:\Programmer\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2010-01-09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programmer\Fælles filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010-01-09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009-07-07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009-01-08 08:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Programmer\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2008-09-24 12:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008-09-24 12:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Programmer\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008-02-29 12:59:20 | 000,245,760 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programmer\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2007-03-26 12:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programmer\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006-11-03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programmer\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005-09-30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programmer\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005-06-17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)
SRV - [2004-10-22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\FÆLLES~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\EC168BDA.sys -- (EC168BDA)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\CARL-J~1.MAD\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012-09-29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-09-01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009-07-07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009-07-07 13:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008-04-13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008-02-27 21:49:07 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007-05-11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007-05-09 01:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007-03-05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007-03-05 05:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007-03-05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007-03-05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007-03-05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007-03-05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2006-11-21 22:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programmer\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006-02-15 07:40:24 | 001,096,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005-11-08 13:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2005-11-08 13:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005-11-08 13:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005-11-08 13:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005-11-08 13:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005-11-08 13:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005-09-08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005-09-08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005-09-08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005-09-08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005-09-08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005-09-08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005-09-08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005-08-25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005-08-25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005-07-13 10:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programmer\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {5E7457D5-EA8A-4DB3-9612-3BF128E87B65}
IE - HKCU\..\SearchScopes\{5E7457D5-EA8A-4DB3-9612-3BF128E87B65}: "URL" = http://www.google.dk/search?q={sear...={outputEncoding}&sourceid=ie7&rlz=1I7WZPA_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9D4DFB6A-3749-4EE7-B893-7802AE5EAA74}: "URL" = http://dk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKCU\..\SearchScopes\{ACD7F5AB-69B0-4582-A8C9-BB7CF68AE87F}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa2,version=2.0.0: C:\Programmer\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Programmer\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programmer\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Programmer\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmer\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programmer\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programmer\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Programmer\McAfee\SiteAdvisor [2012-12-26 21:03:58 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programmer\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programmer\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programmer\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmer\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programmer\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programmer\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmer\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Updater (Enabled) = C:\Programmer\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Programmer\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Programmer\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programmer\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmer\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: McAfee SiteAdvisor = C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\

O1 HOSTS File: ([2012-12-27 21:27:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programmer\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmer\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programmer\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTDVDDET] C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [MSC] c:\Programmer\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
 
Part 2 of OTL scan.

O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programmer\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: S&end til OneNote - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: www.sa.dk ([]https in Websteder, du har tillid til)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} http://downol.dr.dk/download/netradio/Rawflow.cab (Rawflow ICD Client)
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} https://www.sparostjyl.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab (ActiveX sikkerhedssoftware Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab (DjVuCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} http://www.turntool.com/ViewerInstall.exe (TurnTool Scene)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1351090639921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe (Util Class)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D06812AA-0D08-41EF-BE66-F3821FCDC6FD}: DhcpNameServer = 193.162.153.164 194.239.134.83
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programmer\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programmer\Fælles filer\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programmer\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop Components:1 () - http://arkiv.kms.dk/mpn/
O24 - Desktop WallPaper: C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programmer\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programmer\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-09-17 16:31:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-12-29 23:10:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\OTL.exe
[2012-12-29 12:07:52 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\tdsskiller.exe
[2012-12-27 20:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012-12-27 20:45:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-12-27 20:43:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-12-27 20:43:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-12-27 20:43:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-12-27 20:43:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-12-27 20:42:08 | 005,014,125 | R--- | C] (Swearware) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\ComboFix.exe
[2012-12-27 20:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-12-27 20:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012-12-27 14:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
[2012-12-27 14:32:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-12-27 14:32:09 | 000,000,000 | ---D | C] -- C:\Programmer\Malwarebytes' Anti-Malware
[2012-12-27 11:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Menuen Start\Programmer\Sophos
[2012-12-27 11:07:33 | 000,000,000 | ---D | C] -- C:\Programmer\Microsoft Security Client
[2012-12-27 10:16:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012-12-27 10:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\MFAData
[2012-12-27 10:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012-12-27 10:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Avg2013
[2012-12-26 21:47:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2012-12-26 21:00:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Recent
[2012-12-26 20:59:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012-12-26 20:11:53 | 000,000,000 | ---D | C] -- C:\Programmer\Microsoft Security Client(2)
[2012-12-26 17:25:14 | 000,000,000 | ---D | C] -- C:\Programmer\Enigma Software Group
[2012-12-26 17:19:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-12-26 16:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\TestApp
[2012-12-26 10:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Malwarebytes
[2012-12-26 10:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-12-25 22:47:39 | 000,000,000 | ---D | C] -- C:\Programmer\Panda Security
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-12-29 23:10:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\OTL.exe
[2012-12-29 23:10:13 | 000,004,096 | ---- | M] () -- C:\WINDOWS\MKDEWE.TRN
[2012-12-29 23:08:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-12-29 23:08:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-12-29 22:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-12-29 12:08:00 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\tdsskiller.exe
[2012-12-29 09:28:18 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Sonos.lnk
[2012-12-28 09:59:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-12-27 21:48:46 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012-12-27 21:33:28 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\ircbzr.job
[2012-12-27 21:27:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-12-27 20:58:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-12-27 20:58:29 | 3756,167,168 | -HS- | M] () -- C:\hiberfil.sys
[2012-12-27 20:45:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-12-27 20:42:19 | 005,014,125 | R--- | M] (Swearware) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\ComboFix.exe
[2012-12-27 20:35:13 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2012-12-27 14:32:11 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012-12-27 11:14:11 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Skrivebord\Sophos Virus Removal Tool.lnk
[2012-12-27 11:07:59 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012-12-27 10:45:02 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2012-12-27 10:45:02 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2012-12-27 10:45:02 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2012-12-27 10:45:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012-12-27 10:45:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012-12-27 10:11:24 | 000,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-12-26 16:16:40 | 000,725,622 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012-12-12 16:30:51 | 000,110,592 | RHS- | M] () -- C:\WINDOWS\System32\rpcns4Z.dll
[2012-12-11 16:25:53 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Skrivebord\Homebanking.url
[2012-12-10 14:27:38 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Carl-Johan B. Madsen\LAViewer.properties
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-12-28 09:00:49 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-12-27 21:48:46 | 000,000,378 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012-12-27 20:45:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-12-27 20:45:54 | 000,260,800 | RHS- | C] () -- C:\cmldr
[2012-12-27 20:43:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-12-27 20:43:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-12-27 20:43:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-12-27 20:43:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-12-27 20:43:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-12-27 14:32:11 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012-12-27 11:14:11 | 000,002,098 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Skrivebord\Sophos Virus Removal Tool.lnk
[2012-12-27 11:07:54 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Microsoft Security Essentials.lnk
[2012-12-26 16:15:41 | 000,725,622 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012-12-26 03:44:07 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012-12-12 16:30:51 | 000,110,592 | RHS- | C] () -- C:\WINDOWS\System32\rpcns4Z.dll
[2012-12-12 16:30:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\ircbzr.job
[2012-10-31 16:30:18 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\V93GE
[2012-07-10 19:50:12 | 000,572,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\WPFFontCache_v0400-S-1-5-21-517972044-2121963301-3140073391-1006-0.dat
[2012-06-10 09:34:30 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\R49LW
[2012-06-09 22:27:09 | 000,250,486 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\WPFFontCache_v0400-System.dat
[2012-03-06 17:18:13 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\.recently-used.xbel
[2012-03-06 17:15:10 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\.gtk-bookmarks
[2011-05-15 15:36:40 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008-11-15 13:22:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\temp.dat
[2006-04-12 12:53:11 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-04-12 12:12:30 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\LAViewer.properties
[2006-04-10 17:54:25 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004-09-17 16:37:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 17:05:31 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 11:53:27 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 17:05:37 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007-09-20 15:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011-07-17 10:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2008-10-25 13:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlazeVideo
[2009-12-13 12:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2012-12-27 10:16:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-08-16 14:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2010-06-15 16:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012-10-31 16:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LaserSoft Imaging
[2009-01-31 10:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2009-08-22 10:19:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2012-12-27 10:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-01-27 17:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012-12-29 09:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonos,_Inc
[2012-12-27 11:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009-12-25 15:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Squeezebox
[2009-12-25 15:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SqueezeCenter
[2009-10-10 17:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006-04-21 14:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\AOHackers
[2011-07-17 10:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Babylon
[2012-10-31 16:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Canon
[2006-07-03 12:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Cryptomathic
[2007-02-22 21:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\FileOpen
[2008-08-20 20:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\FTW
[2012-03-06 17:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\gtk-2.0
[2012-10-31 16:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Lasersoft Imaging
[2006-06-17 17:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Leadertech
[2008-02-27 19:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Mappen Share-to-Web-overførsel
[2010-06-15 16:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Nokia
[2011-01-27 17:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\PC Suite
[2010-01-26 19:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\pdfforge
[2011-03-02 19:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Registry Mechanic
[2011-08-28 09:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Search Settings
[2012-03-27 17:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\TeamViewer
[2012-12-26 16:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\TestApp
[2008-05-05 09:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Uniblue
[2011-06-13 21:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Windows Desktop Search
[2009-04-11 16:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Windows Search

========== Purity Check ==========


< End of report >
 
OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)



Hitman Pro

Please download Hitman Pro

  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  • Upload log.xml here for review please
 
The OTL report:

All processes killed
========== OTL ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev tømt.
C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\cmd.bat deleted successfully.
C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Carl-Johan B. Madsen
->Temp folder emptied: 34415033 bytes
->Temporary Internet Files folder emptied: 59867164 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1022 bytes

User: CARL-J~1~MAD

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Ejer

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: NetworkService
->Temp folder emptied: 17832 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2660 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76030 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01012013_125046
Files\Folders moved on Reboot...
C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\U6A18NNQ\ads[7].htm moved successfully.
C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\U6A18NNQ\google-search-hijacked[1].htm moved successfully.
C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C16NCUDC\zrt_lookup[1].html moved successfully.
C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
The HIT man report:

All processes killed
========== OTL ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev tømt.
C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\cmd.bat deleted successfully.
C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Carl-Johan B. Madsen
->Temp folder emptied: 34415033 bytes
->Temporary Internet Files folder emptied: 59867164 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1022 bytes

User: CARL-J~1~MAD

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Ejer

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: NetworkService
->Temp folder emptied: 17832 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2660 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76030 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01012013_125046
Files\Folders moved on Reboot...
C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\U6A18NNQ\ads[7].htm moved successfully.
C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\U6A18NNQ\google-search-hijacked[1].htm moved successfully.
C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C16NCUDC\zrt_lookup[1].html moved successfully.
C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
At the moment I can't start windows Defender and Microsoft Security Essential.
 
Sorry New year :)

And happy new year to you.

Is my computer still very hard indfected?
Are other computeres in my network in danger?
Is it only files connected to internet browsing there are infected or will all files on my computer be in danger?

Hitman Scan

Code: 
HitmanPro 3.7.0.185
[URL='http://www.hitmanpro.com']www.hitmanpro.com[/URL]
   Computer name . . . . : FUSSINGB-CJBM1
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : FUSSINGB-CJBM1\Carl-Johan B. Madsen
   License . . . . . . . : Trial (30 days left)
   Scan date . . . . . . : 2013-01-01 13:01:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 6s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 84
   Objects scanned . . . : 952.266
   Files scanned . . . . : 18.723
   Remnants scanned  . . : 267.091 files / 666.452 keys
Malware _____________________________________________________________________
   C:\WINDOWS\system32\rpcns4Z.dll -> Quarantined
      Size . . . . . . . : 110.592 bytes
      Age  . . . . . . . : 19.9 days (2012-12-12 16:30:51)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : BC2C0FD79E786B6410E6216C4EC83835F918EDB4ECF1636B0ACDFA72C1DFE0F6
    > G Data . . . . . . : Gen:Variant.Kazy.127770 (Engine A)
      Fuzzy  . . . . . . : 116.0
      Startup
         C:\WINDOWS\Tasks\ircbzr.job

Potential Unwanted Programs _________________________________________________
   C:\Documents and Settings\All Users\Application Data\Babylon\ (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Babylon\ (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Babylon\log_file.txt (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\ (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\ (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\bab025.cbid20.dat (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\bab027.Ttype010611_def.dat (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\bab065.engset.dat (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\bab091.norecovericon.dat (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\bab094.band.dat (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\Babylon.dat (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\ (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\cmbx.png (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\common.js (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\eula.html (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\lngs.png (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page1.css (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page1.html (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page1.js (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page1Lrg.css (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page2.css (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page2.html (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page2.js (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page2Lrg.css (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page9.html (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\pBar.gif (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\title1.png (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\title2.png (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\toolBar.jpg (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\vIcn.png (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\Setup-client-x-9.0.3.9.zpb (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\Setup-tbmntr-9.0.3.9.zpb (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\Setup-tc-9.0.3.9.zpb (Babylon)
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\Setup.exe (Babylon)
      Size . . . . . . . : 1.778.288 bytes
      Age  . . . . . . . : 534.1 days (2011-07-17 10:07:19)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 21FDE76D4F10B7E5060461015B77F63F6C087384D93E326079587F16B47A367A
      Product  . . . . . : Setup Module
      Publisher  . . . . : Babylon Ltd.
      Description  . . . : Setup Application
      Version  . . . . . : 9.0.3.9
      Copyright  . . . . : Copyright © Babylon Ltd. 1997-2011
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0
   C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\SetupStrings.dat (Babylon)
Cookies _____________________________________________________________________
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\0ZU3F4JG.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\1N6V9280.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\22QG1Z1A.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\2WKTRQ59.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\3HKWXRIT.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\4EP6VF87.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\565XJSVP.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\60UT7QP3.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\6LV13C0H.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\73PMLINZ.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\8TGQII6V.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\9Y5PUCC3.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\BA0ZCGF3.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\carl-johan_b._madsen@agilent.112.2o7[3].txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\CB8W0KKJ.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\DTVV99U1.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\E0EJ602Z.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\E7SNQQJN.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\EVXQFDB3.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\H7S0P7T1.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\HDF7DEND.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\HJ8XEA6J.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\I7OO3UEQ.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\J9X3VX1D.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\JCOK0A76.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\LBUW4UTR.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\LQGR1EY3.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\M8B371MA.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\M8IF8X89.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\MPR9K3ZP.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\NBEXCXRX.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\P7SAZ3K1.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\QE0UBX6E.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\R2W7RUG6.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\R3AUJ09G.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\RVBXAA1G.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\STDXE7OX.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\T2Z6QEV6.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\U6NJL4UH.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\UCQVW6UE.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\UN9I91GH.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\UTZ0872P.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\X2W6GS6B.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\XF66FWTO.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\XXXUESXD.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\Y0PGRN3J.txt
   C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\ZMAMVI9V.txt
 
Not too bad. Shouldn't be a problem for the other computers, just monitor them closely.

Let's do the following to finish up the removal process...

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

  • Double-click the Setup file to install it on your computer.
  • Once it has installed, review and accept the agreement and press the Start button.
  • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
    image1nz.png
  • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
    image2pmb.png
  • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
    image3vd.png
  • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
  • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
    image5mf.png
  • Then, choose Save. Also, in the Automatic Report tab, select Save:
    image4vy.png
  • Please post the reports in your next reply.
  • Once you exit, the tool should uninstall automatically.


Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.
 
The Scan report from kaspersky, but there is a problem. While removing Threads the program blocked the computer so I didn't got the chance to save results. There was som kind of trojan Horse found, but a second scan found nothing. I couldn't save the new report. The report from Kaspersky is Zipped, se below.

I hope we are at the end of the road now :)

# AdwCleaner v2.104 - Logfil lavet d. 02/01/2013 kl. 16:49:13
# Opdateret d. 29/12/2012 af Xplode
# Operativ system : Microsoft Windows XP Service Pack 3 (32 bits)
# Bruger : Carl-Johan B. Madsen - FUSSINGB-CJBM1
# Boot Mode : Normal
# Kører fra : C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\adwcleaner.exe
# Indstilling [Slet]

***** [Servicer] *****

***** [Filer / Mapper] *****
Mapper Slettet : C:\Documents and Settings\All Users\Application Data\Babylon
Mapper Slettet : C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Babylon
Mapper Slettet : C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\pdfforge
Mapper Slettet : C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Search Settings
Mapper Slettet : C:\Programmer\Application Updater
Mapper Slettet : C:\Programmer\Fælles filer\spigot
Mapper Slettet : C:\Programmer\pdfforge Toolbar
***** [Registeret] *****
Nøgle Slettet : HKCU\Software\Conduit
Nøgle Slettet : HKLM\Software\Application Updater
Nøgle Slettet : HKLM\Software\Conduit
Nøgle Slettet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
Nøgle Slettet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Nøgle Slettet : HKLM\Software\pdfforge
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registeret er rent.
*************************
AdwCleaner[S1].txt - [1512 octets] - [02/01/2013 16:49:13]
########## EOF - C:\AdwCleaner[S1].txt - [1572 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.3.2 (12.29.2012:3)
OS: Microsoft Windows XP x86
Ran by Carl-Johan B. Madsen on 02-01-2013 at 17:00:31,76
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}

~~~ Files

~~~ Folders


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02-01-2013 at 17:06:51,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Attachments

  • kaspersky.zip
    815.4 KB · Views: 0
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Here is the result from Security Check:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Sophos Virus Removal Tool
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Windows Defender
McAfee SiteAdvisor
Secunia PSI (2.0.0.3003)
CCleaner
Java(TM) 6 Update 37
Java 7 Update 9
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 8.0.552.237
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

If this is the end, I will say thank for you help an patients with me.
 
Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
391
trparky
T
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back