Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BU_.exe, AU_.exe, unwise.exe, qpgiqmsi1.exe and much more


  • This topic is locked This topic is locked
17 replies to this topic

#1 Kim Andersen

Kim Andersen

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 24 January 2010 - 05:37 AM

Hi,

I am very infected with all sorts of strange stuff - BU_.exe, AU_.exe, unwise.exe, qpgiqmsi1.exe to start with.
I have windows vista as operating system.

I wasn't able to run the dds even though I disabled the script blocking in Kaspersky - I just got a notpad, crypted page saying "this program can not be run in DOS mode"
Root Repeal don't seem to be able to finsih scanning either - i get an empty popup with no text on it and if I press the x on it the whole program shuts down.

Kaspersky sais that I have 10 Viruses, 36 Trojans and 18 malware - I dont know if I have done the report right as when I try to save the latest scan it just says "Quick Scan: completed 24/01/2010 11:30:09 (events: 2, objects: 5355, time: 00:01:18)." But I know there are other things on there.

The only other thing I can give you, is the Hijack This log- but hope you can start from there. I am very grateful for some help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:20:40, on 23/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Sofie\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Windows\system32\igfxsrvc.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Sofie\Desktop\SocialSubmitter_2.1.exe
C:\Users\Sofie\Desktop\SocialSubmitter_2.1.exe
C:\Users\Sofie\Desktop\SocialSubmitter_2.1.exe
C:\Users\Sofie\Desktop\SocialSubmitter_2.1.exe
C:\Users\Sofie\Desktop\SocialSubmitter_2.1.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sofie\AppData\Local\Temp\~nsu.tmp\Bu_.exe
C:\Users\Sofie\Desktop\RootRepeal.exe
C:\Users\Sofie\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Thirty Day Challenge Toolbar - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Thirty Day Challenge Toolbar - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Thirty Day Challenge Toolbar - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll
O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "c:\dell\dsca.exe" 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [uvuucjk] c:\users\sofie\appdata\local\uvuucjk.exe uvuucjk
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ogmma] c:\users\sofie\appdata\local\ogmma.exe ogmma
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sofie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Kalendra EmbeddedWB 14.52; SLCC1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.stumpygames.com/files/rapunzelsescape.dir"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Sofie\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Sofie\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c91cb9f61fcc3) (gupdate1c91cb9f61fcc3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13655 bytes

Thank you very much








BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 29 January 2010 - 07:18 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

Do you still require help?

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 01 February 2010 - 12:43 PM

Hello.

Are you still there? Do you still require help?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 03 February 2010 - 03:45 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 10 February 2010 - 03:29 PM

Re-opened upon user's request.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Kim Andersen

Kim Andersen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 11 February 2010 - 08:30 AM

Hi,

Thanks for re-opening my thread.

I tried installing and running both the DDS and Rootrepeal but as I said in my first post
QUOTE
I wasn't able to run the dds even though I disabled the script blocking in Kaspersky - I just got a notpad, crypted page saying "this program can not be run in DOS mode"
Root Repeal don't seem to be able to finsih scanning either - i get an empty popup with no text on it and if I press the x on it the whole program shuts down.


So how do I proceed?

Kim

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 12 February 2010 - 04:11 PM

Hello.

Try running OTL instead.

Download and run OTL
  1. Download OTL by OldTimer and save it to your desktop.
  2. Double click on the icon on your desktop. If you are using Vista, please right-click and select run as administrator
  3. Click the "Scan All Users" checkbox.
  4. Push the button.
  5. It will now begin to scan, please be paitent while it scans.
  6. Two reports will open once it's done.
  7. Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized




Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Kim Andersen

Kim Andersen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 13 February 2010 - 06:30 PM

Ok so here follows:


OTL logfile created on: 14/02/2010 00:21:40 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Sofie\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
7.00 Gb Paging File | 4.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 80.48 Gb Free Space | 36.13% Space Free | Partition Type: NTFS
Drive D: | 232.83 Gb Total Space | 198.13 Gb Free Space | 85.10% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.64 Gb Free Space | 66.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOFIE-PC
Current User Name: Sofie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/14 00:20:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Sofie\Desktop\OTL.exe
PRC - [2010/01/31 17:07:45 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/01/02 07:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/12/02 19:08:47 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/12/02 18:34:04 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/03 01:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/09/21 07:59:39 | 000,939,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 12:43:42 | 000,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/01/13 15:58:24 | 002,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2009/01/08 07:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/11 10:14:24 | 007,779,640 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock\flock.exe
PRC - [2008/12/01 23:58:10 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/10/31 22:41:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/10/20 09:11:42 | 044,814,336 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
PRC - [2007/08/07 01:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/05/28 10:51:46 | 000,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/05/14 10:03:20 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/10/03 11:39:58 | 000,512,000 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/10/03 11:35:42 | 000,221,184 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/09/29 09:57:36 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2006/09/29 09:57:30 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2006/06/27 16:21:14 | 001,449,984 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2006/06/09 10:37:18 | 000,471,552 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2006/06/05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010/02/14 00:20:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Sofie\Desktop\OTL.exe
MOD - [2008/01/19 08:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/02 19:08:47 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/25 12:43:42 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/27 11:32:16 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/02 15:51:04 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/22 14:42:24 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c91cb9f61fcc3) Google Update Service (gupdate1c91cb9f61fcc3)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/31 22:41:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/28 10:51:46 | 000,557,056 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/14 13:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/06/05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/10 13:55:37 | 000,224,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/02/10 13:55:37 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/07/21 17:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/07/09 17:28:26 | 000,020,496 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2008/03/13 18:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2008/01/19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/03 09:21:01 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/10/03 09:21:01 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/10/03 09:21:01 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/08/07 01:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/05/28 10:51:48 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/05/21 12:35:14 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/05/14 10:08:48 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/05/14 10:03:22 | 001,773,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/10 11:02:48 | 001,746,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/03/12 09:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/11 04:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/11 04:43:49 | 000,487,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/24 02:00:00 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/05/29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/05/29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/05/29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/11/24 12:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 30 02 45 14 A8 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mystart.com?pr=oovoo2_0"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.32.0
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.15.14
FF - prefs.js..extensions.enabledItems: {7C9AE782-DB21-4e40-81FB-AD8A53A6233A}:1.83
FF - prefs.js..extensions.enabledItems: {99E00A4C-D35E-11DD-BA95-9B6A56D89593}:2.0
FF - prefs.js..keyword.URL: "http://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/12/02 19:39:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins [2009/12/10 08:27:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components [2009/11/29 14:06:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/03 03:23:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/29 09:50:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2008/08/14 13:57:58 | 000,000,000 | ---D | M]

[2009/05/17 16:16:03 | 000,000,000 | ---D | M] -- C:\Users\Sofie\AppData\Roaming\Mozilla\Extensions
[2009/05/17 16:16:03 | 000,000,000 | ---D | M] -- C:\Users\Sofie\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/09/25 21:30:30 | 000,000,000 | ---D | M] -- C:\Users\Sofie\AppData\Roaming\Mozilla\Firefox\Profiles\j4rncm17.default\extensions
[2008/09/28 17:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sofie\AppData\Roaming\Mozilla\Firefox\Profiles\j4rncm17.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2009/04/27 14:38:30 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Users\Sofie\AppData\Roaming\Mozilla\Firefox\Profiles\j4rncm17.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
[2009/09/05 09:54:00 | 000,000,000 | ---D | M] (ooVoo Toolbar) -- C:\Users\Sofie\AppData\Roaming\Mozilla\Firefox\Profiles\j4rncm17.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}
[2008/07/15 15:16:50 | 000,001,620 | ---- | M] () -- C:\Users\Sofie\AppData\Roaming\Mozilla\Firefox\Profiles\j4rncm17.default\searchplugins\mozilla-add-ons.xml
[2008/12/01 23:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/03/12 21:34:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Thirty Day Challenge Toolbar) - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Thirty Day Challenge Toolbar) - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Thirty Day Challenge Toolbar) - {7104EC46-5DFB-4609-84F0-915970E383D7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PrevxCSI] C:\Program Files\PrevxCSI\prevxcsi.exe File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Google Update] C:\Users\Sofie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ogmma] c:\users\sofie\appdata\local\ogmma.exe File not found
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [uvuucjk] c:\users\sofie\appdata\local\uvuucjk.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Sofie\Pictures\22.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sofie\Pictures\22.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/14 00:20:26 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Sofie\Desktop\OTL.exe
[2010/02/11 21:02:46 | 004,575,004 | ---- | C] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.2(3).exe
[2010/02/10 20:44:30 | 004,575,004 | ---- | C] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.2(2).exe
[2010/02/10 05:00:07 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 05:00:07 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 04:59:38 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 04:59:38 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 04:59:38 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 04:59:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/02/10 04:59:37 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/05 20:33:15 | 004,575,004 | ---- | C] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.2.exe
[2010/02/01 09:35:03 | 004,331,294 | ---- | C] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.1(5).exe
[2010/02/01 09:34:34 | 004,331,294 | ---- | C] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.1(4).exe
[2010/01/29 10:35:40 | 004,331,294 | ---- | C] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.1(3).exe
[2010/01/27 10:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/01/26 23:49:34 | 004,331,294 | ---- | C] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.1(2).exe
[2010/01/25 20:34:47 | 004,331,294 | ---- | C] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.1.exe
[2010/01/25 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\Sofie\AppData\Local\SocialSubmitter2
[2010/01/25 20:33:48 | 000,000,000 | ---D | C] -- C:\Users\Sofie\AppData\Local\SeoDevGroup
[2010/01/25 20:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\SocialSubmitter2
[2010/01/23 00:06:46 | 000,472,064 | ---- | C] ( ) -- C:\Users\Sofie\Desktop\RootRepeal.exe
[2010/01/22 21:19:03 | 004,213,022 | ---- | C] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.exe
[2010/01/22 08:22:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/22 08:22:11 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/22 08:22:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 08:22:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 08:22:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/22 08:22:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/22 08:22:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/22 08:22:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/22 08:22:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/22 08:22:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/22 08:22:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/22 08:22:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/22 08:22:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/22 08:22:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

========== Files - Modified Within 30 Days ==========

[2010/02/14 00:24:22 | 006,815,744 | -HS- | M] () -- C:\Users\Sofie\ntuser.dat
[2010/02/14 00:20:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Sofie\Desktop\OTL.exe
[2010/02/14 00:19:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3C10A0AD-6996-44BE-81B5-B3A76B264B85}.job
[2010/02/14 00:06:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1329701823-2676636046-186486880-1000UA.job
[2010/02/13 23:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/13 23:22:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/13 23:22:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/13 23:06:00 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1329701823-2676636046-186486880-1000Core.job
[2010/02/13 18:39:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/13 14:42:41 | 000,134,656 | ---- | M] () -- C:\Users\Sofie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/13 10:44:28 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AD321812-7917-4A0E-BC70-E6EF2865FF96}.job
[2010/02/12 16:51:16 | 000,031,085 | ---- | M] () -- C:\Users\Sofie\Desktop\Swedbank_AB_(publ)_Årsbesked_09-12-31.pdf
[2010/02/12 07:27:09 | 000,038,743 | ---- | M] () -- C:\Users\Sofie\Desktop\JEQUE.PDF
[2010/02/11 21:03:43 | 004,575,004 | ---- | M] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.2(3).exe
[2010/02/11 17:26:16 | 000,145,481 | ---- | M] () -- C:\Users\Sofie\Desktop\jaca4.jpg
[2010/02/11 17:25:26 | 000,109,305 | ---- | M] () -- C:\Users\Sofie\Desktop\jaca0.jpg
[2010/02/11 17:16:01 | 000,053,269 | ---- | M] () -- C:\Users\Sofie\Desktop\jaca3.jpg
[2010/02/11 17:15:48 | 000,071,657 | ---- | M] () -- C:\Users\Sofie\Desktop\jaca2.0.jpg
[2010/02/11 17:15:37 | 000,034,932 | ---- | M] () -- C:\Users\Sofie\Desktop\jaca.jpg
[2010/02/11 03:29:39 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/11 03:29:39 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/11 03:29:39 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/11 03:26:14 | 000,524,288 | -HS- | M] () -- C:\Users\Sofie\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/02/11 03:26:14 | 000,065,536 | -HS- | M] () -- C:\Users\Sofie\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/02/11 03:23:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/11 03:22:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/11 03:21:14 | 007,942,176 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/02/11 03:21:14 | 001,507,360 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2010/02/11 03:21:14 | 000,065,224 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/02/11 03:21:14 | 000,008,328 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2010/02/11 03:20:33 | 002,266,121 | -H-- | M] () -- C:\Users\Sofie\AppData\Local\IconCache.db
[2010/02/10 15:30:40 | 004,575,004 | ---- | M] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.2(2).exe
[2010/02/08 12:50:59 | 000,461,789 | ---- | M] () -- C:\Users\Sofie\AppData\Roaming\NMM-MetaData.db
[2010/02/06 18:47:52 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/06 16:07:56 | 000,109,915 | ---- | M] () -- C:\Users\Sofie\Desktop\Caballero.jpg
[2010/02/05 20:34:22 | 004,575,004 | ---- | M] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.2.exe
[2010/02/05 07:27:44 | 000,137,840 | ---- | M] () -- C:\Users\Sofie\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/05 07:25:09 | 001,808,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/01 09:35:02 | 004,331,294 | ---- | M] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.1(5).exe
[2010/02/01 09:34:33 | 004,331,294 | ---- | M] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.1(4).exe
[2010/01/30 21:02:11 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/29 10:37:00 | 004,331,294 | ---- | M] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.1(3).exe
[2010/01/27 10:43:11 | 000,020,480 | ---- | M] () -- C:\Users\Sofie\Documents\andalusian horses 2.msam
[2010/01/27 10:41:43 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/01/27 10:40:33 | 002,561,494 | ---- | M] () -- C:\Users\Sofie\Desktop\MarketSamurai.0.85.27.air
[2010/01/27 10:33:13 | 015,849,968 | ---- | M] () -- C:\Users\Sofie\Desktop\AdobeAIRInstaller.exe
[2010/01/26 23:46:24 | 004,331,294 | ---- | M] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.1(2).exe
[2010/01/26 13:13:32 | 001,183,155 | ---- | M] () -- C:\Users\Sofie\Desktop\anstallningsbevis.pdf
[2010/01/26 12:02:17 | 000,128,770 | ---- | M] () -- C:\Users\Sofie\Desktop\Faktura-7008(2).pdf
[2010/01/25 20:35:26 | 004,331,294 | ---- | M] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.1.exe
[2010/01/25 20:24:07 | 000,050,775 | ---- | M] () -- C:\Users\Sofie\Desktop\Shellrunas.zip
[2010/01/23 15:09:37 | 000,000,331 | ---- | M] () -- C:\Windows\win.ini
[2010/01/23 00:09:52 | 000,000,000 | ---- | M] () -- C:\Users\Sofie\Desktop\settings.dat
[2010/01/23 00:07:08 | 000,472,064 | ---- | M] ( ) -- C:\Users\Sofie\Desktop\RootRepeal.exe
[2010/01/23 00:02:37 | 000,524,288 | ---- | M] () -- C:\Users\Sofie\Desktop\dds.scr
[2010/01/22 21:19:44 | 004,213,022 | ---- | M] (SeoDevGroup ) -- C:\Users\Sofie\Desktop\SocialSubmitter_2.1.exe
[2010/01/22 17:38:47 | 000,003,022 | ---- | M] () -- C:\Users\Sofie\Desktop\WLMContacts.csv
[2010/01/22 12:02:42 | 003,844,410 | ---- | M] () -- C:\Users\Sofie\Desktop\January_number_one_59870hypoim0987(2).zip
[2010/01/22 11:44:37 | 003,844,410 | ---- | M] () -- C:\Users\Sofie\Desktop\January_number_one_59870hypoim0987.zip
[2010/01/22 10:24:22 | 000,571,329 | ---- | M] () -- C:\Users\Sofie\Desktop\ida.jpg
[2010/01/21 18:58:52 | 000,010,110 | ---- | M] () -- C:\Users\Sofie\AppData\Roaming\wklnhst.dat
[2010/01/21 15:53:15 | 000,128,770 | ---- | M] () -- C:\Users\Sofie\Desktop\Faktura-7008.pdf
[2010/01/20 20:31:39 | 000,043,684 | ---- | M] () -- C:\Users\Sofie\Desktop\25269593_23ab397001.jpg
[2010/01/19 17:33:41 | 000,163,014 | ---- | M] () -- C:\Users\Sofie\Desktop\text2.jpg
[2010/01/19 17:25:07 | 000,125,662 | ---- | M] () -- C:\Users\Sofie\Desktop\text.jpg
[2010/01/18 18:06:59 | 000,142,098 | ---- | M] () -- C:\Users\Sofie\Desktop\sofie.jpg
[2010/01/18 08:51:42 | 000,047,308 | ---- | M] () -- C:\Users\Sofie\Desktop\8762, Ann-Sofie Lyrefelt(2).pdf
[2010/01/17 21:38:56 | 000,137,744 | ---- | M] () -- C:\Users\Sofie\Desktop\blueguess(2).zip
[2010/01/16 20:12:35 | 000,137,744 | ---- | M] () -- C:\Users\Sofie\Desktop\blueguess.zip

========== Files Created - No Company Name ==========

[2010/02/12 16:51:16 | 000,031,085 | ---- | C] () -- C:\Users\Sofie\Desktop\Swedbank_AB_(publ)_Årsbesked_09-12-31.pdf
[2010/02/12 07:27:09 | 000,038,743 | ---- | C] () -- C:\Users\Sofie\Desktop\JEQUE.PDF
[2010/02/11 17:26:01 | 000,145,481 | ---- | C] () -- C:\Users\Sofie\Desktop\jaca4.jpg
[2010/02/11 17:25:18 | 000,109,305 | ---- | C] () -- C:\Users\Sofie\Desktop\jaca0.jpg
[2010/02/11 17:15:56 | 000,053,269 | ---- | C] () -- C:\Users\Sofie\Desktop\jaca3.jpg
[2010/02/11 17:15:39 | 000,071,657 | ---- | C] () -- C:\Users\Sofie\Desktop\jaca2.0.jpg
[2010/02/06 18:47:52 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/06 16:07:53 | 000,109,915 | ---- | C] () -- C:\Users\Sofie\Desktop\Caballero.jpg
[2010/01/27 10:42:42 | 000,020,480 | ---- | C] () -- C:\Users\Sofie\Documents\andalusian horses 2.msam
[2010/01/27 10:41:43 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/01/27 10:39:02 | 002,561,494 | ---- | C] () -- C:\Users\Sofie\Desktop\MarketSamurai.0.85.27.air
[2010/01/27 10:28:45 | 015,849,968 | ---- | C] () -- C:\Users\Sofie\Desktop\AdobeAIRInstaller.exe
[2010/01/26 13:13:32 | 001,183,155 | ---- | C] () -- C:\Users\Sofie\Desktop\anstallningsbevis.pdf
[2010/01/26 12:02:16 | 000,128,770 | ---- | C] () -- C:\Users\Sofie\Desktop\Faktura-7008(2).pdf
[2010/01/25 20:24:09 | 000,050,775 | ---- | C] () -- C:\Users\Sofie\Desktop\Shellrunas.zip
[2010/01/23 00:09:52 | 000,000,000 | ---- | C] () -- C:\Users\Sofie\Desktop\settings.dat
[2010/01/23 00:02:10 | 000,524,288 | ---- | C] () -- C:\Users\Sofie\Desktop\dds.scr
[2010/01/22 17:38:46 | 000,003,022 | ---- | C] () -- C:\Users\Sofie\Desktop\WLMContacts.csv
[2010/01/22 12:02:48 | 003,844,410 | ---- | C] () -- C:\Users\Sofie\Desktop\January_number_one_59870hypoim0987(2).zip
[2010/01/22 11:43:20 | 003,844,410 | ---- | C] () -- C:\Users\Sofie\Desktop\January_number_one_59870hypoim0987.zip
[2010/01/22 10:24:01 | 000,571,329 | ---- | C] () -- C:\Users\Sofie\Desktop\ida.jpg
[2010/01/21 15:53:15 | 000,128,770 | ---- | C] () -- C:\Users\Sofie\Desktop\Faktura-7008.pdf
[2010/01/20 20:30:49 | 000,043,684 | ---- | C] () -- C:\Users\Sofie\Desktop\25269593_23ab397001.jpg
[2010/01/19 17:33:39 | 000,163,014 | ---- | C] () -- C:\Users\Sofie\Desktop\text2.jpg
[2010/01/19 17:25:05 | 000,125,662 | ---- | C] () -- C:\Users\Sofie\Desktop\text.jpg
[2010/01/18 18:09:46 | 000,034,932 | ---- | C] () -- C:\Users\Sofie\Desktop\jaca.jpg
[2010/01/18 18:06:58 | 000,142,098 | ---- | C] () -- C:\Users\Sofie\Desktop\sofie.jpg
[2010/01/18 08:51:42 | 000,047,308 | ---- | C] () -- C:\Users\Sofie\Desktop\8762, Ann-Sofie Lyrefelt(2).pdf
[2010/01/17 21:38:58 | 000,137,744 | ---- | C] () -- C:\Users\Sofie\Desktop\blueguess(2).zip
[2010/01/16 20:12:37 | 000,137,744 | ---- | C] () -- C:\Users\Sofie\Desktop\blueguess.zip
[2009/08/01 10:25:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/11/24 09:14:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/06/30 17:21:55 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/06/29 20:36:32 | 000,000,092 | ---- | C] () -- C:\Users\Sofie\AppData\Local\uvuucjk.bat
[2008/03/23 20:55:29 | 000,005,009 | ---- | C] () -- C:\ProgramData\ywasvxup.hvs
[2008/03/22 15:00:41 | 000,000,228 | ---- | C] () -- C:\Windows\wininit.ini
[2008/02/06 20:36:01 | 000,461,789 | ---- | C] () -- C:\Users\Sofie\AppData\Roaming\NMM-MetaData.db
[2007/10/31 10:33:45 | 000,007,808 | ---- | C] () -- C:\Users\Sofie\AppData\Local\d3d9caps.dat
[2007/10/20 14:21:39 | 000,001,362 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2007/10/19 08:18:51 | 000,010,110 | ---- | C] () -- C:\Users\Sofie\AppData\Roaming\wklnhst.dat
[2007/10/15 18:14:02 | 000,134,656 | ---- | C] () -- C:\Users\Sofie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/15 18:12:13 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/10/03 09:21:21 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/03 09:21:21 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/03 09:21:21 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2007/10/03 09:21:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/07 00:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/08/08 00:38:16 | 000,036,914 | ---- | C] () -- C:\Windows\System32\m.ini
[2006/07/15 19:32:14 | 000,334,174 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2006/05/02 23:38:24 | 000,000,748 | ---- | C] () -- C:\Windows\SetBrowser.ini
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2004/11/18 09:16:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\nktwab.dll
[2003/04/17 21:37:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2003/04/17 21:36:54 | 000,839,680 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2003/01/08 23:43:06 | 000,491,520 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\Version Cue:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\sofielyrold:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\sofielyr:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\Scanned Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\religion:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\purapasiontest:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\purapasion:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\pilgrimtarja.com:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\My Skype Content:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\lacasaverdecoin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\keep:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\Flash Slideshow Maker Professional:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\Fax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\Downloaded Installations:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\doremicirkus:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\Azureus Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\Artequusorg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\artequus1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\Artequus:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\Antonio salassar:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sofie\Documents\AdobeStockPhotos:Roxio EMC Stream
@Alternate Data Stream - 152 bytes -> C:\Users\Sofie\Documents\landroversale.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Sofie\Documents\köpekontraktfogdarp.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Sofie\Documents\John-Erik_Lindblad.JPG:3or4kl4x13tuuug3Byamue2s4b
< End of report >

OTL Extras logfile created on: 14/02/2010 00:21:40 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Sofie\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
7.00 Gb Paging File | 4.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 80.48 Gb Free Space | 36.13% Space Free | Partition Type: NTFS
Drive D: | 232.83 Gb Total Space | 198.13 Gb Free Space | 85.10% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.64 Gb Free Space | 66.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOFIE-PC
Current User Name: Sofie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C436C6-E0B5-42C0-AF5A-C381C7C0AFE1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{27CD272F-09D8-45F2-A6FB-5B723267D9AC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2861F0A1-38FF-4449-AF23-9C3890BF08A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D4760DD-BB1D-4EE3-914D-79F8315ABA7C}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{3581098A-8F73-4CD9-99C6-C5C3AFC92C84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{492544FE-421A-4F80-9CDC-ACDCBC422B5A}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{4CED406E-2D1E-44C8-9939-13892306B5D0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5109C4E1-9833-4AD0-AA73-802584572494}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{7AAE9975-522B-45A7-8C48-9E617411B029}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B123CF9E-29E1-4D04-9375-A58CA949AB6E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BACAEA6B-92DA-45FA-A1B4-D61B06A1ED68}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C038C206-CA00-41DE-B1E9-E3D54A52CBE4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C546833C-DCBC-47AD-AD91-AAE458EACF68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E707B29C-D69C-4227-B6E4-2A659FDD8578}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ECB454B5-C226-44BF-97E3-F24F1410A3F4}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{FA48289B-84D3-4C34-BD4D-A2ADDFD399A2}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0056E5C6-3F0C-49A1-8463-A0335453A2EB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{08CDBAFF-96B1-4AF3-BE1F-781B5AAD7B42}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{144B50A0-0DA2-4794-9EA5-46BC7D6C78E6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21583645-D0FB-4369-BB50-66497CB524DF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{24DC55AE-3434-4137-80FD-F8BE14D3080E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2AB70EC9-5F31-44C4-9010-5EBE39D3F86E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{2FFE0909-1649-403E-A536-75019DF29F73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30AE6585-9AD4-4D8D-8075-B7F40170524F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3457C930-0457-4FFD-927B-F854E42BEE24}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3A13C1D1-4845-43BF-86DA-D597155AB31B}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{53305A07-12FD-4719-BB49-704A0365E773}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{592C4D11-B334-49C9-A075-904C69BF620D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BF17F86-049F-490A-ADFE-A90ED868F3BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{70ADD17F-33E1-425F-81EF-82E5996119F3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7E61E7DE-39C0-4DD8-ADAD-21B5C360C1F8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{84C956B3-DEEA-4195-A07B-02DDC3399E90}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8A474971-E181-48B9-B0D0-5715B3E03754}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{976AECED-8508-4671-BFD1-3F90FEB26498}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{98A0E00C-700C-4B48-9E79-7A97DFFC60B8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4E5D6FE-97D0-4FE4-A5B9-C85F9F7C5226}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B9C77A85-0F79-469F-AC9A-DDF8D7CF92F3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C13A0B5B-947D-4630-8974-FE07DA36F722}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CAC52EF9-7246-4771-80FC-5E9D2DC20185}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{D98DE058-9D35-4274-9A02-7832EF86C778}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DD428546-0A07-40B7-89C3-708827E28C60}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E604CB0F-5F67-4866-87FF-DEE1A6C15D28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E672CAAD-91B2-40CC-BC9A-75EB4E0D4EC0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FBC50424-954B-497C-A042-283A6742DE23}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{177D6E3B-B7E4-4295-809D-1A120134DDDA}" = SocialSubmitter 2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing
"{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3DB35CA1-085F-4A3A-AA9D-266C94C68576}" = Sverigejakten
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins
"{6E1205BF-25BC-44A5-B10E-34402BFF5D45}" = PHP 5.2.6
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E32C958-FCA5-A93A-5366-72FEF50AD047}" = Market Samurai
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{DB42270E-B4CA-7457-3D2B-E0B46AAEF819}" = twhirl
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FDB41C9F-B15C-427A-BFF8-E0CE425981ED}" = SendBlaster
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Any Video Converter_is1" = Any Video Converter 2.6.2
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Azureus Vuze" = Azureus Vuze
"CAL" = Canon Camera Access Library
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"Digital Physiognomy" = Digital Physiognomy (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"European Geography Tutor" = European Geography Tutor
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.75
"Flock" = Flock 1.2
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.1
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"Kalendra_is1" = Kalendra 2.0.2
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"Personal" = BankID Security Application 4.10.3
"PowerISO" = PowerISO
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"SEOSpyGlass" = SEO SpyGlass
"Thirty_Day_Challenge Toolbar" = Thirty_Day_Challenge Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"uvuucjk" = Favorit
"Venables" = Venables
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
"Google Chrome" = Google Chrome
"usr" = Universal Simlock Remover (remove only)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/02/2010 10:44:53 | Computer Name = Sofie-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 12/02/2010 11:36:02 | Computer Name = Sofie-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 12/02/2010 15:41:03 | Computer Name = Sofie-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 12/02/2010 17:03:35 | Computer Name = Sofie-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 13/02/2010 02:29:43 | Computer Name = Sofie-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 13/02/2010 03:15:27 | Computer Name = Sofie-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 13/02/2010 05:54:24 | Computer Name = Sofie-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 13/02/2010 07:10:51 | Computer Name = Sofie-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 13/02/2010 10:41:22 | Computer Name = Sofie-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 13/02/2010 19:10:08 | Computer Name = Sofie-PC | Source = Windows Search Service | ID = 3083
Description =

[ OSession Events ]
Error - 01/07/2008 16:40:40 | Computer Name = Sofie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/04/2009 07:05:33 | Computer Name = Sofie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 325058
seconds with 13740 seconds of active time. This session ended with a crash.

Error - 09/04/2009 16:53:09 | Computer Name = Sofie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14232
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13/02/2010 15:35:53 | Computer Name = Sofie-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 13/02/2010 15:45:21 | Computer Name = Sofie-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 13/02/2010 15:49:10 | Computer Name = Sofie-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 13/02/2010 15:57:55 | Computer Name = Sofie-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 13/02/2010 16:23:42 | Computer Name = Sofie-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 13/02/2010 16:40:18 | Computer Name = Sofie-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 13/02/2010 17:05:51 | Computer Name = Sofie-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 13/02/2010 17:25:24 | Computer Name = Sofie-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 13/02/2010 17:44:12 | Computer Name = Sofie-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 13/02/2010 19:09:29 | Computer Name = Sofie-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >

Edited by extremeboy, 14 February 2010 - 01:25 PM.
Remove [code] tags


#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 14 February 2010 - 01:28 PM

Can you run a GMER scan for me

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 Kim Andersen

Kim Andersen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 17 February 2010 - 04:32 AM

Hi,

I ran the GMER with some trouble as the computer crashed a few times before I worked out what I had to do. When I clicked "OK" on the rootkit warning it crashed the computer so I had to click the X in the corner and then I was able to save the scan. I am not sure what you meant when you put to unclick Drives/Partitions but I wonder if you meant "files" so I unticked that one. So now I haven't scanned the files in the different drives.

This is what I got:
CODE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-16 21:53:27
Windows 6.0.6001 Service Pack 1
Running: rc3pphq3.exe; Driver: C:\Users\Sofie\AppData\Local\Temp\uglcypod.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01A404A8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]             01A404D2
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 01A404FC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    01A40526
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   01A40550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   01A4057A
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               01A405A4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 01A405CE
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  01A405F8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               01A40622
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]           01A4064C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 01A40676
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  01A406A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 01A406CA
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 01A406F4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                 01A4071E
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA]             01A40748
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                   01A40772
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01A4079C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW]             01A407C6
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                   01A407F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                 01A4081A
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    01A40844
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01A4086E
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  01A40898
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    01A408C2
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                     01A408EC
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  01A40916
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    01A40940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   01A40B38
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 01A40B62
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                   01A40B8C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    01A40BB6
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]                 01A40BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]                 01A40C0A
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]             01A40C34
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]             01A40C5E
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01A40C88
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                   01A40CB2
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01A40D5A
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                01A40D84
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]                01A40DAE
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA]            01A40DD8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  01A40E02
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                01A40E2C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]            01A40E56
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  01A40E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   01A40EAA
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  01A40ED4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  01A40EFE
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            01A40F28
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            01A40F52
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01A40F7C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                01A40FA6
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  01A40FD0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  01B80010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   01B8003A
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                01B80064
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  01B8008E
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW]                  01B800B8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01B800E2
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                    01B8010C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW]              01B80136
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    01B80160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                     01B8018A
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                  01B801B4
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameA]              01B801DE
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01B805CE
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  01B805F8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  01B80622
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]            01B8064C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                01B80676
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                   01B806A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]     01B809E8
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetErrorMode]                  01B80BB6
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetProcAddress]                01B80BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!FreeLibrary]                   01B80C0A
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!LoadLibraryA]                  01B80C34
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01B80C5E
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW]            01B80C88
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]             01A40208
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01A40358
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    01A401DE
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 01A4025C
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                   01A40286
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW]                 01A402DA
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW]             01A40232
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1432] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW]                   01A40304

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                      kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                                      kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                     fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service         C:\Program Files\Flock\C490F560DBFC5580\C490F560DBFC5580 (*** hidden *** )                                                                                   [AUTO] C490F560DBFC5580                                                  <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----


#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 18 February 2010 - 04:54 PM

Hello.

Thanks for that log. Let's start with Combofix and continue from there and see.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 26 February 2010 - 09:50 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 14 March 2010 - 10:25 PM

Re-opened upon user's request.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 Kim Andersen

Kim Andersen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 23 March 2010 - 03:19 AM

Hi,

Thank you very much for reopening the thread. thumbup.gif clapping.gif Here's the Combofix log..


ComboFix 10-03-08.01 - Sofie 08/03/2010 19:43:12.4.2 - x86
Running from: c:\users\Sofie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1329701823-2676636046-186486880-500
c:\$recycle.bin\S-1-5-21-2826133206-2312993737-4083541239-500
c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500
c:\windows\system32\registry080221.reg
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-02 16:12 . 2010-03-02 16:12 -------- d-----w- c:\programdata\McAfee Security Scan
2010-03-02 16:12 . 2010-03-02 16:12 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-24 14:58 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 14:58 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 14:58 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 14:58 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 14:58 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 14:58 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 14:58 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 14:58 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 14:58 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 14:58 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-15 08:59 . 2010-02-15 08:59 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-10 04:00 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 04:00 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 04:00 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 04:00 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 04:00 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 04:00 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 03:59 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 03:59 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 03:59 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 03:59 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 03:59 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 03:59 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 03:59 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 03:59 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 03:59 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-10 03:59 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 03:59 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 18:56 . 2008-08-14 12:57 8440 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-08 18:56 . 2008-08-14 12:57 8067616 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-08 18:56 . 2008-08-14 12:57 66204 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-08 18:56 . 2008-08-14 12:57 1540128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-08 18:31 . 2007-10-15 18:59 -------- d-----w- c:\users\Sofie\AppData\Roaming\Skype
2010-03-08 15:07 . 2008-11-24 08:14 -------- d-----w- c:\users\Sofie\AppData\Roaming\skypePM
2010-03-08 09:12 . 2008-09-25 12:49 -------- d-----w- c:\programdata\Google Updater
2010-03-06 21:28 . 2007-10-15 17:03 138408 ----a-w- c:\users\Sofie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-06 15:42 . 2008-01-14 18:52 -------- d-----w- c:\programdata\Microsoft Help
2010-03-03 08:23 . 2008-08-14 12:57 -------- d-----w- c:\programdata\Kaspersky Lab
2010-03-02 17:30 . 2007-10-26 14:15 -------- d-----w- c:\users\Sofie\AppData\Roaming\uTorrent
2010-03-02 16:12 . 2007-10-03 00:42 -------- d-----w- c:\programdata\McAfee
2010-02-11 02:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-06 17:47 . 2007-10-03 00:47 -------- d-----w- c:\program files\Google
2010-02-01 08:36 . 2010-01-25 19:32 -------- d-----w- c:\program files\SocialSubmitter2
2010-01-31 16:06 . 2010-01-31 16:06 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2370.tmp.exe
2010-01-27 09:41 . 2010-01-27 09:41 -------- d-----w- c:\program files\Market Samurai
2010-01-27 09:38 . 2008-11-25 21:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-27 09:37 . 2010-01-27 09:38 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-27 09:37 . 2008-09-30 08:55 38784 ----a-w- c:\users\Sofie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-22 22:47 . 2008-12-11 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 22:47 . 2009-09-26 21:33 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-21 17:58 . 2007-10-19 07:18 10110 ----a-w- c:\users\Sofie\AppData\Roaming\wklnhst.dat
2010-01-07 15:07 . 2009-09-26 21:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-09-26 21:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 06:38 . 2010-01-22 07:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 07:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 07:49 . 2010-01-01 07:49 20 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0001.dat.drv
2009-12-02 18:08 . 2008-12-15 18:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-10-03 08:21 . 2007-10-03 08:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7104ec46-5dfb-4609-84f0-915970e383d7}"= "c:\program files\Thirty_Day_Challenge\tbThir.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{7104ec46-5dfb-4609-84f0-915970e383d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7104ec46-5dfb-4609-84f0-915970e383d7}]
2008-09-15 04:47 1784856 ----a-w- c:\program files\Thirty_Day_Challenge\tbThir.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-05-08 19:00 86016 ----a-w- c:\program files\oovootb\oovoodx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7104ec46-5dfb-4609-84f0-915970e383d7}"= "c:\program files\Thirty_Day_Challenge\tbThir.dll" [2008-09-15 1784856]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-05-08 86016]

[HKEY_CLASSES_ROOT\clsid\{7104ec46-5dfb-4609-84f0-915970e383d7}]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7104EC46-5DFB-4609-84F0-915970E383D7}"= "c:\program files\Thirty_Day_Challenge\tbThir.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{7104ec46-5dfb-4609-84f0-915970e383d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Google Update"="c:\users\Sofie\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-19 133104]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-14 4452352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-02 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-10 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-24 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-10 138008]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID Security Application.lnk - c:\program files\Personal\bin\Personal.exe [2009-9-21 939920]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 C490F560DBFC5580;C490F560DBFC5580;c:\program files\Flock\C490F560DBFC5580\C490F560DBFC5580 [x]
R2 gupdate1c91cb9f61fcc3;Google Update Service (gupdate1c91cb9f61fcc3);c:\program files\Google\Update\GoogleUpdate.exe [2008-09-22 133104]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-02 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-10 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-22 13:42]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-22 13:42]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1329701823-2676636046-186486880-1000Core.job
- c:\users\Sofie\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-17 22:32]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1329701823-2676636046-186486880-1000UA.job
- c:\users\Sofie\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-17 22:32]

2010-03-08 c:\windows\Tasks\User_Feed_Synchronization-{3C10A0AD-6996-44BE-81B5-B3A76B264B85}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]

2010-03-08 c:\windows\Tasks\User_Feed_Synchronization-{AD321812-7917-4A0E-BC70-E6EF2865FF96}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Sofie\AppData\Roaming\Mozilla\Firefox\Profiles\j4rncm17.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com?pr=oovoo2_0
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Personal\bin\np_prsnl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PrevxCSI - c:\program files\PrevxCSI\prevxcsi.exe
HKU-Default-RunOnce-DelayShred - c:\progra~1\mcafee\mshr\ShrCL.EXE
ActiveSetup-ccc-core-static - msiexec



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\C490F560DBFC5580]
"ImagePath"="\??\c:\program files\Flock\C490F560DBFC5580\C490F560DBFC5580"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\{80931a9f5e5146ffebc38bc8d3faec28}*jopa]
"00"="b4IhcQysowWx8Ao3ujLxAFf7L8NijUN5JQ0BCaqXWSS0GH4dNQ9TAbZs3QzUTTS5rHGHuwandYm4Hcbc67S87A=="

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(952)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Completion time: 2010-03-08 20:07:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-08 19:07
ComboFix2.txt 2008-03-14 20:08

Pre-Run: 85,826,613,248 bytes free
Post-Run: 85,680,230,400 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=87 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87
- - End Of File - - 19BEE7C786C64DCD1C6044A16207EF63

Edited by extremeboy, 23 March 2010 - 03:26 PM.
Remove code tags


#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 23 March 2010 - 03:29 PM

Hello.

Looking better, however just to let you know...

Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you wish to continue, please follow the instructions below please...

There's still a few things we need to do. However, I would like another GMER scan please. Refer to Post #9, however this time please make sure that the Registry section is CHECKED. Once the scan is done, attach the log file for my review.

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Post back with the:
-GMER log
-Malwarebytes log

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users