Google search hijacked

Solved
By Carolus
Dec 27, 2012
Topic Status:
Not open for further replies.
  1. Hello

    Seach result look ok but clicking the link I'am redirected to another address. Also Microsoft Security Essentiels is down.

    I have followed the 4 steps.

    See attached, I'am afraid that some of it is in Danish. Hope I can get some help anyway:)


    alwarebytes Anti-Malware (Prøveversion) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.12.27.05
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Carl-Johan B. Madsen :: FUSSINGB-CJBM1 [administrator]
    Beskyttelse: Slået fra
    27-12-2012 14:33:46
    mbam-log-2012-12-27 (14-33-46).txt
    Skanningstype: Hurtig skanning
    Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
    Skanningsmuligheder som er deaktiverede: P2P
    Objekter skannet: 224502
    Tid gået: 27 minut(ter), 29 sekund(er)
    Hukommelses Processorer Inficeret: 0
    (Ingen skadelige objekter blev fundet)
    Hukommelses Moduler Inficeret: 0
    (Ingen skadelige objekter blev fundet)
    Registreringsdatabasenøgler Inficeret: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Sat I karantæne og slettet succesfuldt.
    Registreringsdatabaseværdier Inficeret: 0
    (Ingen skadelige objekter blev fundet)
    Registreringsdatabasedata Objekter Inficeret: 0
    (Ingen skadelige objekter blev fundet)
    Inficerede Mapper: 2
    C:\Programmer\MyWaySA (PUP.MyWebSearch) -> Sat I karantæne og slettet succesfuldt.
    C:\Programmer\MyWaySA\SrchAsDe (PUP.MyWebSearch) -> Sat I karantæne og slettet succesfuldt.
    Inficerede Filer: 0
    (Ingen skadelige objekter blev fundet)
    (færdig)
    Malwarebytes Anti-Malware (Prøveversion) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.12.27.05
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Carl-Johan B. Madsen :: FUSSINGB-CJBM1 [administrator]
    Beskyttelse: Slået fra
    27-12-2012 15:02:10
    mbam-log-2012-12-27 (15-02-10).txt
    Skanningstype: Hurtig skanning
    Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
    Skanningsmuligheder som er deaktiverede: P2P
    Objekter skannet: 224607
    Tid gået: 3 minut(ter), 38 sekund(er)
    Hukommelses Processorer Inficeret: 0
    (Ingen skadelige objekter blev fundet)
    Hukommelses Moduler Inficeret: 0
    (Ingen skadelige objekter blev fundet)
    Registreringsdatabasenøgler Inficeret: 0
    (Ingen skadelige objekter blev fundet)
    Registreringsdatabaseværdier Inficeret: 0
    (Ingen skadelige objekter blev fundet)
    Registreringsdatabasedata Objekter Inficeret: 0
    (Ingen skadelige objekter blev fundet)
    Inficerede Mapper: 0
    (Ingen skadelige objekter blev fundet)
    Inficerede Filer: 0
    (Ingen skadelige objekter blev fundet)
    (færdig)
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Carl-Johan B. Madsen at 15:22:59 on 2012-12-27
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.3582.2230 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Programmer\Java\jre7\bin\jqs.exe
    C:\Programmer\McAfee\SiteAdvisor\McSACore.exe
    C:\Programmer\BUFFALO\NASNAVI\nassvc.exe
    C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programmer\Nero\Nero BackItUp 4\IoctlSvc.exe
    C:\Programmer\Secunia\PSI\sua.exe
    C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Programmer\Windows Media Player\WMPNetwk.exe
    C:\Programmer\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmctxth.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programmer\Windows Media Player\WMPNSCFG.exe
    C:\Programmer\CCleaner\CCleaner.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Programmer\Internet Explorer\iexplore.exe
    C:\Programmer\Internet Explorer\iexplore.exe
    C:\Programmer\Internet Explorer\iexplore.exe
    C:\Programmer\Messenger\msmsgs.exe
    C:\Programmer\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Programmer\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.dk/
    uSearch Bar = hxxp://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DJ
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\programmer\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
    uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\programmer\mcafee\siteadvisor\McIEPlg.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programmer\java\jre7\bin\ssv.dll
    BHO: Hjælp til tilmelding til Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\programmer\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\programmer\mcafee\siteadvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\programmer\microsoft office\office14\URLREDIR.DLL
    BHO: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\programmer\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programmer\java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\programmer\mcafee\siteadvisor\McIEPlg.dll
    TB: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\programmer\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MSMSGS] "c:\programmer\messenger\msmsgs.exe" /background
    uRun: [WMPNSCFG] c:\programmer\windows media player\WMPNSCFG.exe
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [CTDVDDET] "c:\programmer\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
    mRun: [VolPanel] "c:\programmer\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nmctxth] "c:\programmer\fælles filer\pure networks shared\platform\nmctxth.exe"
    mRun: [Adobe ARM] "c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"
    mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
    mRun: [SunJavaUpdateSched] "c:\programmer\java\jre7\bin\jusched.exe"
    mRun: [MSC] "c:\programmer\microsoft security client\msseces.exe" -hide -runkey
    mRunOnce: [Malwarebytes Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: S&end til OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programmer\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\programmer\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
    Trusted Zone: www.sa.dk
    DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
    DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparostjyl.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
    DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351090639921
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
    DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 193.162.153.164 194.239.134.83
    TCP: Interfaces\{D06812AA-0D08-41EF-BE66-F3821FCDC6FD} : DHCPNameServer = 193.162.153.164 194.239.134.83
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programmer\fælles filer\microsoft shared\office14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\programmer\mcafee\siteadvisor\McIEPlg.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\programmer\fælles filer\pure networks shared\platform\puresp4.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\programmer\mcafee\siteadvisor\McIEPlg.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\programmer\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\programmer\windows defender\MpShHook.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R2 IAANTMon;Intel(R) Matrix Storage Event Monitor;c:\programmer\intel\intel matrix storage manager\IAANTMon.exe [2006-3-18 86140]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmer\mcafee\siteadvisor\McSACore.exe [2008-10-2 95232]
    R2 NasPmService;NAS PM Service;c:\programmer\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\programmer\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
    R2 Secunia Update Agent;Secunia Update Agent;c:\programmer\secunia\psi\sua.exe --start-service --> c:\programmer\secunia\psi\sua.exe --start-service [?]
    R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~2\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~2\cache\my.cnf squeezemysql --> c:\progra~1\squeez~2\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~2\cache\my.cnf SqueezeMySQL [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\ec168bda.sys --> c:\windows\system32\drivers\EC168BDA.sys [?]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S3 Secunia PSI Agent;Secunia PSI Agent;c:\programmer\secunia\psi\psia.exe --start-service --> c:\programmer\secunia\psi\PSIA.exe --start-service [?]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-9-17 14336]
    S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\programmer\samsung\samsung pc share manager\WiselinkPro.exe [2009-1-8 4136960]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 WinDefend;Windows Defender;c:\programmer\windows defender\MsMpEng.exe [2006-11-3 13592]
    .
    =============== File Associations ===============
    .
    ShellExec: MRSIDV~1.EXE: open="c:\progra~2\lizard~1\mrsidv~1\MRSIDV~1.EXE""" %1""
    .
    =============== Created Last 30 ================
    .
    2012-12-27 13:32:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-27 13:32:09 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
    2012-12-27 10:14:12 73728 ----a-r- c:\documents and settings\carl-johan b. madsen\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-12-27 10:14:12 73728 ----a-r- c:\documents and settings\carl-johan b. madsen\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-12-27 10:14:12 73728 ----a-r- c:\documents and settings\carl-johan b. madsen\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
    2012-12-27 10:07:33 -------- d-----w- c:\programmer\Microsoft Security Client
    2012-12-27 09:16:41 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2012-12-27 09:16:41 -------- d-----w- c:\documents and settings\carl-johan b. madsen\lokale indstillinger\application data\MFAData
    2012-12-27 09:16:41 -------- d-----w- c:\documents and settings\carl-johan b. madsen\lokale indstillinger\application data\Avg2013
    2012-12-27 09:16:41 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2012-12-26 20:47:48 -------- d-----w- c:\windows\Microsoft Antimalware
    2012-12-26 20:08:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-12-26 20:08:15 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-12-26 19:11:53 -------- d-----w- c:\programmer\Microsoft Security Client(2)
    2012-12-26 16:25:14 -------- d-----w- c:\programmer\Enigma Software Group
    2012-12-26 16:19:58 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-26 15:14:47 -------- d-----w- c:\documents and settings\carl-johan b. madsen\application data\TestApp
    2012-12-26 09:29:19 -------- d-----w- c:\documents and settings\carl-johan b. madsen\application data\Malwarebytes
    2012-12-26 09:28:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-12-25 21:47:39 -------- d-----w- c:\programmer\Panda Security
    2012-12-12 15:30:51 110592 --sha-r- c:\windows\system32\rpcns4Z.dll
    2012-12-11 15:00:40 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{19a050b3-f5ad-46b5-9440-10464ab1b9e4}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd(2).dll
    2012-11-13 11:55:06 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd(3).dll
    2012-11-02 02:04:03 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:12:31 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:12:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:12:31 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:48 385024 ----a-w- c:\windows\system32\html.iec
    2012-10-02 18:04:31 58368 ----a-w- c:\windows\system32\synceng.dll
    .
    ============= FINISH: 15:24:38,39 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10-04-2006 18:54:08
    System Uptime: 27-12-2012 10:45:16 (5 hours ago)
    .
    Motherboard: Dell Inc. | | 0YC523
    Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 146 GiB total, 38,251 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Bluetooth PAN Network Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: IVT Corporation
    Name: Bluetooth PAN Network Adapter
    PNP Device ID: ROOT\NET\0000
    Service: BT
    .
    ==== System Restore Points ===================
    .
    RP1: 13-12-2012 15:15:35 - Systemkontrolpunkt
    RP2: 17-12-2012 18:19:02 - Systemkontrolpunkt
    RP3: 23-12-2012 11:52:07 - Software Distribution Service 3.0
    RP4: 25-12-2012 21:51:50 - Systemkontrolpunkt
    RP5: 26-12-2012 09:29:06 - Removed Sophos Anti-Virus
    RP6: 26-12-2012 09:36:52 - Removed Sophos AutoUpdate
    RP7: 26-12-2012 09:50:50 - Software Distribution Service 3.0
    RP8: 26-12-2012 12:12:36 - Removed Java(TM) 6 Update 3
    RP9: 26-12-2012 12:13:12 - Removed Java(TM) 6 Update 33
    RP10: 26-12-2012 17:25:13 - Installerede SpyHunter
    RP11: 26-12-2012 20:01:55 - Fjernede SpyHunter
    RP12: 26-12-2012 20:58:40 - Gendan handling
    RP13: 26-12-2012 21:19:10 - Software Distribution Service 3.0
    RP14: 27-12-2012 10:42:09 - Removed Sophos Anti-Virus
    RP15: 27-12-2012 11:02:20 - Removed Java(TM) 6 Update 3
    RP16: 27-12-2012 11:03:17 - Removed Sophos AutoUpdate
    RP17: 27-12-2012 11:13:58 - Installed Sophos Virus Removal Tool.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4) - Dansk
    Adobe Shockwave Player 11.6
    Advertising Center
    Age of Empires III
    AO Værktøj
    ArcSoft Panorama Maker 3
    Arkibas
    Audacity 1.3.0
    Bluesoleil2.6.0.8 Release 070517
    Brother's Keeper 6.6
    BUFFALO LinkStation(LS-WTGL/R1) Setup Guide
    BUFFALO NAS Navigator
    Caesar 3
    Caesar IV
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MP Navigator EX 1.0
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 2.2
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CanoScan 8800F
    CCleaner
    Cisco Network Magic
    CivCity
    Color LaserJet 2600n
    DAGE version 2.0
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Defraggler
    Dell CinePlayer
    Dell Driver Reset Tool
    Dell Media Experience
    Dell System Restore
    DMX Update
    ER Mapper ECW JPEG 2000 Plug-in for Internet Explorer [3.6.0.55]
    FastStone Image Viewer 2.8
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GPL MPEG-1/2 DirectShow Decoder Filter
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix til Windows Internet Explorer 7 (KB947864)
    Hotfix til Windows XP (KB2570791)
    Hotfix til Windows XP (KB2633952)
    Hotfix til Windows XP (KB2756822)
    Hotfix til Windows XP (KB2779562)
    HP Billed-cd
    HP Photo and Imaging 2.3 - Scanjet 4600 Series
    Intel Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    IrfanView (remove only)
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 33
    Lizardtech DjVu Control
    Lizardtech DjVu Control (autoinstall)
    Malwarebytes Anti-Malware version 1.65.1.1000
    McAfee SiteAdvisor
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Danish Language Pack
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN
    Microsoft .NET Framework 3.5 Language Pack SP1 - dan
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile DAN Language Pack
    Microsoft .NET Framework 4 Client Profile DAN sprogpakke
    Microsoft Age of Empires Gold
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Crypto-udbyder
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (Danish) 2010
    Microsoft Office Excel MUI (Danish) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (Danish) 2010
    Microsoft Office Outlook MUI (Danish) 2010
    Microsoft Office PowerPoint MUI (Danish) 2010
    Microsoft Office Proof (Danish) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Swedish) 2010
    Microsoft Office Proofing (Danish) 2010
    Microsoft Office Publisher MUI (Danish) 2010
    Microsoft Office Shared MUI (Danish) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (Danish) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (Danish) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Morbus Gravis
    MrSID Browser Plug-in 1.3
    MrSID Viewer
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB925673)
    My Way Search Assistant
    MySQL Connector/ODBC 3.51
    Nero BackItUp
    Nero BackItUp 4 Essentials
    Nero ControlCenter
    Nero Installer
    Network Magic
    NVIDIA Drivers
    Opdatering til Microsoft Windows (KB971513)
    Opdatering til Windows Internet Explorer 8 (KB2447568)
    Opdatering til Windows Internet Explorer 8 (KB972636)
    Opdatering til Windows Internet Explorer 8 (KB976662)
    Opdatering til Windows Internet Explorer 8 (KB976749)
    Opdatering til Windows Internet Explorer 8 (KB980182)
    Opdatering til Windows XP (KB2541763)
    Opdatering til Windows XP (KB2607712)
    Opdatering til Windows XP (KB2616676)
    Opdatering til Windows XP (KB2641690)
    Opdatering til Windows XP (KB2661254-v2)
    Opdatering til Windows XP (KB2718704)
    Opdatering til Windows XP (KB2736233)
    Opdatering til Windows XP (KB2749655)
    Overførselsværktøj til Windows Live
    PC Connectivity Solution
    PDFCreator
    pdfforge Toolbar v4.6
    PhotoPad Image Editor
    PhotoStage Slideshow Producer
    Picasa 3
    Praetorians
    Print Server
    Pure Networks Platform
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    SAMSUNG PC Share Manager
    Secunia PSI (2.0.0.3003)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Security Update for Windows Search 4 - KB963093
    Segoe UI
    ShareIns
    Sierra Utilities
    Sikkerhedsopdatering til Microsoft Windows (KB2564958)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB928090)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB929969)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB931768)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB933566)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB937143)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB939653)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB969897)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB972260)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2183461)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2360131)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2416400)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2482017)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2497640)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2510531)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2530548)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2544521)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2559049)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2586448)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2618444)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2647516)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2675157)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2699988)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2722913)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2744842)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2761465)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB972260)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB974455)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB976325)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB981332)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB982381)
    Sikkerhedsopdatering til Windows Media Player (KB911564)
    Sikkerhedsopdatering til Windows Media Player 10 (KB911565)
    Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
    Sikkerhedsopdatering til Windows XP (KB2412687)
    Sikkerhedsopdatering til Windows XP (KB2476490)
    Sikkerhedsopdatering til Windows XP (KB2485663)
    Sikkerhedsopdatering til Windows XP (KB2491683)
    Sikkerhedsopdatering til Windows XP (KB2503658)
    Sikkerhedsopdatering til Windows XP (KB2503665)
    Sikkerhedsopdatering til Windows XP (KB2506212)
    Sikkerhedsopdatering til Windows XP (KB2506223)
    Sikkerhedsopdatering til Windows XP (KB2507618)
    Sikkerhedsopdatering til Windows XP (KB2507938)
    Sikkerhedsopdatering til Windows XP (KB2508272)
    Sikkerhedsopdatering til Windows XP (KB2508429)
    Sikkerhedsopdatering til Windows XP (KB2509553)
    Sikkerhedsopdatering til Windows XP (KB2511455)
    Sikkerhedsopdatering til Windows XP (KB2535512)
    Sikkerhedsopdatering til Windows XP (KB2536276-v2)
    Sikkerhedsopdatering til Windows XP (KB2536276)
    Sikkerhedsopdatering til Windows XP (KB2544893-v2)
    Sikkerhedsopdatering til Windows XP (KB2544893)
    Sikkerhedsopdatering til Windows XP (KB2555917)
    Sikkerhedsopdatering til Windows XP (KB2562937)
    Sikkerhedsopdatering til Windows XP (KB2566454)
    Sikkerhedsopdatering til Windows XP (KB2567053)
    Sikkerhedsopdatering til Windows XP (KB2567680)
    Sikkerhedsopdatering til Windows XP (KB2570222)
    Sikkerhedsopdatering til Windows XP (KB2570947)
    Sikkerhedsopdatering til Windows XP (KB2584146)
    Sikkerhedsopdatering til Windows XP (KB2585542)
    Sikkerhedsopdatering til Windows XP (KB2592799)
    Sikkerhedsopdatering til Windows XP (KB2598479)
    Sikkerhedsopdatering til Windows XP (KB2603381)
    Sikkerhedsopdatering til Windows XP (KB2618451)
    Sikkerhedsopdatering til Windows XP (KB2619339)
    Sikkerhedsopdatering til Windows XP (KB2620712)
    Sikkerhedsopdatering til Windows XP (KB2621440)
    Sikkerhedsopdatering til Windows XP (KB2624667)
    Sikkerhedsopdatering til Windows XP (KB2631813)
    Sikkerhedsopdatering til Windows XP (KB2633171)
    Sikkerhedsopdatering til Windows XP (KB2639417)
    Sikkerhedsopdatering til Windows XP (KB2641653)
    Sikkerhedsopdatering til Windows XP (KB2646524)
    Sikkerhedsopdatering til Windows XP (KB2647518)
    Sikkerhedsopdatering til Windows XP (KB2653956)
    Sikkerhedsopdatering til Windows XP (KB2655992)
    Sikkerhedsopdatering til Windows XP (KB2659262)
    Sikkerhedsopdatering til Windows XP (KB2660465)
    Sikkerhedsopdatering til Windows XP (KB2676562)
    Sikkerhedsopdatering til Windows XP (KB2685939)
    Sikkerhedsopdatering til Windows XP (KB2686509)
    Sikkerhedsopdatering til Windows XP (KB2691442)
    Sikkerhedsopdatering til Windows XP (KB2695962)
    Sikkerhedsopdatering til Windows XP (KB2698365)
    Sikkerhedsopdatering til Windows XP (KB2705219)
    Sikkerhedsopdatering til Windows XP (KB2707511)
    Sikkerhedsopdatering til Windows XP (KB2709162)
    Sikkerhedsopdatering til Windows XP (KB2712808)
    Sikkerhedsopdatering til Windows XP (KB2718523)
    Sikkerhedsopdatering til Windows XP (KB2719985)
    Sikkerhedsopdatering til Windows XP (KB2723135)
    Sikkerhedsopdatering til Windows XP (KB2724197)
    Sikkerhedsopdatering til Windows XP (KB2727528)
    Sikkerhedsopdatering til Windows XP (KB2731847)
    Sikkerhedsopdatering til Windows XP (KB2753842-v2)
    Sikkerhedsopdatering til Windows XP (KB2753842)
    Sikkerhedsopdatering til Windows XP (KB2758857)
    Sikkerhedsopdatering til Windows XP (KB2761226)
    Sikkerhedsopdatering til Windows XP (KB2770660)
    Sikkerhedsopdatering til Windows XP (KB2779030)
    Sikkerhedsopdatering til Windows XP (KB923689)
    Sonic Activation Module
    Sonic Update Manager
    Sonos Controller
    Sophos Virus Removal Tool
    Sound Blaster X-Fi
    Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
    Squeezebox Server 7.5.4
    swMSM
    TDC Digital Signatur CSP
    Tilmeldingsassistent til Windows Live
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    WebFldrs XP
    Windows Defender
    Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Essentials
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Language Pack 1.0
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== End Of File ===========================
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  3. Carolus

    Carolus Newcomer, in training Topic Starter

    Hello Dragon Master Jay

    Thank you very very much for you help. :D I have spend nearlig 2 days of my precius xmas hollidays trying solving this problem.

    After running Combo-Fix, my computer is running correctly again and both Windows Defender and Microsoft Security Essential is up and running again.


    Carolus

    If it has any interrest, here is the results from Combo-Fix.

    ComboFix 12-12-27.03 - Carl-Johan B. Madsen 27-12-2012 21:08:56.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.3582.2998 [GMT 1:00]
    Kører fra: c:\documents and settings\Carl-Johan B. Madsen\Dokumenter\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Carl-Johan B. Madsen\WINDOWS
    C:\t.txt
    c:\windows\~GLC0000.TMP
    c:\windows\~GLH0000.TMP
    c:\windows\system32\Oleaut32.1
    c:\windows\system32\SET99.tmp
    c:\windows\system32\setb0.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((((((( Filer skabt fra 2012-11-27 til 2012-12-27 )))))))))))))))))))))))))))))))))))
    .
    .
    2012-12-27 13:32 . 2012-12-27 13:32 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
    2012-12-27 13:32 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-27 10:14 . 2012-12-27 10:14 73728 ----a-r- c:\documents and settings\Carl-Johan B. Madsen\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-12-27 10:14 . 2012-12-27 10:14 73728 ----a-r- c:\documents and settings\Carl-Johan B. Madsen\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-12-27 10:14 . 2012-12-27 10:14 73728 ----a-r- c:\documents and settings\Carl-Johan B. Madsen\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
    2012-12-27 10:07 . 2012-12-27 10:07 -------- d-----w- c:\programmer\Microsoft Security Client
    2012-12-27 09:16 . 2012-12-27 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2012-12-27 09:16 . 2012-12-27 09:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2012-12-27 09:16 . 2012-12-27 09:16 -------- d-----w- c:\documents and settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\MFAData
    2012-12-27 09:16 . 2012-12-27 09:16 -------- d-----w- c:\documents and settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Avg2013
    2012-12-26 20:47 . 2012-12-26 20:47 -------- d-----w- c:\windows\Microsoft Antimalware
    2012-12-26 20:08 . 2012-12-26 20:08 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-12-26 16:25 . 2012-12-26 16:25 -------- d-----w- c:\programmer\Enigma Software Group
    2012-12-26 16:19 . 2012-12-26 16:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-26 15:14 . 2012-12-26 15:14 -------- d-----w- c:\documents and settings\Carl-Johan B. Madsen\Application Data\TestApp
    2012-12-26 09:29 . 2012-12-26 09:29 -------- d-----w- c:\documents and settings\Carl-Johan B. Madsen\Application Data\Malwarebytes
    2012-12-26 09:28 . 2012-12-26 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-12-25 21:47 . 2012-12-25 21:47 -------- d-----w- c:\programmer\Panda Security
    2012-12-12 15:30 . 2012-12-12 15:30 110592 --sha-r- c:\windows\system32\rpcns4Z.dll
    2012-12-11 15:00 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{19A050B3-F5AD-46B5-9440-10464AB1B9E4}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-16 12:23 . 2004-09-17 15:17 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 12:23 . 2004-09-17 15:17 290560 ----a-w- c:\windows\system32\atmfd(2).dll
    2012-11-13 11:55 . 2004-09-17 15:18 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-08 18:00 . 2007-04-08 15:48 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-11-06 00:41 . 2004-09-17 15:17 290560 ----a-w- c:\windows\system32\atmfd(3).dll
    2012-11-02 02:04 . 2004-09-17 15:17 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:12 . 2004-09-17 15:18 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:12 . 2004-09-17 15:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:12 . 2004-09-17 15:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35 . 2004-09-17 15:18 385024 ----a-w- c:\windows\system32\html.iec
    2012-10-02 18:04 . 2004-09-17 15:18 58368 ----a-w- c:\windows\system32\synceng.dll
    .
    .
    ((((((((((((((((((((((((((((((((((( Start steder I reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Bemærk* tomme linier & lovlige standard linier vises ikke
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
    "WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
    "CTDVDDET"="c:\programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
    "VolPanel"="c:\programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
    "nmctxth"="c:\programmer\Fælles filer\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "MSC"="c:\programmer\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Squeezebox Server-ikon I systembakken.lnk]
    path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Squeezebox Server-ikon I systembakken.lnk
    backup=c:\windows\pss\Squeezebox Server-ikon I systembakken.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Carl-Johan B. Madsen^Menuen Start^Programmer^Start^BUFFALO NAS Navigator.lnk]
    path=c:\documents and settings\Carl-Johan B. Madsen\Menuen Start\Programmer\Start\BUFFALO NAS Navigator.lnk
    backup=c:\windows\pss\BUFFALO NAS Navigator.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Carl-Johan B. Madsen^Menuen Start^Programmer^Start^NAS Scheduler.lnk]
    path=c:\documents and settings\Carl-Johan B. Madsen\Menuen Start\Programmer\Start\NAS Scheduler.lnk
    backup=c:\windows\pss\NAS Scheduler.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-07-27 20:51 35768 ----a-w- c:\programmer\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDrvEmulator]
    2005-11-04 18:07 49152 ------w- c:\programmer\Creative\Shared Files\Module Loader\DLLML.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    2008-04-14 16:06 110592 ----a-w- c:\windows\system32\bthprops.cpl
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2005-11-01 03:12 94208 ----a-w- c:\programmer\Dell\Media Experience\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2005-06-17 07:56 139264 ----a-w- c:\programmer\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 16:50 221184 ----a-w- c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 16:50 81920 ----a-w- c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 16:05 1695232 ----a-w- c:\programmer\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2008-09-24 11:57 2254120 ----a-w- c:\programmer\Nero\Nero BackItUp 4\NBKeyScan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
    2009-07-08 00:53 472112 ----a-w- c:\programmer\Pure Networks\Network Magic\nmapp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2007-09-17 06:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    2002-04-17 09:42 69632 ----a-w- c:\programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-11-15 08:30 204288 ------w- c:\programmer\Windows Media Player\wmpnscfg.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Programmer\\Sierra On-Line\\SIGSPat.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Programmer\\Microsoft Games\\Age of Empires III\\age3.exe"=
    "c:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\Hpqdirec.exe"=
    "c:\\Programmer\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
    "c:\\Programmer\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
    "c:\\Programmer\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
    "c:\\Programmer\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
    "c:\\Programmer\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
    "c:\\Programmer\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe"= c:\programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:pure Networks Platform Service
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9000:TCP"= 9000:TCP:Squeezebox Server 9000 tcp (UI)
    "9090:TCP"= 9090:TCP:Squeezebox Server 9090 tcp (UI)
    "3483:UDP"= 3483:UDP:Squeezebox Server 3483 udp
    "3483:TCP"= 3483:TCP:Squeezebox Server 3483 tcp
    "67:UDP"= 67:UDP:DHCP Discovery Service
    "9001:TCP"= 9001:TCP:Squeezebox Server 9001 tcp (UI)
    "9002:TCP"= 9002:TCP:Squeezebox Server 9002 tcp (UI)
    "9003:TCP"= 9003:TCP:Squeezebox Server 9003 tcp (UI)
    "9004:TCP"= 9004:TCP:Squeezebox Server 9004 tcp (UI)
    "9005:TCP"= 9005:TCP:Squeezebox Server 9005 tcp (UI)
    "9006:TCP"= 9006:TCP:Squeezebox Server 9006 tcp (UI)
    "9007:TCP"= 9007:TCP:Squeezebox Server 9007 tcp (UI)
    "9008:TCP"= 9008:TCP:Squeezebox Server 9008 tcp (UI)
    "9009:TCP"= 9009:TCP:Squeezebox Server 9009 tcp (UI)
    "9010:TCP"= 9010:TCP:Squeezebox Server 9010 tcp (UI)
    "9100:TCP"= 9100:TCP:Squeezebox Server 9100 tcp (UI)
    "8000:TCP"= 8000:TCP:Squeezebox Server 8000 tcp (UI)
    "10000:TCP"= 10000:TCP:Squeezebox Server 10000 tcp (UI)
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Fjernadministration
    .
    R2 MBAMScheduler;MBAMScheduler;c:\programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe [27-12-2012 14:32 399432]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmer\McAfee\SiteAdvisor\McSACore.exe [02-10-2008 19:30 95232]
    R2 NasPmService;NAS PM Service;c:\programmer\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\programmer\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
    R2 Secunia Update Agent;Secunia Update Agent;c:\programmer\Secunia\PSI\sua.exe --start-service --> c:\programmer\Secunia\PSI\sua.exe --start-service [?]
    S2 MBAMService;MBAMService;c:\programmer\Malwarebytes' Anti-Malware\mbamservice.exe [27-12-2012 14:32 676936]
    S2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~2\Cache\my.cnf SqueezeMySQL --> c:\progra~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~2\Cache\my.cnf SqueezeMySQL [?]
    S3 EC168BDA;EC168BDA service;c:\windows\system32\DRIVERS\EC168BDA.sys --> c:\windows\system32\DRIVERS\EC168BDA.sys [?]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27-12-2012 14:32 22856]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01-09-2010 09:30 15544]
    S3 Secunia PSI Agent;Secunia PSI Agent;c:\programmer\Secunia\PSI\PSIA.exe --start-service --> c:\programmer\Secunia\PSI\PSIA.exe --start-service [?]
    S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\programmer\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [08-01-2009 08:38 4136960]
    S4 WinDefend;Windows Defender;c:\programmer\Windows Defender\MsMpEng.exe [03-11-2006 17:19 13592]
    .
    --- Andre Services/Drivers I Hukommelsen ---
    .
    *NewlyCreated* - IPFILTERDRIVER
    *NewlyCreated* - MBAMPROTECTOR
    *NewlyCreated* - MBAMSCHEDULER
    *NewlyCreated* - MBAMSERVICE
    *NewlyCreated* - WS2IFSL
    .
    Indhold af mappen 'Planlagte Opgaver'
    .
    2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\programmer\Google\Update\GoogleUpdate.exe [2011-03-01 18:18]
    .
    2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\programmer\Google\Update\GoogleUpdate.exe [2011-03-01 18:18]
    .
    2012-12-27 c:\windows\Tasks\ircbzr.job
    - c:\windows\system32\rpcns4Z.dll [2012-12-12 15:30]
    .
    2012-03-15 c:\windows\Tasks\photopadShakeIcon.job
    - c:\programmer\NCH Software\PhotoPad\photopad.exe [2011-07-27 16:16]
    .
    2011-07-27 c:\windows\Tasks\photostageShakeIcon.job
    - c:\programmer\NCH Software\PhotoStage\photostage.exe [2011-07-27 16:15]
    .
    .
    ------- Yderligere scanning -------
    .
    uStart Page = hxxp://www.google.dk/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: S&end til OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: www.sa.dk
    TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
    DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe
    DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
    .
    - - - - TOMME GENVEJE FJERNET - - - -
    .
    HKLM-Run-SunJavaUpdateSched - c:\programmer\Java\jre7\bin\jusched.exe
    MSConfigStartUp-LELA - c:\programmer\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
    MSConfigStartUp-PCSuiteTrayApplication - c:\programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-27 21:27
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanner skjulte processer ...
    .
    scanner skjulte autostarter ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?
    CTxfiHlp = CTXFIHLP.EXE?
    .
    scanner skjulte filer ...
    .
    scanning gennemført med succes
    skjulte filer: 0
    .
    **************************************************************************
    .
    --------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
    .
    [HKEY_USERS\S-1-5-21-517972044-2121963301-3140073391-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:5b,fb,95,14,fd,f6,67,62,50,3b,70,d4,c0,ff,a2,8d,13,2e,4e,a7,48,2b,46,
    42,e7,3e,c5,de,03,93,3a,e9,4b,3a,13,30,5c,3d,f9,3b,b0,d7,df,97,71,87,02,27,\
    "??"=hex:26,f5,42,1e,6f,3c,45,c9,90,b6,87,3a,dc,35,1d,7f
    .
    Gennemført tid: 2012-12-27 21:33:27
    ComboFix-quarantined-files.txt 2012-12-27 20:33
    .
    Pre-Kørsel: 41.027.125.248 byte ledig
    Post-Kørsel: 42.070.646.784 byte ledig
    .
    - - End Of File - - 07956BC42D719A08D09B3D7F372C5AD4
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's do the following, please:

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  5. Carolus

    Carolus Newcomer, in training Topic Starter

    I have run TDSSKILLER With the following result: part1

    12:08:26.0453 2292 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    12:08:26.0671 2292 ============================================================
    12:08:26.0671 2292 Current date / time: 2012/12/29 12:08:26.0671
    12:08:26.0671 2292 SystemInfo:
    12:08:26.0671 2292
    12:08:26.0671 2292 OS Version: 5.1.2600 ServicePack: 3.0
    12:08:26.0671 2292 Product type: Workstation
    12:08:26.0671 2292 ComputerName: FUSSINGB-CJBM1
    12:08:26.0671 2292 UserName: Carl-Johan B. Madsen
    12:08:26.0671 2292 Windows directory: C:\WINDOWS
    12:08:26.0671 2292 System windows directory: C:\WINDOWS
    12:08:26.0671 2292 Processor architecture: Intel x86
    12:08:26.0671 2292 Number of processors: 2
    12:08:26.0671 2292 Page size: 0x1000
    12:08:26.0671 2292 Boot type: Normal boot
    12:08:26.0671 2292 ============================================================
    12:08:28.0296 2292 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    12:08:28.0375 2292 ============================================================
    12:08:28.0375 2292 \Device\Harddisk0\DR0:
    12:08:28.0375 2292 MBR partitions:
    12:08:28.0375 2292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x123EC0EE
    12:08:28.0375 2292 ============================================================
    12:08:28.0421 2292 C: <-> \Device\Harddisk0\DR0\Partition1
    12:08:28.0421 2292 ============================================================
    12:08:28.0421 2292 Initialize success
    12:08:28.0421 2292 ============================================================
    12:09:10.0750 5552 ============================================================
    12:09:10.0750 5552 Scan started
    12:09:10.0750 5552 Mode: Manual; SigCheck; TDLFS;
    12:09:10.0750 5552 ============================================================
    12:09:11.0203 5552 ================ Scan system memory ========================
    12:09:11.0203 5552 System memory - ok
    12:09:11.0203 5552 ================ Scan services =============================
    12:09:11.0296 5552 Abiosdsk - ok
    12:09:11.0312 5552 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    12:09:11.0625 5552 abp480n5 - ok
    12:09:11.0687 5552 [ 991B6D6FE2A4D70CAF76C41334E60926 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    12:09:11.0828 5552 ACPI - ok
    12:09:11.0843 5552 [ 6F99FE216DE8C4875DBB12937620DA0C ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    12:09:11.0968 5552 ACPIEC - ok
    12:09:12.0078 5552 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    12:09:12.0093 5552 AdobeFlashPlayerUpdateSvc - ok
    12:09:12.0125 5552 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    12:09:12.0234 5552 adpu160m - ok
    12:09:12.0250 5552 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    12:09:12.0375 5552 aec - ok
    12:09:12.0453 5552 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    12:09:12.0484 5552 AFD - ok
    12:09:12.0531 5552 [ B34B1AB0A7690A0E2301FEC6D17B2FC1 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
    12:09:12.0546 5552 AFS2K ( UnsignedFile.Multi.Generic ) - warning
    12:09:12.0546 5552 AFS2K - detected UnsignedFile.Multi.Generic (1)
    12:09:12.0609 5552 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    12:09:12.0734 5552 agp440 - ok
    12:09:12.0765 5552 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    12:09:12.0906 5552 agpCPQ - ok
    12:09:12.0921 5552 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    12:09:12.0984 5552 Aha154x - ok
    12:09:13.0000 5552 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    12:09:13.0109 5552 aic78u2 - ok
    12:09:13.0125 5552 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    12:09:13.0234 5552 aic78xx - ok
    12:09:13.0265 5552 [ 6642DB68B97ECB8088FBA2D2539FDB7E ] Alerter C:\WINDOWS\system32\alrsvc.dll
    12:09:13.0390 5552 Alerter - ok
    12:09:13.0406 5552 [ AB74A1B7500ACA7D43D84804CBDF11FB ] ALG C:\WINDOWS\System32\alg.exe
    12:09:13.0468 5552 ALG - ok
    12:09:13.0484 5552 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    12:09:13.0609 5552 AliIde - ok
    12:09:13.0640 5552 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    12:09:13.0796 5552 alim1541 - ok
    12:09:13.0828 5552 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    12:09:13.0984 5552 amdagp - ok
    12:09:14.0015 5552 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    12:09:14.0078 5552 amsint - ok
    12:09:14.0078 5552 AppMgmt - ok
    12:09:14.0125 5552 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    12:09:14.0234 5552 asc - ok
    12:09:14.0250 5552 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    12:09:14.0328 5552 asc3350p - ok
    12:09:14.0375 5552 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    12:09:14.0500 5552 asc3550 - ok
    12:09:14.0609 5552 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    12:09:14.0625 5552 aspnet_state - ok
    12:09:14.0640 5552 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    12:09:14.0796 5552 AsyncMac - ok
    12:09:14.0812 5552 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    12:09:14.0921 5552 atapi - ok
    12:09:14.0921 5552 Atdisk - ok
    12:09:14.0953 5552 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    12:09:15.0093 5552 Atmarpc - ok
    12:09:15.0156 5552 [ F6C00138B3F637DDE807005B16E61DCC ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    12:09:15.0281 5552 AudioSrv - ok
    12:09:15.0296 5552 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    12:09:15.0406 5552 audstub - ok
    12:09:15.0437 5552 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    12:09:15.0546 5552 Beep - ok
    12:09:15.0578 5552 [ 51C84408E87A52187E25D839C58BDC45 ] BITS C:\WINDOWS\system32\qmgr.dll
    12:09:15.0718 5552 BITS - ok
    12:09:15.0734 5552 [ 852A1BD08E7DFEB9E30B5440881C0501 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
    12:09:15.0796 5552 BlueletAudio - ok
    12:09:15.0796 5552 [ 8FC27B12A02B43947787F0EF1885DF9B ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
    12:09:15.0812 5552 BlueletSCOAudio - ok
    12:09:15.0859 5552 [ E93DC965521ACE0132093FB203C5C9EE ] Browser C:\WINDOWS\System32\browser.dll
    12:09:15.0890 5552 Browser - ok
    12:09:15.0921 5552 [ C5CCE2B26F73F8CF7F3C82159E79AA08 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
    12:09:15.0937 5552 BT - ok
    12:09:15.0968 5552 [ DA473D279420234170DA795F1CAD4479 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
    12:09:15.0984 5552 Btcsrusb - ok
    12:09:16.0031 5552 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    12:09:16.0140 5552 BthEnum - ok
    12:09:16.0140 5552 [ CE643D0918123D76A5CAAB008FCA9663 ] BTHidEnum C:\WINDOWS\system32\Drivers\vbtenum.sys
    12:09:16.0156 5552 BTHidEnum - ok
    12:09:16.0171 5552 [ DFCA4FE4C8AEC786B4D0F432EB730F48 ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
    12:09:16.0187 5552 BTHidMgr - ok
    12:09:16.0203 5552 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    12:09:16.0343 5552 BTHMODEM - ok
    12:09:16.0390 5552 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
    12:09:16.0500 5552 BthPan - ok
    12:09:16.0546 5552 [ ED6A84EFD4EDD74FB73F8B39473D8A39 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
    12:09:16.0593 5552 BTHPORT - ok
    12:09:16.0640 5552 [ A424CC7B4F08346655422B1EA2736718 ] BthServ C:\WINDOWS\System32\bthserv.dll
    12:09:16.0781 5552 BthServ - ok
    12:09:16.0796 5552 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
    12:09:16.0937 5552 BTHUSB - ok
    12:09:17.0109 5552 [ 4F26303BECBB7CC5CA8FF39593124CF2 ] BTNetFilter C:\Programmer\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
    12:09:17.0125 5552 BTNetFilter - ok
    12:09:17.0234 5552 catchme - ok
    12:09:17.0265 5552 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    12:09:17.0375 5552 cbidf - ok
    12:09:17.0390 5552 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    12:09:17.0500 5552 cbidf2k - ok
    12:09:17.0625 5552 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Programmer\Canon\CAL\CALMAIN.exe
    12:09:17.0640 5552 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
    12:09:17.0640 5552 CCALib8 - detected UnsignedFile.Multi.Generic (1)
    12:09:17.0687 5552 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    12:09:17.0812 5552 CCDECODE - ok
    12:09:17.0875 5552 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    12:09:17.0953 5552 cd20xrnt - ok
    12:09:17.0968 5552 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    12:09:18.0078 5552 Cdaudio - ok
    12:09:18.0093 5552 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    12:09:18.0203 5552 Cdfs - ok
    12:09:18.0265 5552 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    12:09:18.0390 5552 Cdrom - ok
    12:09:18.0406 5552 Changer - ok
    12:09:18.0453 5552 [ 1838615C98AFA3A0AC1F4B15A113A82F ] CiSvc C:\WINDOWS\system32\cisvc.exe
    12:09:18.0562 5552 CiSvc - ok
    12:09:18.0578 5552 [ 5CEA9FBC68FBD66A91E7EF09900AB566 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    12:09:18.0703 5552 ClipSrv - ok
    12:09:18.0734 5552 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:09:18.0750 5552 clr_optimization_v2.0.50727_32 - ok
    12:09:18.0843 5552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:09:18.0859 5552 clr_optimization_v4.0.30319_32 - ok
    12:09:18.0906 5552 [ 5F473210A23E33AFAFEF3CF42B064D88 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    12:09:19.0015 5552 CmdIde - ok
    12:09:19.0015 5552 COMSysApp - ok
    12:09:19.0046 5552 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    12:09:19.0171 5552 Cpqarray - ok
    12:09:19.0187 5552 [ 325D42794A21D1717B98F354ACF499E2 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    12:09:19.0312 5552 CryptSvc - ok
    12:09:19.0359 5552 [ 8A9C65CE4FE6E8CB24CE06BA28D951A0 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
    12:09:19.0390 5552 ctac32k - ok
    12:09:19.0437 5552 [ 47236971DFB3E03690B98E41665D0924 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
    12:09:19.0468 5552 ctaud2k - ok
    12:09:19.0531 5552 [ 5A0EEB00B02FC78605AA9D3590B24978 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
    12:09:19.0546 5552 ctdvda2k - ok
    12:09:19.0578 5552 [ 2381CF056C15271F6B8DAB50FF82CF3A ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
    12:09:19.0593 5552 ctprxy2k - ok
    12:09:19.0640 5552 [ DA1C530DE86C85A701138B30FB145AF3 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
    12:09:19.0656 5552 ctsfm2k - ok
    12:09:19.0687 5552 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    12:09:19.0812 5552 dac2w2k - ok
    12:09:19.0812 5552 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    12:09:19.0968 5552 dac960nt - ok
    12:09:20.0031 5552 [ 059187B38452A01BB3B397691DDF3552 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    12:09:20.0062 5552 DcomLaunch - ok
    12:09:20.0125 5552 [ A6E52FA9ADA7F92DEF4206C0F64F6784 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    12:09:20.0250 5552 Dhcp - ok
    12:09:20.0265 5552 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    12:09:20.0390 5552 Disk - ok
    12:09:20.0421 5552 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    12:09:20.0421 5552 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
    12:09:20.0421 5552 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
    12:09:20.0437 5552 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    12:09:20.0453 5552 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
    12:09:20.0453 5552 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
    12:09:20.0453 5552 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
    12:09:20.0468 5552 DLADResN ( UnsignedFile.Multi.Generic ) - warning
    12:09:20.0468 5552 DLADResN - detected UnsignedFile.Multi.Generic (1)
    12:09:20.0468 5552 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    12:09:20.0468 5552 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
    12:09:20.0468 5552 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
    12:09:20.0484 5552 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    12:09:20.0484 5552 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
    12:09:20.0484 5552 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
    12:09:20.0500 5552 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    12:09:20.0500 5552 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
    12:09:20.0500 5552 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
    12:09:20.0515 5552 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    12:09:20.0515 5552 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
    12:09:20.0515 5552 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
    12:09:20.0531 5552 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    12:09:20.0531 5552 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
    12:09:20.0531 5552 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
    12:09:20.0546 5552 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    12:09:20.0546 5552 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
    12:09:20.0546 5552 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
    12:09:20.0546 5552 dmadmin - ok
    12:09:20.0609 5552 [ 8A3088F97B2CAA3340BBB068F314E596 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    12:09:20.0734 5552 dmboot - ok
    12:09:20.0781 5552 [ 6D152A2781FFBD6A63A1E58801240E8E ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    12:09:20.0921 5552 dmio - ok
    12:09:20.0968 5552 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    12:09:21.0109 5552 dmload - ok
    12:09:21.0171 5552 [ 6428446DF3FE5C3B439973FB4C43D38E ] dmserver C:\WINDOWS\System32\dmserver.dll
    12:09:21.0296 5552 dmserver - ok
    12:09:21.0375 5552 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    12:09:21.0500 5552 DMusic - ok
    12:09:21.0546 5552 [ 42970873BC779A19C2BAAD3FC0D5833A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    12:09:21.0578 5552 Dnscache - ok
    12:09:21.0625 5552 [ 0B8193A12175EAE5BC34063A63C49CFF ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    12:09:21.0750 5552 Dot3svc - ok
    12:09:21.0765 5552 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    12:09:21.0921 5552 dpti2o - ok
    12:09:21.0921 5552 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    12:09:22.0046 5552 drmkaud - ok
    12:09:22.0046 5552 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    12:09:22.0046 5552 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
    12:09:22.0046 5552 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
    12:09:22.0062 5552 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    12:09:22.0062 5552 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
    12:09:22.0062 5552 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
    12:09:22.0093 5552 [ 391242693D1D56FFAD5782DD3A5DE29F ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
    12:09:22.0218 5552 E100B - ok
    12:09:22.0265 5552 [ 0849EACDC01487573ADD86F5E470806C ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    12:09:22.0296 5552 e1express - ok
    12:09:22.0328 5552 [ 95885EC4562461D3AD78AA6AC714D32F ] EapHost C:\WINDOWS\System32\eapsvc.dll
    12:09:22.0437 5552 EapHost - ok
    12:09:22.0453 5552 EC168BDA - ok
    12:09:22.0468 5552 [ 661CF27263F3E0B553BE050A42D357DB ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
    12:09:22.0500 5552 emupia - ok
    12:09:22.0562 5552 [ 396038F82CB672D83E792092319024AA ] ERSvc C:\WINDOWS\System32\ersvc.dll
    12:09:22.0671 5552 ERSvc - ok
    12:09:22.0734 5552 [ 32F091E3425759B126760F44B5E931C9 ] Eventlog C:\WINDOWS\system32\services.exe
    12:09:22.0765 5552 Eventlog - ok
    12:09:22.0828 5552 [ 72B9667D6F9FF2A85FCC43FDD7C8ED9F ] EventSystem C:\WINDOWS\system32\es.dll
    12:09:22.0859 5552 EventSystem - ok
    12:09:22.0906 5552 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    12:09:23.0015 5552 Fastfat - ok
    12:09:23.0046 5552 [ A17D630FABFE7B796CBDBEE79F9E6612 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    12:09:23.0078 5552 FastUserSwitchingCompatibility - ok
    12:09:23.0140 5552 [ B49EBD8514D56838D8D2601E2AB7FFD6 ] Fax C:\WINDOWS\system32\fxssvc.exe
    12:09:23.0265 5552 Fax - ok
    12:09:23.0296 5552 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    12:09:23.0406 5552 Fdc - ok
    12:09:23.0437 5552 [ BB52A20854CF3E8E0474EE7167C7A3A5 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    12:09:23.0562 5552 Fips - ok
    12:09:23.0593 5552 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    12:09:23.0734 5552 Flpydisk - ok
    12:09:23.0734 5552 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    12:09:23.0859 5552 FltMgr - ok
    12:09:23.0937 5552 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    12:09:23.0953 5552 FontCache3.0.0.0 - ok
    12:09:23.0984 5552 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    12:09:24.0109 5552 Fs_Rec - ok
    12:09:24.0125 5552 [ 0A58505B5D0ABA661D2FF59CD8CF79B9 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    12:09:24.0250 5552 Ftdisk - ok
    12:09:24.0312 5552 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    12:09:24.0421 5552 Gpc - ok
    12:09:24.0531 5552 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programmer\Google\Update\GoogleUpdate.exe
    12:09:24.0546 5552 gupdate - ok
    12:09:24.0546 5552 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programmer\Google\Update\GoogleUpdate.exe
    12:09:24.0562 5552 gupdatem - ok
    12:09:24.0609 5552 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
    12:09:24.0625 5552 gusvc - ok
    12:09:24.0687 5552 [ 862D4185D43128FEF7818711F8F30436 ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys
    12:09:24.0734 5552 ha20x2k - ok
    12:09:24.0843 5552 [ 9E256613B0A999DDD2AA889E340CD402 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    12:09:24.0968 5552 helpsvc - ok
    12:09:25.0031 5552 [ 8DBCD76C2A538C26357831DD14CD792F ] HidServ C:\WINDOWS\System32\hidserv.dll
    12:09:25.0156 5552 HidServ - ok
    12:09:25.0218 5552 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    12:09:25.0343 5552 HidUsb - ok
    12:09:25.0390 5552 [ 8751C1091AF19D3787798DA90FFB0902 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    12:09:25.0500 5552 hkmsvc - ok
    12:09:25.0531 5552 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    12:09:25.0640 5552 hpn - ok
    12:09:25.0703 5552 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    12:09:25.0718 5552 HTTP - ok
    12:09:25.0750 5552 [ 8E23B6943D42D0BE0419F3FFFDE93A31 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    12:09:25.0875 5552 HTTPFilter - ok
    12:09:25.0906 5552 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    12:09:26.0015 5552 i2omgmt - ok
    12:09:26.0062 5552 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    12:09:26.0171 5552 i2omp - ok
    12:09:26.0187 5552 [ 42F890598EFB480076558CA3CC151107 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    12:09:26.0328 5552 i8042prt - ok
    12:09:26.0421 5552 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
    12:09:26.0453 5552 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
    12:09:26.0453 5552 IAANTMon - detected UnsignedFile.Multi.Generic (1)
    12:09:26.0484 5552 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
    12:09:26.0515 5552 iastor - ok
    12:09:26.0671 5552 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    12:09:26.0671 5552 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    12:09:26.0671 5552 IDriverT - detected UnsignedFile.Multi.Generic (1)
    12:09:26.0734 5552 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    12:09:26.0781 5552 idsvc - ok
    12:09:26.0812 5552 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    12:09:26.0937 5552 Imapi - ok
    12:09:27.0000 5552 [ F73C9C37D4B7453C2CB7DCFD2640C75F ] ImapiService C:\WINDOWS\system32\imapi.exe
    12:09:27.0109 5552 ImapiService - ok
    12:09:27.0156 5552 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    12:09:27.0265 5552 ini910u - ok
    12:09:27.0296 5552 [ 3BCDDA95F24D21D4B050C9F0F531C88B ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    12:09:27.0421 5552 IntelIde - ok
    12:09:27.0484 5552 [ D1CD31B6CD4A99F3B82AEC84CFDD4CBA ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    12:09:27.0609 5552 intelppm - ok
    12:09:27.0640 5552 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    12:09:27.0781 5552 Ip6Fw - ok
    12:09:27.0796 5552 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    12:09:27.0921 5552 IpFilterDriver - ok
    12:09:27.0968 5552 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    12:09:28.0078 5552 IpInIp - ok
    12:09:28.0109 5552 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    12:09:28.0234 5552 IpNat - ok
    12:09:28.0250 5552 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    12:09:28.0375 5552 IPSec - ok
    12:09:28.0406 5552 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    12:09:28.0453 5552 IRENUM - ok
    12:09:28.0484 5552 [ 3CE6EC5903C59223B61F6A0B9B84B022 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    12:09:28.0625 5552 isapnp - ok
    12:09:28.0718 5552 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programmer\Java\jre7\bin\jqs.exe
    12:09:28.0734 5552 JavaQuickStarterService - ok
    12:09:28.0750 5552 [ 32E823DFD0A7F18CF3B024F78C7AA7DD ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    12:09:28.0875 5552 Kbdclass - ok
    12:09:28.0875 5552 [ 530D40F58095397B6B8AA5A0FDD074A5 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    12:09:29.0000 5552 kbdhid - ok
    12:09:29.0015 5552 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    12:09:29.0140 5552 kmixer - ok
    12:09:29.0203 5552 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    12:09:29.0218 5552 KSecDD - ok
    12:09:29.0281 5552 [ F429B46A773ED6B84025C8EA9949188F ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    12:09:29.0312 5552 lanmanserver - ok
    12:09:29.0375 5552 [ 62D286F1131AAD51B6D8D8249A27B8CA ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    12:09:29.0406 5552 lanmanworkstation - ok
    12:09:29.0406 5552 lbrtfdc - ok
    12:09:29.0468 5552 [ 508C79641EB2256D7B8FD9ED64AA7B53 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    12:09:29.0593 5552 LmHosts - ok
    12:09:29.0656 5552 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    12:09:29.0671 5552 MBAMProtector - ok
    12:09:29.0781 5552 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe
    12:09:29.0812 5552 MBAMScheduler - ok
    12:09:29.0875 5552 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe
    12:09:29.0906 5552 MBAMService - ok
    12:09:30.0031 5552 [ 2241BA95626E55BE848A455273DDB018 ] McAfee SiteAdvisor Service C:\Programmer\McAfee\SiteAdvisor\McSACore.exe
    12:09:30.0046 5552 McAfee SiteAdvisor Service - ok
    12:09:30.0093 5552 [ 6C585D70D270607FF861D762494B25E2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    12:09:30.0234 5552 Messenger - ok
    12:09:30.0265 5552 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    12:09:30.0390 5552 mnmdd - ok
    12:09:30.0437 5552 [ 8184E5463AB9BB8CFB37A28852DB16C5 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    12:09:30.0593 5552 mnmsrvc - ok
    12:09:30.0656 5552 [ 67AC997DB66FDFD07738DF58B45CD1B9 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    12:09:30.0781 5552 Modem - ok
    12:09:30.0812 5552 [ 22774A2AB832972ECA2CE227819F5AF0 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    12:09:30.0937 5552 Mouclass - ok
    12:09:30.0968 5552 [ 39F0A46109B167707018E8889D5FEC93 ] mouhid C:\WINDOWS\system32\
  6. Carolus

    Carolus Newcomer, in training Topic Starter

    Part2:

    DRIVERS\mouhid.sys
    12:09:31.0093 5552 mouhid - ok
    12:09:31.0093 5552 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    12:09:31.0218 5552 MountMgr - ok
    12:09:31.0265 5552 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
    12:09:31.0375 5552 MPE - ok
    12:09:31.0453 5552 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    12:09:31.0468 5552 MpFilter - ok
    12:09:31.0640 5552 [ A69630D039C38018689190234F866D77 ] MpKsl876d07b1 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5750B51-E434-4852-9FB1-D97E92908032}\MpKsl876d07b1.sys
    12:09:31.0656 5552 MpKsl876d07b1 - ok
    12:09:31.0703 5552 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    12:09:31.0828 5552 mraid35x - ok
    12:09:31.0843 5552 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    12:09:31.0953 5552 MRxDAV - ok
    12:09:32.0015 5552 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    12:09:32.0031 5552 MRxSmb - ok
    12:09:32.0046 5552 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    12:09:32.0156 5552 Msfs - ok
    12:09:32.0156 5552 MSIServer - ok
    12:09:32.0187 5552 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    12:09:32.0296 5552 MSKSSRV - ok
    12:09:32.0390 5552 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Programmer\Microsoft Security Client\MsMpEng.exe
    12:09:32.0406 5552 MsMpSvc - ok
    12:09:32.0453 5552 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    12:09:32.0578 5552 MSPCLOCK - ok
    12:09:32.0640 5552 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    12:09:32.0781 5552 MSPQM - ok
    12:09:32.0796 5552 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    12:09:32.0906 5552 mssmbios - ok
    12:09:32.0953 5552 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    12:09:33.0062 5552 MSTEE - ok
    12:09:33.0093 5552 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    12:09:33.0125 5552 Mup - ok
    12:09:33.0156 5552 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    12:09:33.0281 5552 NABTSFEC - ok
    12:09:33.0328 5552 [ 8FF76BFF355B66E320BC1E4429C22657 ] napagent C:\WINDOWS\System32\qagentrt.dll
    12:09:33.0468 5552 napagent - ok
    12:09:33.0546 5552 NasPmService - ok
    12:09:33.0546 5552 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    12:09:33.0656 5552 NDIS - ok
    12:09:33.0703 5552 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    12:09:33.0843 5552 NdisIP - ok
    12:09:33.0875 5552 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    12:09:33.0890 5552 NdisTapi - ok
    12:09:33.0937 5552 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    12:09:34.0046 5552 Ndisuio - ok
    12:09:34.0062 5552 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    12:09:34.0187 5552 NdisWan - ok
    12:09:34.0250 5552 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    12:09:34.0265 5552 NDProxy - ok
    12:09:34.0343 5552 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
    12:09:34.0375 5552 Nero BackItUp Scheduler 4.0 - ok
    12:09:34.0390 5552 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    12:09:34.0500 5552 NetBIOS - ok
    12:09:34.0531 5552 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    12:09:34.0640 5552 NetBT - ok
    12:09:34.0687 5552 [ 1B81D1D833268A82F979CB4CC8F7A4EF ] NetDDE C:\WINDOWS\system32\netdde.exe
    12:09:34.0828 5552 NetDDE - ok
    12:09:34.0828 5552 [ 1B81D1D833268A82F979CB4CC8F7A4EF ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    12:09:34.0937 5552 NetDDEdsdm - ok
    12:09:35.0000 5552 [ AC9FCA8BCD685ABDB9928B1964B731A2 ] Netlogon C:\WINDOWS\system32\lsass.exe
    12:09:35.0125 5552 Netlogon - ok
    12:09:35.0187 5552 [ 7B4A4A94389364565C2334A82FCDDF67 ] Netman C:\WINDOWS\System32\netman.dll
    12:09:35.0296 5552 Netman - ok
    12:09:35.0421 5552 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Programmer\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    12:09:35.0453 5552 NetSvc ( UnsignedFile.Multi.Generic ) - warning
    12:09:35.0453 5552 NetSvc - detected UnsignedFile.Multi.Generic (1)
    12:09:35.0500 5552 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:09:35.0515 5552 NetTcpPortSharing - ok
    12:09:35.0562 5552 [ 3B0979E9506755266C100F43D3700CA7 ] Nla C:\WINDOWS\System32\mswsock.dll
    12:09:35.0578 5552 Nla - ok
    12:09:35.0671 5552 [ CD569FA91EC6F59D045C19D0D3850F44 ] nmservice C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe
    12:09:35.0703 5552 nmservice - ok
    12:09:35.0734 5552 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    12:09:35.0859 5552 Npfs - ok
    12:09:35.0890 5552 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    12:09:36.0000 5552 Ntfs - ok
    12:09:36.0015 5552 [ AC9FCA8BCD685ABDB9928B1964B731A2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    12:09:36.0125 5552 NtLmSsp - ok
    12:09:36.0171 5552 [ 1FE8446399F6044504F569014A2599B3 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    12:09:36.0312 5552 NtmsSvc - ok
    12:09:36.0312 5552 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    12:09:36.0437 5552 Null - ok
    12:09:36.0640 5552 [ 5950E6CC9FB3FABB61604D395DBC8550 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    12:09:36.0843 5552 nv - ok
    12:09:36.0890 5552 [ 9FE764D5EECCA13B0932FAB81A4A5A6F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
    12:09:36.0906 5552 NVSvc - ok
    12:09:36.0968 5552 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    12:09:37.0109 5552 NwlnkFlt - ok
    12:09:37.0140 5552 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    12:09:37.0250 5552 NwlnkFwd - ok
    12:09:37.0312 5552 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
    12:09:37.0328 5552 ose - ok
    12:09:37.0562 5552 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Programmer\Fælles filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    12:09:37.0734 5552 osppsvc - ok
    12:09:37.0765 5552 [ 99F877A7BB6FEB5AF1184EAFE937C208 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
    12:09:37.0781 5552 ossrv - ok
    12:09:37.0828 5552 [ 9E048790F33FE5F4FA9D27B5650A1DD5 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    12:09:37.0937 5552 Parport - ok
    12:09:37.0968 5552 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    12:09:38.0109 5552 PartMgr - ok
    12:09:38.0140 5552 [ 48E97AF5B876301131E9D1B0C43212C3 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    12:09:38.0281 5552 ParVdm - ok
    12:09:38.0281 5552 [ 5D756DA95BD1E2F6E495704715532FDC ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    12:09:38.0390 5552 PCI - ok
    12:09:38.0406 5552 PCIDump - ok
    12:09:38.0421 5552 [ 69CE0D409C11347196147EA4C6C02364 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    12:09:38.0515 5552 PCIIde - ok
    12:09:38.0562 5552 [ E980B6D0CA6ACBA679A0AC810AB9A57C ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    12:09:38.0703 5552 Pcmcia - ok
    12:09:38.0703 5552 PDCOMP - ok
    12:09:38.0718 5552 PDFRAME - ok
    12:09:38.0718 5552 PDRELI - ok
    12:09:38.0718 5552 PDRFRAME - ok
    12:09:38.0765 5552 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    12:09:38.0875 5552 perc2 - ok
    12:09:38.0875 5552 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    12:09:39.0015 5552 perc2hib - ok
    12:09:39.0125 5552 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Programmer\Nero\Nero BackItUp 4\IoctlSvc.exe
    12:09:39.0140 5552 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
    12:09:39.0140 5552 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
    12:09:39.0156 5552 [ 32F091E3425759B126760F44B5E931C9 ] PlugPlay C:\WINDOWS\system32\services.exe
    12:09:39.0171 5552 PlugPlay - ok
    12:09:39.0234 5552 [ 36FCAC4FA28B462CA867742DEA59B0D0 ] pnarp C:\WINDOWS\system32\DRIVERS\pnarp.sys
    12:09:39.0250 5552 pnarp - ok
    12:09:39.0250 5552 [ AC9FCA8BCD685ABDB9928B1964B731A2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    12:09:39.0375 5552 PolicyAgent - ok
    12:09:39.0421 5552 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    12:09:39.0546 5552 PptpMiniport - ok
    12:09:39.0546 5552 [ AC9FCA8BCD685ABDB9928B1964B731A2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    12:09:39.0656 5552 ProtectedStorage - ok
    12:09:39.0656 5552 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    12:09:39.0781 5552 PSched - ok
    12:09:39.0812 5552 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
    12:09:39.0828 5552 PSI - ok
    12:09:39.0859 5552 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    12:09:39.0984 5552 Ptilink - ok
    12:09:40.0046 5552 [ D8AC00388262B1A4878A7EE12F31D376 ] purendis C:\WINDOWS\system32\DRIVERS\purendis.sys
    12:09:40.0062 5552 purendis - ok
    12:09:40.0125 5552 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    12:09:40.0140 5552 PxHelp20 - ok
    12:09:40.0156 5552 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    12:09:40.0265 5552 ql1080 - ok
    12:09:40.0281 5552 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    12:09:40.0421 5552 Ql10wnt - ok
    12:09:40.0453 5552 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    12:09:40.0593 5552 ql12160 - ok
    12:09:40.0593 5552 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    12:09:40.0703 5552 ql1240 - ok
    12:09:40.0734 5552 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    12:09:40.0875 5552 ql1280 - ok
    12:09:40.0890 5552 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    12:09:41.0000 5552 RasAcd - ok
    12:09:41.0031 5552 [ 82C008EC993ABA0BBC9D178B25F71746 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    12:09:41.0140 5552 RasAuto - ok
    12:09:41.0187 5552 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    12:09:41.0296 5552 Rasl2tp - ok
    12:09:41.0359 5552 [ 8A18F96203BE26AD7E6A4AF765610527 ] RasMan C:\WINDOWS\System32\rasmans.dll
    12:09:41.0468 5552 RasMan - ok
    12:09:41.0500 5552 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    12:09:41.0609 5552 RasPppoe - ok
    12:09:41.0609 5552 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    12:09:41.0718 5552 Raspti - ok
    12:09:41.0750 5552 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    12:09:41.0859 5552 Rdbss - ok
    12:09:41.0875 5552 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    12:09:41.0984 5552 RDPCDD - ok
    12:09:42.0015 5552 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    12:09:42.0156 5552 rdpdr - ok
    12:09:42.0218 5552 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    12:09:42.0234 5552 RDPWD - ok
    12:09:42.0265 5552 [ 2C0AB39D91E3C9118A191A48F7BD67F6 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    12:09:42.0406 5552 RDSessMgr - ok
    12:09:42.0468 5552 [ D2EA9DAE9A9F1BF40C0EA1D1D7C5592C ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    12:09:42.0578 5552 redbook - ok
    12:09:42.0625 5552 [ BD3EA2FCA2D32B003874BA4819F1818C ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    12:09:42.0734 5552 RemoteAccess - ok
    12:09:42.0750 5552 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    12:09:42.0890 5552 RFCOMM - ok
    12:09:42.0906 5552 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
    12:09:43.0015 5552 ROOTMODEM - ok
    12:09:43.0046 5552 [ 9FABC6ADD7A3212EA934E62943DE252C ] RpcLocator C:\WINDOWS\system32\locator.exe
    12:09:43.0156 5552 RpcLocator - ok
    12:09:43.0203 5552 [ 059187B38452A01BB3B397691DDF3552 ] RpcSs C:\WINDOWS\System32\rpcss.dll
    12:09:43.0234 5552 RpcSs - ok
    12:09:43.0296 5552 [ 72309905945D7EAAB911B376F86B95E6 ] RSVP C:\WINDOWS\system32\rsvp.exe
    12:09:43.0421 5552 RSVP - ok
    12:09:43.0437 5552 [ AC9FCA8BCD685ABDB9928B1964B731A2 ] SamSs C:\WINDOWS\system32\lsass.exe
    12:09:43.0546 5552 SamSs - ok
    12:09:43.0578 5552 [ C8BF6AE55768820130ECF35A6E4D64CC ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    12:09:43.0687 5552 SCardSvr - ok
    12:09:43.0734 5552 [ 7D53DC5DE342AF26401A3CBBBC8CAFB8 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    12:09:43.0859 5552 Schedule - ok
    12:09:43.0906 5552 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    12:09:43.0968 5552 Secdrv - ok
    12:09:44.0000 5552 [ 31C48478030803C99A050C47C22D4A9D ] seclogon C:\WINDOWS\System32\seclogon.dll
    12:09:44.0109 5552 seclogon - ok
    12:09:44.0171 5552 Secunia PSI Agent - ok
    12:09:44.0171 5552 Secunia Update Agent - ok
    12:09:44.0187 5552 [ 1DDA52FBBD05D3FA61A209447FA54AEF ] SENS C:\WINDOWS\system32\sens.dll
    12:09:44.0296 5552 SENS - ok
    12:09:44.0359 5552 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    12:09:44.0468 5552 serenum - ok
    12:09:44.0484 5552 [ 680ED46039EBD4C23EB708F1AF6B9E5D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    12:09:44.0609 5552 Serial - ok
    12:09:44.0703 5552 [ 78546CD2ECA6DD6BDCD4B13048621F88 ] ServiceLayer C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
    12:09:44.0718 5552 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
    12:09:44.0718 5552 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
    12:09:44.0765 5552 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\
  7. Carolus

    Carolus Newcomer, in training Topic Starter

    Part3:

    drivers\Sfloppy.sys
    12:09:44.0875 5552 Sfloppy - ok
    12:09:44.0937 5552 [ 27BB7647B600A43147AA2D2C297660F0 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    12:09:45.0062 5552 SharedAccess - ok
    12:09:45.0078 5552 [ A17D630FABFE7B796CBDBEE79F9E6612 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    12:09:45.0093 5552 ShellHWDetection - ok
    12:09:45.0109 5552 Simbad - ok
    12:09:45.0140 5552 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    12:09:45.0281 5552 sisagp - ok
    12:09:45.0312 5552 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    12:09:45.0421 5552 SLIP - ok
    12:09:45.0468 5552 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    12:09:45.0546 5552 Sparrow - ok
    12:09:45.0609 5552 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    12:09:45.0718 5552 splitter - ok
    12:09:45.0750 5552 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    12:09:45.0796 5552 Spooler - ok
    12:09:45.0812 5552 SqueezeMySQL - ok
    12:09:45.0828 5552 [ B3ECB8B07F7991132C71C1B16A82FFE3 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    12:09:45.0890 5552 sr - ok
    12:09:45.0906 5552 [ 1E8F91A7CD08BDB7482746F97365E12E ] srservice C:\WINDOWS\system32\srsvc.dll
    12:09:45.0968 5552 srservice - ok
    12:09:46.0046 5552 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    12:09:46.0062 5552 Srv - ok
    12:09:46.0109 5552 [ B1D1003D618961EB936A0717E74CB147 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    12:09:46.0171 5552 SSDPSRV - ok
    12:09:46.0218 5552 [ 787E2A34B0BE4B102843D0659811C7AC ] stisvc C:\WINDOWS\system32\wiaservc.dll
    12:09:46.0343 5552 stisvc - ok
    12:09:46.0390 5552 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    12:09:46.0531 5552 streamip - ok
    12:09:46.0562 5552 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    12:09:46.0703 5552 swenum - ok
    12:09:46.0703 5552 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    12:09:46.0828 5552 swmidi - ok
    12:09:46.0828 5552 SwPrv - ok
    12:09:46.0859 5552 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    12:09:46.0968 5552 symc810 - ok
    12:09:47.0031 5552 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    12:09:47.0140 5552 symc8xx - ok
    12:09:47.0203 5552 SYMIDSCO - ok
    12:09:47.0218 5552 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    12:09:47.0359 5552 sym_hi - ok
    12:09:47.0406 5552 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    12:09:47.0515 5552 sym_u3 - ok
    12:09:47.0531 5552 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    12:09:47.0656 5552 sysaudio - ok
    12:09:47.0687 5552 [ 6453945E83873CDC17E81B0E6A71E707 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    12:09:47.0796 5552 SysmonLog - ok
    12:09:47.0828 5552 [ DD04BA74CF4D5D223675B1BD8326648E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    12:09:47.0937 5552 TapiSrv - ok
    12:09:47.0984 5552 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    12:09:48.0000 5552 Tcpip - ok
    12:09:48.0062 5552 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    12:09:48.0203 5552 TDPIPE - ok
    12:09:48.0234 5552 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    12:09:48.0375 5552 TDTCP - ok
    12:09:48.0390 5552 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    12:09:48.0500 5552 TermDD - ok
    12:09:48.0562 5552 [ 14C8EC0AA06A33CCC5407E4324F91312 ] TermService C:\WINDOWS\System32\termsrv.dll
    12:09:48.0687 5552 TermService - ok
    12:09:48.0687 5552 [ A17D630FABFE7B796CBDBEE79F9E6612 ] Themes C:\WINDOWS\System32\shsvcs.dll
    12:09:48.0718 5552 Themes - ok
    12:09:48.0750 5552 [ 9B0EDFA321A32202B0D0D94B853F0A78 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    12:09:48.0890 5552 TosIde - ok
    12:09:48.0921 5552 [ F9D5FFA46CDE05C235EA258C02BA8A66 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    12:09:49.0031 5552 TrkWks - ok
    12:09:49.0062 5552 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    12:09:49.0156 5552 Udfs - ok
    12:09:49.0187 5552 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    12:09:49.0234 5552 ultra - ok
    12:09:49.0296 5552 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    12:09:49.0421 5552 Update - ok
    12:09:49.0453 5552 [ D091AA5963C06AFEC8BFC3D5B1B24647 ] upnphost C:\WINDOWS\System32\upnphost.dll
    12:09:49.0515 5552 upnphost - ok
    12:09:49.0562 5552 [ 925EDCAE2170355679E1D2D1E638F68E ] UPS C:\WINDOWS\System32\ups.exe
    12:09:49.0687 5552 UPS - ok
    12:09:49.0734 5552 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    12:09:49.0843 5552 usbaudio - ok
    12:09:49.0890 5552 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    12:09:50.0000 5552 usbccgp - ok
    12:09:50.0078 5552 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    12:09:50.0187 5552 usbehci - ok
    12:09:50.0203 5552 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    12:09:50.0312 5552 usbhub - ok
    12:09:50.0359 5552 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    12:09:50.0500 5552 usbscan - ok
    12:09:50.0500 5552 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    12:09:50.0625 5552 USBSTOR - ok
    12:09:50.0687 5552 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    12:09:50.0796 5552 usbuhci - ok
    12:09:50.0843 5552 [ 51750B0539986186C6931FC40D171521 ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
    12:09:50.0859 5552 VComm - ok
    12:09:50.0921 5552 [ 6D9C891C0A761AFED1F3609C2E56F2B9 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
    12:09:50.0937 5552 VcommMgr - ok
    12:09:50.0953 5552 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    12:09:51.0062 5552 VgaSave - ok
    12:09:51.0109 5552 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    12:09:51.0203 5552 viaagp - ok
    12:09:51.0234 5552 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    12:09:51.0343 5552 ViaIde - ok
    12:09:51.0375 5552 [ 69D9E1DE5F897580F8B1D1957528B0B2 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    12:09:51.0484 5552 VolSnap - ok
    12:09:51.0484 5552 vsdatant - ok
    12:09:51.0531 5552 [ 3F5D90C4BB1C6A75E264E8D7148EB3CE ] VSS C:\WINDOWS\System32\vssvc.exe
    12:09:51.0593 5552 VSS - ok
    12:09:51.0609 5552 [ 1C398054BA3D3E75E991F548AB8D763F ] w32time C:\WINDOWS\system32\w32time.dll
    12:09:51.0718 5552 w32time - ok
    12:09:51.0734 5552 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    12:09:51.0843 5552 Wanarp - ok
    12:09:51.0843 5552 WDICA - ok
    12:09:51.0859 5552 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    12:09:51.0968 5552 wdmaud - ok
    12:09:51.0984 5552 [ 1A85AD583CD64227203BDC1FE2AFA520 ] WebClient C:\WINDOWS\System32\webclnt.dll
    12:09:52.0109 5552 WebClient - ok
    12:09:52.0203 5552 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Programmer\Windows Defender\MsMpEng.exe
    12:09:52.0218 5552 WinDefend - ok
    12:09:52.0328 5552 [ C16C23396F1C1BA7D170C54EC4E78F1B ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    12:09:52.0453 5552 winmgmt - ok
    12:09:52.0531 5552 [ ABE4DAF361BB0A3EDE089CC2CC9C415B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    12:09:52.0593 5552 WinRM - ok
    12:09:52.0812 5552 [ 871A8AABE38EF9EAD4400A32778F9546 ] WiselinkPro C:\Programmer\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
    12:09:52.0984 5552 WiselinkPro ( UnsignedFile.Multi.Generic ) - warning
    12:09:52.0984 5552 WiselinkPro - detected UnsignedFile.Multi.Generic (1)
    12:09:53.0046 5552 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    12:09:53.0078 5552 WmdmPmSN - ok
    12:09:53.0140 5552 [ A11D7A4DBABBF29BD66E189905C21D4E ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    12:09:53.0265 5552 WmiApSrv - ok
    12:09:53.0375 5552 [ 6EE45AD8DBEF8785B8CD312736626EBE ] WMPNetworkSvc C:\Programmer\Windows Media Player\WMPNetwk.exe
    12:09:53.0406 5552 WMPNetworkSvc - ok
    12:09:53.0546 5552 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    12:09:53.0578 5552 WPFFontCache_v0400 - ok
    12:09:53.0640 5552 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    12:09:53.0750 5552 WS2IFSL - ok
    12:09:53.0796 5552 [ BC71BC51DD57E792851D31795F3EDBF1 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    12:09:53.0906 5552 wscsvc - ok
    12:09:53.0921 5552 WSearch - ok
    12:09:53.0953 5552 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    12:09:54.0062 5552 WSTCODEC - ok
    12:09:54.0093 5552 [ 2BC349942C6CE07736F78BEC266816CE ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    12:09:54.0203 5552 wuauserv - ok
    12:09:54.0250 5552 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    12:09:54.0281 5552 WudfPf - ok
    12:09:54.0296 5552 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    12:09:54.0312 5552 WudfRd - ok
    12:09:54.0343 5552 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    12:09:54.0375 5552 WudfSvc - ok
    12:09:54.0453 5552 [ F335FB0F45374C2EA9C3EBA798EB550D ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    12:09:54.0593 5552 WZCSVC - ok
    12:09:54.0609 5552 [ 3FEE6C536D5BFC0F1B6BCA56F97D1F80 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    12:09:54.0718 5552 xmlprov - ok
    12:09:54.0734 5552 ================ Scan global ===============================
    12:09:54.0796 5552 [ 0F8B96647BAEE41953B838F8E29C7069 ] C:\WINDOWS\system32\basesrv.dll
    12:09:54.0859 5552 [ 4A8D86E8E4E8918B302D1B95509C8631 ] C:\WINDOWS\system32\winsrv.dll
    12:09:54.0875 5552 [ 4A8D86E8E4E8918B302D1B95509C8631 ] C:\WINDOWS\system32\winsrv.dll
    12:09:54.0875 5552 [ 32F091E3425759B126760F44B5E931C9 ] C:\WINDOWS\system32\services.exe
    12:09:54.0890 5552 [Global] - ok
    12:09:54.0890 5552 ================ Scan MBR ==================================
    12:09:54.0906 5552 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
    12:09:55.0296 5552 \Device\Harddisk0\DR0 - ok
    12:09:55.0296 5552 ================ Scan VBR ==================================
    12:09:55.0328 5552 [ C1B981FC2B124A28B6EC518E660A8E7F ] \Device\Harddisk0\DR0\Partition1
    12:09:55.0328 5552 \Device\Harddisk0\DR0\Partition1 - ok
    12:09:55.0328 5552 ============================================================
    12:09:55.0328 5552 Scan finished
    12:09:55.0328 5552 ============================================================
    12:09:55.0437 4972 Detected object count: 19
    12:09:55.0437 4972 Actual detected object count: 19
    12:11:58.0359 4972 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0359 4972 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0359 4972 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0359 4972 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0359 4972 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0359 4972 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0359 4972 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0359 4972 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0359 4972 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0359 4972 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0359 4972 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0359 4972 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0359 4972 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0359 4972 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0359 4972 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0359 4972 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0359 4972 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0359 4972 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0375 4972 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0375 4972 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0375 4972 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0375 4972 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0375 4972 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0375 4972 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0375 4972 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0375 4972 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0375 4972 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0375 4972 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0375 4972 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0375 4972 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0375 4972 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0375 4972 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0375 4972 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0375 4972 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0375 4972 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0375 4972 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
    12:11:58.0375 4972 WiselinkPro ( UnsignedFile.Multi.Generic ) - skipped by user
    12:11:58.0375 4972 WiselinkPro ( UnsignedFile.Multi.Generic ) - User select action: Skip
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  9. Carolus

    Carolus Newcomer, in training Topic Starter

    Attached the result from OTL Part 1

    OTL logfile created on: 29-12-2012 23:10:57 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

    3,50 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 75,95% Memory free
    5,34 Gb Paging File | 4,55 Gb Available in Paging File | 85,30% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
    Drive C: | 145,96 Gb Total Space | 38,02 Gb Free Space | 26,05% Space Free | Partition Type: NTFS

    Computer Name: FUSSINGB-CJBM1 | User Name: Carl-Johan B. Madsen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-12-29 23:10:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\OTL.exe
    PRC - [2012-10-23 15:35:40 | 000,095,232 | ---- | M] (McAfee, Inc.) -- C:\Programmer\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012-09-24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programmer\Java\jre7\bin\jqs.exe
    PRC - [2012-09-12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programmer\Microsoft Security Client\MsMpEng.exe
    PRC - [2012-09-12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Security Client\msseces.exe
    PRC - [2011-04-19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programmer\Secunia\PSI\sua.exe
    PRC - [2010-01-09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Fælles filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    PRC - [2009-07-07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009-07-07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008-09-24 12:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008-09-24 12:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Programmer\Nero\Nero BackItUp 4\IoctlSvc.exe
    PRC - [2008-04-14 17:05:54 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Outlook Express\msimn.exe
    PRC - [2008-04-14 17:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008-02-29 12:59:20 | 000,245,760 | R--- | M] (BUFFALO INC.) -- C:\Programmer\BUFFALO\NASNAVI\nassvc.exe
    PRC - [2006-11-03 17:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Defender\MSASCui.exe
    PRC - [2006-03-02 04:53:36 | 000,717,312 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
    PRC - [2005-10-14 12:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    PRC - [2005-09-30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programmer\Canon\CAL\CALMAIN.exe
    PRC - [2005-09-08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005-06-17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-07-27 21:51:46 | 000,300,544 | ---- | M] () -- C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.DAN
    MOD - [2009-07-13 16:37:04 | 000,152,112 | ---- | M] () -- C:\Programmer\Fælles filer\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2009-07-13 16:37:04 | 000,098,304 | ---- | M] () -- C:\Programmer\Fælles filer\Pure Networks Shared\Platform\CFirewallCOM.dll
    MOD - [2008-09-30 13:05:22 | 000,071,696 | ---- | M] () -- c:\Programmer\McAfee\SiteAdvisor\mcfrmwk.dll
    MOD - [2008-09-30 13:05:18 | 000,207,376 | ---- | M] () -- c:\Programmer\McAfee\SiteAdvisor\cntscan.dll
    MOD - [2008-09-30 13:05:16 | 000,117,264 | ---- | M] () -- c:\Programmer\McAfee\SiteAdvisor\apengine.dll
    MOD - [2001-10-28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
    MOD - [2001-03-15 14:39:38 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\PRTdlink.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012-12-28 09:00:49 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-10-23 15:35:40 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programmer\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012-09-24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programmer\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012-09-12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programmer\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011-04-19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programmer\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2011-04-19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programmer\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011-04-14 08:20:14 | 004,149,248 | ---- | M] () [Auto | Stopped] -- C:\Programmer\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
    SRV - [2010-01-09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programmer\Fælles filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2010-01-09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2009-07-07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009-01-08 08:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Programmer\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
    SRV - [2008-09-24 12:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008-09-24 12:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Programmer\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
    SRV - [2008-02-29 12:59:20 | 000,245,760 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programmer\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
    SRV - [2007-03-26 12:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programmer\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2006-11-03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programmer\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2005-09-30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programmer\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2005-06-17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)
    SRV - [2004-10-22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\vsdatant.sys -- (vsdatant)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\FÆLLES~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\EC168BDA.sys -- (EC168BDA)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\CARL-J~1.MAD\LOKALE~1\Temp\catchme.sys -- (catchme)
    DRV - [2012-09-29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010-09-01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2009-07-07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
    DRV - [2009-07-07 13:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
    DRV - [2008-04-13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
    DRV - [2008-02-27 21:49:07 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2007-05-11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2007-05-09 01:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
    DRV - [2007-03-05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
    DRV - [2007-03-05 05:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
    DRV - [2007-03-05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
    DRV - [2007-03-05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
    DRV - [2007-03-05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
    DRV - [2007-03-05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
    DRV - [2006-11-21 22:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programmer\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
    DRV - [2006-02-15 07:40:24 | 001,096,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2005-11-08 13:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
    DRV - [2005-11-08 13:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2005-11-08 13:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005-11-08 13:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2005-11-08 13:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2005-11-08 13:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2005-09-08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005-09-08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005-09-08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005-09-08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005-09-08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005-09-08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005-09-08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005-08-25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005-08-25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005-07-13 10:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programmer\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {5E7457D5-EA8A-4DB3-9612-3BF128E87B65}
    IE - HKCU\..\SearchScopes\{5E7457D5-EA8A-4DB3-9612-3BF128E87B65}: "URL" = http://www.google.dk/search?q={sear...={outputEncoding}&sourceid=ie7&rlz=1I7WZPA_en
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{9D4DFB6A-3749-4EE7-B893-7802AE5EAA74}: "URL" = http://dk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
    IE - HKCU\..\SearchScopes\{ACD7F5AB-69B0-4582-A8C9-BB7CF68AE87F}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa2,version=2.0.0: C:\Programmer\Picasa2\npPicasa2.dll File not found
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Programmer\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programmer\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Programmer\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmer\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programmer\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programmer\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Programmer\McAfee\SiteAdvisor [2012-12-26 21:03:58 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programmer\Google\Chrome\Application\8.0.552.237\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programmer\Google\Chrome\Application\8.0.552.237\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Programmer\Google\Chrome\Application\8.0.552.237\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmer\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programmer\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programmer\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmer\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Updater (Enabled) = C:\Programmer\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    CHR - plugin: Picasa (Enabled) = C:\Programmer\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Programmer\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programmer\Yahoo!\Common\npyaxmpb.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmer\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: McAfee SiteAdvisor = C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\

    O1 HOSTS File: ([2012-12-27 21:27:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programmer\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmer\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programmer\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe ARM] C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [CTDVDDET] C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [MSC] c:\Programmer\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [nmctxth] C:\Programmer\Fælles filer\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
  10. Carolus

    Carolus Newcomer, in training Topic Starter

    Part 2 of OTL scan.

    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programmer\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: S&end til OneNote - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: www.sa.dk ([]https in Websteder, du har tillid til)
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} http://downol.dr.dk/download/netradio/Rawflow.cab (Rawflow ICD Client)
    O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} https://www.sparostjyl.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab (ActiveX sikkerhedssoftware Control)
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab (DjVuCtl Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} http://www.turntool.com/ViewerInstall.exe (TurnTool Scene)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1351090639921 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_09)
    O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe (Util Class)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
    O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 194.239.134.83
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D06812AA-0D08-41EF-BE66-F3821FCDC6FD}: DhcpNameServer = 193.162.153.164 194.239.134.83
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programmer\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programmer\Fælles filer\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programmer\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
    O24 - Desktop Components:1 () - http://arkiv.kms.dk/mpn/
    O24 - Desktop WallPaper: C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programmer\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programmer\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004-09-17 16:31:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-12-29 23:10:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\OTL.exe
    [2012-12-29 12:07:52 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\tdsskiller.exe
    [2012-12-27 20:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2012-12-27 20:45:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012-12-27 20:43:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012-12-27 20:43:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012-12-27 20:43:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012-12-27 20:43:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012-12-27 20:42:08 | 005,014,125 | R--- | C] (Swearware) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\ComboFix.exe
    [2012-12-27 20:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-12-27 20:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012-12-27 14:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
    [2012-12-27 14:32:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012-12-27 14:32:09 | 000,000,000 | ---D | C] -- C:\Programmer\Malwarebytes' Anti-Malware
    [2012-12-27 11:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Menuen Start\Programmer\Sophos
    [2012-12-27 11:07:33 | 000,000,000 | ---D | C] -- C:\Programmer\Microsoft Security Client
    [2012-12-27 10:16:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012-12-27 10:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\MFAData
    [2012-12-27 10:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012-12-27 10:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Avg2013
    [2012-12-26 21:47:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
    [2012-12-26 21:00:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Recent
    [2012-12-26 20:59:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012-12-26 20:11:53 | 000,000,000 | ---D | C] -- C:\Programmer\Microsoft Security Client(2)
    [2012-12-26 17:25:14 | 000,000,000 | ---D | C] -- C:\Programmer\Enigma Software Group
    [2012-12-26 17:19:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012-12-26 16:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\TestApp
    [2012-12-26 10:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Malwarebytes
    [2012-12-26 10:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012-12-25 22:47:39 | 000,000,000 | ---D | C] -- C:\Programmer\Panda Security
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-12-29 23:10:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\OTL.exe
    [2012-12-29 23:10:13 | 000,004,096 | ---- | M] () -- C:\WINDOWS\MKDEWE.TRN
    [2012-12-29 23:08:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012-12-29 23:08:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012-12-29 22:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012-12-29 12:08:00 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\tdsskiller.exe
    [2012-12-29 09:28:18 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Sonos.lnk
    [2012-12-28 09:59:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012-12-27 21:48:46 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012-12-27 21:33:28 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\ircbzr.job
    [2012-12-27 21:27:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012-12-27 20:58:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012-12-27 20:58:29 | 3756,167,168 | -HS- | M] () -- C:\hiberfil.sys
    [2012-12-27 20:45:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012-12-27 20:42:19 | 005,014,125 | R--- | M] (Swearware) -- C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\ComboFix.exe
    [2012-12-27 20:35:13 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
    [2012-12-27 14:32:11 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
    [2012-12-27 11:14:11 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Skrivebord\Sophos Virus Removal Tool.lnk
    [2012-12-27 11:07:59 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2012-12-27 10:45:02 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    [2012-12-27 10:45:02 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    [2012-12-27 10:45:02 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    [2012-12-27 10:45:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2012-12-27 10:45:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2012-12-27 10:11:24 | 000,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012-12-26 16:16:40 | 000,725,622 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012-12-12 16:30:51 | 000,110,592 | RHS- | M] () -- C:\WINDOWS\System32\rpcns4Z.dll
    [2012-12-11 16:25:53 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Skrivebord\Homebanking.url
    [2012-12-10 14:27:38 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Carl-Johan B. Madsen\LAViewer.properties
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-12-28 09:00:49 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012-12-27 21:48:46 | 000,000,378 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012-12-27 20:45:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012-12-27 20:45:54 | 000,260,800 | RHS- | C] () -- C:\cmldr
    [2012-12-27 20:43:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012-12-27 20:43:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012-12-27 20:43:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012-12-27 20:43:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012-12-27 20:43:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012-12-27 14:32:11 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
    [2012-12-27 11:14:11 | 000,002,098 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Skrivebord\Sophos Virus Removal Tool.lnk
    [2012-12-27 11:07:54 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Microsoft Security Essentials.lnk
    [2012-12-26 16:15:41 | 000,725,622 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012-12-26 03:44:07 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2012-12-12 16:30:51 | 000,110,592 | RHS- | C] () -- C:\WINDOWS\System32\rpcns4Z.dll
    [2012-12-12 16:30:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\ircbzr.job
    [2012-10-31 16:30:18 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\V93GE
    [2012-07-10 19:50:12 | 000,572,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\WPFFontCache_v0400-S-1-5-21-517972044-2121963301-3140073391-1006-0.dat
    [2012-06-10 09:34:30 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\R49LW
    [2012-06-09 22:27:09 | 000,250,486 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\WPFFontCache_v0400-System.dat
    [2012-03-06 17:18:13 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\.recently-used.xbel
    [2012-03-06 17:15:10 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\.gtk-bookmarks
    [2011-05-15 15:36:40 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
    [2008-11-15 13:22:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\temp.dat
    [2006-04-12 12:53:11 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006-04-12 12:12:30 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\LAViewer.properties
    [2006-04-10 17:54:25 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\fusioncache.dat

    ========== ZeroAccess Check ==========

    [2004-09-17 16:37:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 17:05:31 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 11:53:27 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 17:05:37 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2007-09-20 15:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
    [2011-07-17 10:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2008-10-25 13:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlazeVideo
    [2009-12-13 12:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
    [2012-12-27 10:16:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011-08-16 14:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
    [2010-06-15 16:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2012-10-31 16:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LaserSoft Imaging
    [2009-01-31 10:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
    [2009-08-22 10:19:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
    [2012-12-27 10:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011-01-27 17:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2012-12-29 09:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonos,_Inc
    [2012-12-27 11:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
    [2009-12-25 15:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Squeezebox
    [2009-12-25 15:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SqueezeCenter
    [2009-10-10 17:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2006-04-21 14:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\AOHackers
    [2011-07-17 10:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Babylon
    [2012-10-31 16:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Canon
    [2006-07-03 12:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Cryptomathic
    [2007-02-22 21:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\FileOpen
    [2008-08-20 20:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\FTW
    [2012-03-06 17:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\gtk-2.0
    [2012-10-31 16:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Lasersoft Imaging
    [2006-06-17 17:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Leadertech
    [2008-02-27 19:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Mappen Share-to-Web-overførsel
    [2010-06-15 16:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Nokia
    [2011-01-27 17:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\PC Suite
    [2010-01-26 19:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\pdfforge
    [2011-03-02 19:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Registry Mechanic
    [2011-08-28 09:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Search Settings
    [2012-03-27 17:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\TeamViewer
    [2012-12-26 16:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\TestApp
    [2008-05-05 09:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Uniblue
    [2011-06-13 21:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Windows Desktop Search
    [2009-04-11 16:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Windows Search

    ========== Purity Check ==========


    < End of report >
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)



    Hitman Pro

    Please download Hitman Pro

    • After the download completes please double click the program to run it.
    • Accept the terms of the license agreement and click Next
    • Let the scan run. It will not take long
    • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
    • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
    • Upload log.xml here for review please
  12. Carolus

    Carolus Newcomer, in training Topic Starter

    The OTL report:

    All processes killed
    ========== OTL ==========
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP-konfiguration
    DNS Resolver Cache blev tømt.
    C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\cmd.bat deleted successfully.
    C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Carl-Johan B. Madsen
    ->Temp folder emptied: 34415033 bytes
    ->Temporary Internet Files folder emptied: 59867164 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1022 bytes

    User: CARL-J~1~MAD

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Ejer

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 65670 bytes

    User: NetworkService
    ->Temp folder emptied: 17832 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2660 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 76030 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 90,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01012013_125046
    Files\Folders moved on Reboot...
    C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\U6A18NNQ\ads[7].htm moved successfully.
    C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\U6A18NNQ\google-search-hijacked[1].htm moved successfully.
    C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C16NCUDC\zrt_lookup[1].html moved successfully.
    C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
    The HIT man report:

    All processes killed
    ========== OTL ==========
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP-konfiguration
    DNS Resolver Cache blev tømt.
    C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\cmd.bat deleted successfully.
    C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Carl-Johan B. Madsen
    ->Temp folder emptied: 34415033 bytes
    ->Temporary Internet Files folder emptied: 59867164 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1022 bytes

    User: CARL-J~1~MAD

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Ejer

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 65670 bytes

    User: NetworkService
    ->Temp folder emptied: 17832 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2660 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 76030 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 90,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01012013_125046
    Files\Folders moved on Reboot...
    C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\U6A18NNQ\ads[7].htm moved successfully.
    C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\U6A18NNQ\google-search-hijacked[1].htm moved successfully.
    C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C16NCUDC\zrt_lookup[1].html moved successfully.
    C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
    At the moment I can't start windows Defender and Microsoft Security Essential.
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How did Hitman Pro go?
     
  14. Carolus

    Carolus Newcomer, in training Topic Starter

    Sorry New year :)

    And happy new year to you.

    Is my computer still very hard indfected?
    Are other computeres in my network in danger?
    Is it only files connected to internet browsing there are infected or will all files on my computer be in danger?

    Hitman Scan

    Code:
    HitmanPro 3.7.0.185
    [URL='http://www.hitmanpro.com']www.hitmanpro.com[/URL]
       Computer name . . . . : FUSSINGB-CJBM1
       Windows . . . . . . . : 5.1.3.2600.X86/2
       User name . . . . . . : FUSSINGB-CJBM1\Carl-Johan B. Madsen
       License . . . . . . . : Trial (30 days left)
       Scan date . . . . . . : 2013-01-01 13:01:01
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 6m 6s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : Yes
       Threats . . . . . . . : 1
       Traces  . . . . . . . : 84
       Objects scanned . . . : 952.266
       Files scanned . . . . : 18.723
       Remnants scanned  . . : 267.091 files / 666.452 keys
    Malware _____________________________________________________________________
       C:\WINDOWS\system32\rpcns4Z.dll -> Quarantined
          Size . . . . . . . : 110.592 bytes
          Age  . . . . . . . : 19.9 days (2012-12-12 16:30:51)
          Entropy  . . . . . : 5.6
          SHA-256  . . . . . : BC2C0FD79E786B6410E6216C4EC83835F918EDB4ECF1636B0ACDFA72C1DFE0F6
        > G Data . . . . . . : Gen:Variant.Kazy.127770 (Engine A)
          Fuzzy  . . . . . . : 116.0
          Startup
             C:\WINDOWS\Tasks\ircbzr.job
    
    Potential Unwanted Programs _________________________________________________
       C:\Documents and Settings\All Users\Application Data\Babylon\ (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Babylon\ (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Babylon\log_file.txt (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\ (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\ (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\bab025.cbid20.dat (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\bab027.Ttype010611_def.dat (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\bab065.engset.dat (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\bab091.norecovericon.dat (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\bab094.band.dat (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\Babylon.dat (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\ (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\cmbx.png (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\common.js (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\eula.html (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\lngs.png (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page1.css (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page1.html (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page1.js (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page1Lrg.css (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page2.css (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page2.html (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page2.js (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page2Lrg.css (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\page9.html (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\pBar.gif (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\title1.png (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\title2.png (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\toolBar.jpg (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\HtmlScreens\vIcn.png (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\Setup-client-x-9.0.3.9.zpb (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\Setup-tbmntr-9.0.3.9.zpb (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\Setup-tc-9.0.3.9.zpb (Babylon)
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\Setup.exe (Babylon)
          Size . . . . . . . : 1.778.288 bytes
          Age  . . . . . . . : 534.1 days (2011-07-17 10:07:19)
          Entropy  . . . . . : 5.8
          SHA-256  . . . . . : 21FDE76D4F10B7E5060461015B77F63F6C087384D93E326079587F16B47A367A
          Product  . . . . . : Setup Module
          Publisher  . . . . : Babylon Ltd.
          Description  . . . : Setup Application
          Version  . . . . . : 9.0.3.9
          Copyright  . . . . : Copyright © Babylon Ltd. 1997-2011
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -7.0
       C:\Documents and Settings\Carl-Johan B. Madsen\Lokale indstillinger\Application Data\Babylon\Setup\SetupStrings.dat (Babylon)
    Cookies _____________________________________________________________________
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\0ZU3F4JG.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\1N6V9280.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\22QG1Z1A.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\2WKTRQ59.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\3HKWXRIT.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\4EP6VF87.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\565XJSVP.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\60UT7QP3.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\6LV13C0H.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\73PMLINZ.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\8TGQII6V.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\9Y5PUCC3.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\BA0ZCGF3.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\carl-johan_b._madsen@agilent.112.2o7[3].txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\CB8W0KKJ.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\DTVV99U1.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\E0EJ602Z.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\E7SNQQJN.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\EVXQFDB3.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\H7S0P7T1.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\HDF7DEND.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\HJ8XEA6J.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\I7OO3UEQ.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\J9X3VX1D.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\JCOK0A76.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\LBUW4UTR.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\LQGR1EY3.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\M8B371MA.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\M8IF8X89.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\MPR9K3ZP.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\NBEXCXRX.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\P7SAZ3K1.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\QE0UBX6E.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\R2W7RUG6.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\R3AUJ09G.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\RVBXAA1G.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\STDXE7OX.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\T2Z6QEV6.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\U6NJL4UH.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\UCQVW6UE.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\UN9I91GH.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\UTZ0872P.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\X2W6GS6B.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\XF66FWTO.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\XXXUESXD.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\Y0PGRN3J.txt
       C:\Documents and Settings\Carl-Johan B. Madsen\Cookies\ZMAMVI9V.txt
    
    
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Not too bad. Shouldn't be a problem for the other computers, just monitor them closely.

    Let's do the following to finish up the removal process...

    Kaspersky Virus Removal Tool

    The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

    Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

    • Double-click the Setup file to install it on your computer.
    • Once it has installed, review and accept the agreement and press the Start button.
    • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
      [​IMG]
    • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
      [​IMG]
    • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
      [​IMG]
    • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
    • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
      [​IMG]
    • Then, choose Save. Also, in the Automatic Report tab, select Save:
      [​IMG]
    • Please post the reports in your next reply.
    • Once you exit, the tool should uninstall automatically.


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
  16. Carolus

    Carolus Newcomer, in training Topic Starter

    The Scan report from kaspersky, but there is a problem. While removing Threads the program blocked the computer so I didn't got the chance to save results. There was som kind of trojan Horse found, but a second scan found nothing. I couldn't save the new report. The report from Kaspersky is Zipped, se below.

    I hope we are at the end of the road now :)

    # AdwCleaner v2.104 - Logfil lavet d. 02/01/2013 kl. 16:49:13
    # Opdateret d. 29/12/2012 af Xplode
    # Operativ system : Microsoft Windows XP Service Pack 3 (32 bits)
    # Bruger : Carl-Johan B. Madsen - FUSSINGB-CJBM1
    # Boot Mode : Normal
    # Kører fra : C:\Documents and Settings\Carl-Johan B. Madsen\Dokumenter\adwcleaner.exe
    # Indstilling [Slet]

    ***** [Servicer] *****

    ***** [Filer / Mapper] *****
    Mapper Slettet : C:\Documents and Settings\All Users\Application Data\Babylon
    Mapper Slettet : C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Babylon
    Mapper Slettet : C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\pdfforge
    Mapper Slettet : C:\Documents and Settings\Carl-Johan B. Madsen\Application Data\Search Settings
    Mapper Slettet : C:\Programmer\Application Updater
    Mapper Slettet : C:\Programmer\Fælles filer\spigot
    Mapper Slettet : C:\Programmer\pdfforge Toolbar
    ***** [Registeret] *****
    Nøgle Slettet : HKCU\Software\Conduit
    Nøgle Slettet : HKLM\Software\Application Updater
    Nøgle Slettet : HKLM\Software\Conduit
    Nøgle Slettet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
    Nøgle Slettet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
    Nøgle Slettet : HKLM\Software\pdfforge
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    [OK] Registeret er rent.
    *************************
    AdwCleaner[S1].txt - [1512 octets] - [02/01/2013 16:49:13]
    ########## EOF - C:\AdwCleaner[S1].txt - [1572 octets] ##########
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.3.2 (12.29.2012:3)
    OS: Microsoft Windows XP x86
    Ran by Carl-Johan B. Madsen on 02-01-2013 at 17:00:31,76
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys
    Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}

    ~~~ Files

    ~~~ Folders


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 02-01-2013 at 17:06:51,67
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Attached Files:

  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE

    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  18. Carolus

    Carolus Newcomer, in training Topic Starter

    Here is the result from Security Check:

    Results of screen317's Security Check version 0.99.56
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Sophos Virus Removal Tool
    Microsoft Security Essentials
    `````````Anti-malware/Other Utilities Check:`````````
    Windows Defender
    McAfee SiteAdvisor
    Secunia PSI (2.0.0.3003)
    CCleaner
    Java(TM) 6 Update 37
    Java 7 Update 9
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Google Chrome 8.0.552.237
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C::
    ````````````````````End of Log``````````````````````

    If this is the end, I will say thank for you help an patients with me.
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Topic marked solved.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.