Free Malware Removal Forum

by **Tummelumsen** » August 17th, 2010, 3:30 pm

Hello
I have been running GMER and found GDIPlus IAT rootkit infection. Could anybody help me removing the rootkit ?

Best regards
Tummelumsen

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:52:46, on 17-08-2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\WINDOWS\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WC3 Quickstarter\WC3 Quickstarter.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [wc3quickstarter] C:\Program Files\WC3 Quickstarter\WC3 Quickstarter.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{090F4920-2675-4F5F-85E4-875D0E41A74E}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\AstSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: QuestDns Service - Unknown owner - C:\ProgramData\QuestDns\questdns111.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9333 bytes

Content of Uninstall_list.txt
---------------------------------
32 Bit HP CIO Components Installer
3DVIA Player 4.1
AC3Filter (remove only)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2 - Dansk
Adobe Shockwave Player 11
Age of Empires III
Age of Mythology
Age of Mythology - The Titans Expansion
ANIWZCS2 Service
Any Audio Converter 1.1.0
Any Video Converter 2.6.3
Any Video-Audio Converter 5.6
Apple Application Support
Apple Software Update
Audacity 1.2.6
AVG Free 8.5
Battlecraft 1942
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2(TM)
Battlefield 2: Special Forces
CCleaner
Command & Conquer Tiberian Sun
Defraggler
Diablo II
D-Link Wireless N DWA-140
Express Burn
Free Audio CD Burner version 1.3
Garry's Mod
GIMP 2.6.6
Google Chrome
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HD Tune 2.55
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 10.0
HP Easy Setup - Frontend
HP Imaging Device Functions 10.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Smart Web Printing
HP Solution Center 10.0
HP Update
Intel(R) PRO Network Connections Drivers
Intel® Viiv™ software
Java(TM) 6 Update 10
Java(TM) SE Runtime Environment 6 Update 1
Left 4 Dead
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
LEGO Digital Designer
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
muvee autoProducer 6.0
Nokia Connectivity Cable Driver
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
Opdatering til Microsoft Office Excel 2007 Help (KB963678)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669)
Opdatering til Microsoft Office Word 2007 Help (KB963665)
Pixeline
Politikens Nudansk Ordbog med etymologi
Portal
PunkBuster for Battlefield 1942
Python 2.5
Quake 3 Arena Demo
Realtek High Definition Audio Driver
Rise of Nations
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister
RollerCoaster Tycoon 2: Wacky Worlds
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Serif MoviePlus X3
Skype™ 4.2
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
Spybot - Search & Destroy
Steam
Switch Sound File Converter
The Sims 2
The Sims™ 2 Seasons
The Sims™ 3
TI-Nspire™ CAS Computer Software
Total Commander (Remove or Repair)
Udvidet multimedietastatur løsning
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb983486)
VideoLAN VLC media player 0.8.6d
Warcraft III
WC3 Quickstarter
Westwood Shared Internet Components
WinRAR archiver
World of Warcraft
Worms 4 Mayhem
Zoo Tycoon 2

by **MWR 3 day Mod** » August 20th, 2010, 10:41 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **Jack&Jill** » August 22nd, 2010, 11:36 am

Hello and welcome to Malware Removal.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

You will be notified of replies by email as soon as they are posted.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

by **Tummelumsen** » August 22nd, 2010, 4:43 pm

Hello Jack&Jill.

Still with you.

by **Jack&Jill** » August 22nd, 2010, 9:27 pm

Hello Tummelumsen

,

Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules and ALL USERS OF THIS FORUM MUST READ THIS FIRST.
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly

. We may begin.

--------------------

You have a topic open here.

Posting your problems at many forums may lead to waste of resources and create problems: http://malwareremoval.com/forum/viewtop ... 96#p491396

Please let me know if you decide to continue here or your other topic. If you choose to continue in this one, please have the other topic closed.

--------------------

For Windows Vista or Windows 7, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

--------------------

I see that you have some programs that are not recommended on board your computer. You may uninstall them through Add/Remove Programs at the Control Panel.

PunkBuster

PunkBuster is a gaming tool that uses spyware techniques and can take over your computer. It is not likely that your computer could be cleaned without breaking or removing it, and this would result in not being able to play the associated games or worse.

Since PunkBuster is malware/spyware by our definition, you will need to choose one of the following:
1. Leave PunkBuster alone and continue cleaning malware, but understand that there is no assurance you will be able to do games afterwards.
2. Remove PunkBuster and continue cleaning.
3. Leave PunkBuster alone and stop cleaning.

See here for more information.

If you choose to uninstall PunkBuster

Please download the PBSVC setup program and save it to your desktop. Click here.
Double click on pbsvc.exe and click Uninstall.
Open Windows Explorer and navigate to C:\windows\system32\drivers.
Find files with PnkBstr in the name and delete them.
Repeat delete files step in folder C:\windows\system32.

--------------------

You have Windows Defender and Spybot - Search & Destroy. Please choose one and uninstall the other because too many antispyware programs may cause conflict and slow down your computer. I will have some recommendations for computer security when we are done removing malware.

--------------------

Do you know what these programs are?
Politikens Nudansk Ordbog med etymologi
Udvidet multimedietastatur løsning

--------------------

Please download Rootkit Unhooker and save it to your desktop. Click here.

Double click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):
- Drivers
- Stealth Code
- Files
- Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. your decision whether to continue here
2. decision about PunkBuster
3. your input about the programs
4. the Rookit Unhooker log

by **Tummelumsen** » August 24th, 2010, 1:02 am

Hi.

1. I would very much like to continue here.
2. PunkBuster is uninstalled as suggested
3. The two programs are
- Politikens Nudansk Ordbog med etymologi
A Danish dictionary from a well known Danish publisher
- Udvidet multimedietastatur løsning
Directly translated "Expanded multi media keyboard solution" from HP
4. Rootkit Unhooker log attached as a file

by **Jack&Jill** » August 24th, 2010, 2:04 am

Hello Tummelumsen

,

For Windows Vista or Windows 7, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download OTL© by OldTimer from one of the links below and save it to your desktop.

Link 1
Link 2

Scan with OTL

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are six of them.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please post back:
1. the OTL logs (OTL.txt and Extras.txt)

by **Tummelumsen** » August 24th, 2010, 10:13 am

Hey again

OTL logfile created on: 24-08-2010 16:05:45 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\BrugerAdmin\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290,77 Gb Total Space | 93,50 Gb Free Space | 32,16% Space Free | Partition Type: NTFS
Drive D: | 7,32 Gb Total Space | 1,53 Gb Free Space | 20,86% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 297,56 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FARS-PC
Current User Name: BrugerAdmin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-08-24 16:03:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BrugerAdmin\Desktop\OTL.exe
PRC - [2010-07-21 14:23:35 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG8\avgtray.exe
PRC - [2010-01-14 19:04:52 | 000,041,984 | ---- | M] (David Becher) -- C:\Programmer\WC3 Quickstarter\WC3 Quickstarter.exe
PRC - [2009-08-28 14:50:35 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG8\avgrsx.exe
PRC - [2009-08-28 14:50:21 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG8\avgwdsvc.exe
PRC - [2009-05-07 14:59:00 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009-03-08 23:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Internet Explorer\iexplore.exe
PRC - [2009-02-26 13:46:40 | 000,147,456 | ---- | M] () -- C:\WINDOWS\System32\ANIWConnService.exe
PRC - [2008-12-02 23:15:58 | 000,054,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\jureg.exe
PRC - [2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-29 20:36:50 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Sidebar\sidebar.exe
PRC - [2007-12-18 23:24:48 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\AstSrv.exe
PRC - [2007-09-13 21:42:36 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Defender\MSASCui.exe
PRC - [2007-07-06 13:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007-05-29 17:19:08 | 000,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe
PRC - [2007-04-18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007-02-15 13:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Programmer\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006-11-02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Media Player\wmpnetwk.exe
PRC - [2006-11-02 11:45:39 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
PRC - [2006-10-26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006-09-03 10:32:28 | 000,208,896 | ---- | M] () -- C:\Programmer\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

========== Modules (SafeList) ==========

MOD - [2010-08-24 16:03:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BrugerAdmin\Desktop\OTL.exe
MOD - [2009-08-28 14:50:35 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
MOD - [2006-11-02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ProgramData\QuestDns\questdns111.exe -- (QuestDns Service)
SRV - [2010-07-29 16:32:33 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-08-28 14:50:21 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmer\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009-02-26 13:46:40 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2008-04-07 15:06:47 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2007-12-18 23:24:48 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\System32\AstSrv.exe -- (astcc)
SRV - [2007-09-13 21:42:36 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-05-29 17:19:08 | 000,198,240 | ---- | M] () [Auto | Running] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007-01-19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Programmer\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006-09-11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006-09-11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006-09-11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2006-09-11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2006-09-03 10:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006-08-31 23:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Programmer\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006-05-10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009-08-28 14:50:35 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009-08-28 14:50:35 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009-04-17 11:27:10 | 000,722,944 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009-03-06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2008-05-02 11:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008-05-02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008-05-02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-05-02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007-07-11 12:21:00 | 001,793,880 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-07-06 15:15:00 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-06-11 11:49:22 | 000,968,064 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007-05-30 17:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007-04-13 15:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006-11-02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006-11-02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006-11-02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006-11-02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006-11-02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006-11-02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006-11-02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006-11-02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006-11-02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006-11-02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006-11-02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006-11-02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006-11-02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006-11-02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006-11-02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006-11-02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006-11-02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006-11-02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006-11-02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006-11-02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006-11-02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006-11-02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006-11-02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006-11-02 10:55:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\avc.sys -- (Avc)
DRV - [2006-11-02 10:55:15 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\61883.sys -- (61883)
DRV - [2006-11-02 10:55:12 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\msdv.sys -- (MSDV)
DRV - [2006-11-02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005-12-12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005-02-23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3851498605-421253736-3578957769-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3851498605-421253736-3578957769-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-3851498605-421253736-3578957769-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3851498605-421253736-3578957769-1001\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3851498605-421253736-3578957769-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmer\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O3 - HKU\S-1-5-21-3851498605-421253736-3578957769-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Programmer\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programmer\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3851498605-421253736-3578957769-1001..\Run: [wc3quickstarter] C:\Programmer\WC3 Quickstarter\WC3 Quickstarter.exe (David Becher)
O4 - Startup: C:\Users\Henrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O7 - HKU\S-1-5-21-3851498605-421253736-3578957769-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3851498605-421253736-3578957769-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3851498605-421253736-3578957769-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmer\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmer\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-13 12:24:37 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-08-24 16:03:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\BrugerAdmin\Desktop\OTL.exe
[2010-08-17 20:52:07 | 000,000,000 | ---D | C] -- C:\Programmer\Trend Micro
[2010-08-17 20:42:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010-08-17 20:34:24 | 000,000,000 | ---D | C] -- C:\Programmer\CCleaner
[2010-08-12 19:03:28 | 000,000,000 | ---D | C] -- C:\Temp
[2010-08-02 21:45:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010-08-02 21:45:58 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010-08-02 21:45:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010-08-02 21:45:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010-08-02 21:45:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010-08-02 21:45:58 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010-08-02 21:45:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010-08-02 21:45:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010-08-02 21:45:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010-08-02 21:45:57 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010-08-02 21:45:57 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010-08-02 21:45:57 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010-08-02 21:45:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010-08-02 21:45:57 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010-08-02 21:45:57 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010-08-02 21:45:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010-08-02 21:45:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010-08-02 21:45:57 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010-08-02 21:45:57 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010-08-02 21:45:56 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010-08-02 21:45:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010-08-02 21:45:56 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010-08-02 21:45:56 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010-08-02 21:45:56 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010-08-02 21:45:56 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010-08-02 21:45:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010-08-02 21:45:56 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010-08-02 21:45:56 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010-08-02 21:45:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010-08-02 21:45:55 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010-08-02 21:45:55 | 000,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010-08-02 21:45:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010-08-02 21:45:55 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010-08-02 21:45:55 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010-08-02 21:45:55 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010-08-02 21:45:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010-08-02 21:45:55 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010-08-02 21:45:55 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010-08-02 21:45:55 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010-08-02 21:45:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010-08-02 21:45:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010-07-29 16:36:20 | 000,000,000 | ---D | C] -- C:\Programmer\QuestDns
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-08-24 16:05:07 | 002,359,296 | -HS- | M] () -- C:\Users\BrugerAdmin\NTUSER.DAT
[2010-08-24 16:03:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BrugerAdmin\Desktop\OTL.exe
[2010-08-24 16:01:53 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-08-24 16:01:53 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\PersSecurity.job
[2010-08-24 15:53:26 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-08-24 15:53:26 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-08-24 15:28:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-08-24 14:56:26 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010-08-24 14:55:51 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME
[2010-08-24 14:55:45 | 063,770,466 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010-08-24 14:53:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-08-24 14:53:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-08-24 07:08:21 | 003,935,719 | -H-- | M] () -- C:\Users\BrugerAdmin\AppData\Local\IconCache.db
[2010-08-23 20:30:52 | 000,133,632 | ---- | M] () -- C:\Users\BrugerAdmin\Desktop\RKUnhookerLE.EXE
[2010-08-23 20:21:14 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2010-08-22 14:15:28 | 001,270,178 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-08-22 14:15:28 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-08-22 14:15:28 | 000,485,362 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2010-08-22 14:15:28 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-08-22 14:15:28 | 000,080,082 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2010-08-17 21:35:54 | 000,003,584 | ---- | M] () -- C:\Users\BrugerAdmin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-17 21:26:28 | 000,002,535 | ---- | M] () -- C:\Users\BrugerAdmin\Desktop\HiJackThis.lnk
[2010-08-17 20:34:25 | 000,000,806 | ---- | M] () -- C:\Users\BrugerAdmin\Desktop\CCleaner.lnk
[2010-08-12 18:59:38 | 000,452,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-08-03 10:08:52 | 000,000,945 | ---- | M] () -- C:\Users\BrugerAdmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-08-23 20:30:41 | 000,133,632 | ---- | C] () -- C:\Users\BrugerAdmin\Desktop\RKUnhookerLE.EXE
[2010-08-23 20:21:14 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010-08-17 20:52:07 | 000,002,535 | ---- | C] () -- C:\Users\BrugerAdmin\Desktop\HiJackThis.lnk
[2010-08-17 20:34:25 | 000,000,806 | ---- | C] () -- C:\Users\BrugerAdmin\Desktop\CCleaner.lnk
[2010-08-02 21:45:56 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010-06-07 20:51:40 | 000,003,284 | ---- | C] () -- C:\Users\BrugerAdmin\AppData\Roaming\ANIWZCS{675E32AB-FCA0-451D-9FFF-7170DA93B73B}
[2010-06-07 20:49:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2010-06-07 20:48:52 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2010-06-07 20:48:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2010-06-07 20:48:52 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2010-06-07 20:48:52 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2010-06-07 20:48:52 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2010-06-07 20:48:46 | 000,724,992 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2010-06-07 20:47:31 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2010-05-05 16:07:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-04-21 15:30:38 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010-03-12 00:08:32 | 000,000,596 | ---- | C] () -- C:\Windows\wininit.ini
[2010-01-10 14:19:31 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009-06-05 22:02:19 | 000,000,000 | ---- | C] () -- C:\Users\BrugerAdmin\AppData\Local\rx_image.Cache
[2008-07-21 11:05:49 | 000,032,768 | ---- | C] () -- C:\Windows\unvise32.dll
[2008-05-13 12:39:14 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008-05-13 12:38:01 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008-05-13 12:38:01 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008-05-13 12:38:01 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008-02-29 22:40:03 | 000,003,584 | ---- | C] () -- C:\Users\BrugerAdmin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-09-13 12:17:52 | 000,001,525 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007-09-13 12:12:51 | 000,003,758 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007-09-13 12:12:32 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007-09-13 12:04:27 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007-09-13 12:04:27 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007-07-19 17:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006-12-13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006-12-13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-06-23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2008-10-03 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\Any Video Converter
[2009-01-16 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\DriverCure
[2010-06-23 13:58:15 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\DVDVideoSoftIEHelpers
[2008-12-23 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\FrostWire
[2008-12-27 20:43:27 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\GHISLER
[2008-02-29 22:49:35 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\Grisoft
[2009-02-07 12:14:13 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\LEGO Company
[2008-10-03 15:47:37 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\LimeWire
[2009-11-11 00:05:01 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\NCH Swift Sound
[2008-12-25 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\Serif
[2009-12-06 19:29:48 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\Texas Instruments
[2009-01-10 13:18:05 | 000,000,000 | ---D | M] -- C:\Users\BrugerAdmin\AppData\Roaming\uTorrent
[2010-01-31 18:37:48 | 000,000,000 | ---D | M] -- C:\Users\Henrik\AppData\Roaming\FrostWire
[2008-03-02 12:58:27 | 000,000,000 | ---D | M] -- C:\Users\Henrik\AppData\Roaming\Grisoft
[2010-08-16 21:58:13 | 000,000,000 | ---D | M] -- C:\Users\Henrik\AppData\Roaming\gtk-2.0
[2008-10-04 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\Henrik\AppData\Roaming\LimeWire
[2009-11-11 00:04:44 | 000,000,000 | ---D | M] -- C:\Users\Henrik\AppData\Roaming\NCH Swift Sound
[2010-06-09 12:25:39 | 000,000,000 | ---D | M] -- C:\Users\Henrik\AppData\Roaming\Politiken
[2009-12-06 19:35:59 | 000,000,000 | ---D | M] -- C:\Users\Henrik\AppData\Roaming\Texas Instruments
[2009-12-06 19:36:10 | 000,000,000 | ---D | M] -- C:\Users\Henrik\AppData\Roaming\TI-Nspire
[2010-02-28 21:03:45 | 000,000,000 | ---D | M] -- C:\Users\Henrik\AppData\Roaming\Ubisoft
[2010-01-16 22:44:28 | 000,000,000 | ---D | M] -- C:\Users\Henrik\AppData\Roaming\uTorrent
[2008-03-16 22:44:54 | 000,000,000 | ---D | M] -- C:\Users\Preben\AppData\Roaming\Grisoft
[2010-04-25 21:42:58 | 000,000,000 | ---D | M] -- C:\Users\Preben\AppData\Roaming\Serif
[2008-10-03 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\Søren\AppData\Roaming\Any Video Converter
[2009-08-13 15:25:00 | 000,000,000 | ---D | M] -- C:\Users\Søren\AppData\Roaming\FrostWire
[2008-03-04 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\Søren\AppData\Roaming\Grisoft
[2009-02-07 12:14:26 | 000,000,000 | ---D | M] -- C:\Users\Søren\AppData\Roaming\LEGO Company
[2008-10-03 16:26:37 | 000,000,000 | ---D | M] -- C:\Users\Søren\AppData\Roaming\LimeWire
[2009-04-01 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\Søren\AppData\Roaming\PeerNetworking
[2008-10-01 14:20:10 | 000,000,000 | ---D | M] -- C:\Users\Søren\AppData\Roaming\Three Rings Design
[2010-03-02 18:06:10 | 000,000,000 | ---D | M] -- C:\Users\Søren\AppData\Roaming\Ubisoft
[2010-07-21 14:21:16 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010-08-24 16:01:53 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\PersSecurity.job
[2010-08-24 07:08:36 | 000,032,658 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

by **Tummelumsen** » August 24th, 2010, 10:15 am

Hey again - again

OTL Extras logfile created on: 24-08-2010 16:05:45 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\BrugerAdmin\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290,77 Gb Total Space | 93,50 Gb Free Space | 32,16% Space Free | Partition Type: NTFS
Drive D: | 7,32 Gb Total Space | 1,53 Gb Free Space | 20,86% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 297,56 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FARS-PC
Current User Name: BrugerAdmin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" =
"AntiVirusOverride" = 0
"FirewallDisableNotify" =
"FirewallOverride" = 0
"FirstRunDisabled" =
"UpdatesDisableNotify" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F157507-836D-487D-A61E-66B1E524AE9C}" = lport=6112 | protocol=17 | dir=in | name=warcraft iii host x2 |
"{0F6466D1-D018-4940-AFCD-C009643F8B0B}" = rport=137 | protocol=17 | dir=out | app=system |
"{1EA2DB4C-E199-481A-8607-213B27F7A87C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{29485150-EA35-47C2-ADE1-C83D9379792F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B2920A3-F21D-456A-970C-179D3856A8CB}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{2E926582-FE2A-4367-9584-E905AC5DC4AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{309E2D42-955F-4396-98B6-54E524654ABF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{30FC8B63-B0EB-4FFF-B99B-9771A01D5CC0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{34179723-41B7-4863-B58F-BB674F1A0E2D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3A58A5AF-CBA9-482D-B16A-5CBFFD0FC46B}" = lport=139 | protocol=6 | dir=in | app=system |
"{4308D983-5CC5-4D65-A266-25825EFF64AF}" = lport=137 | protocol=17 | dir=in | app=system |
"{43285E87-302E-4320-88ED-E2527E686213}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C7A6D80-2280-4EC0-882C-298365A70CE9}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{4FDFC633-0E73-4F44-9F6D-E167BC7CEB47}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E8A3155-80E7-4839-BB55-A06AC2302766}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E315497-47F8-4B46-B8F0-E2A291A44DA6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{90CB108E-AE47-412F-A864-E0A7AC579AFC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{927ECAED-216B-4046-85F8-B9068A8A3013}" = rport=138 | protocol=17 | dir=out | app=system |
"{93BBE788-63AB-4682-B007-D4541F7DB5A2}" = rport=139 | protocol=6 | dir=out | app=system |
"{94C3727D-A8F5-425A-B5C9-2003968C9D4C}" = lport=6112 | protocol=6 | dir=in | name=warcraft iii host |
"{A5A89CC9-86CF-44E8-B485-999500E3C47A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{AC7D7255-89FE-48D9-AF08-944439E5473A}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5D2F59D-B28D-402D-990D-1C40AD8144F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCA54536-DB2E-44EA-B752-2D0AD8C72B7E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F83D2D35-30C1-4FCE-AE56-B5E8AD3DEE4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010D60B0-2808-4079-A678-51FFF92890E6}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{04C6903E-84A7-41B0-8429-97CE71DC4A1F}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{09D4DFA7-88E6-43FC-9E18-B1B7F90FF085}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1352043B-FA02-41C8-9489-5BF03A0A75CB}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{1381A99D-4F1D-42E4-AAFD-38A8AEB868D5}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{169B6A8C-ADC5-41FF-9A11-A5F302B47BA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{199B82E9-B7D4-4AD5-AAD6-F8660229E4DD}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{1B010A09-0E2C-4A3C-BBCE-5C011A9DD057}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{1C39D7BD-C3BE-4318-8A50-AB984CA24E4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ECEDC7C-7EF5-493B-A63A-0C0CEC394F64}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{1FC3CB67-7FC2-42BC-AE12-EF31D0E580EA}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{2770111E-02D7-4E63-A950-CC18C4660870}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{2A061C7F-294A-4B66-94E8-492BCEF8E84C}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{2F61619B-5AA0-488E-94C9-EA89C4FB3FF5}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{34C608AC-3DC4-4F07-825D-C9E5ED5BA9C1}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{3A7C6191-13B6-4684-A493-65D7F87628E0}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3DA974F7-59A8-4E06-938D-EFF7D4C04A4F}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{41C96309-3121-49FB-A834-F58711D9C6FE}" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{4288528E-6AD1-46AB-9E83-0539B5517ECD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{43BAC594-8B6C-490A-8F41-581ECAD7BE98}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{455E5929-AF9F-4576-8E15-35C5B74E5779}" = protocol=6 | dir=in | app=f:\setup\hpznui01.exe |
"{5DC4C670-F980-4944-9BD5-D254C2B86B6A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{646BB8AA-C545-4800-B585-D021891F98E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64D76B67-5019-45E9-870F-A54F09B71B90}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{666376F7-5362-450D-A2F1-F727CDCA15CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D32D47D-24F6-4CDE-AEFD-9B1E23551B67}" = protocol=17 | dir=in | app=c:\users\henrik\desktop\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{6FAE244D-D74D-4316-B0CF-C307FC474CAA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{776CE5F0-4BA0-4F4D-A6B7-5041BF25C1FE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\suc1992\counter-strike source\hl2.exe |
"{77BAB57D-10DF-4094-8035-4839506C7A92}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{79061C4A-9C89-4460-BC42-2953723CAE99}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{79B34786-9EC6-4808-B2C8-1C54823CC91C}" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{7F743690-0959-4874-A883-9950B4365707}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{7FF46B31-49A7-45B2-86EF-2DAB13297A0F}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{806819D4-9869-4510-9F71-3DF3070D6D48}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{80E6D05A-E4BD-4C47-AD3A-A912DF3448FC}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{82AB777C-2801-4B9D-AE3C-4364CA66BA58}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{8337891B-9D9E-4160-9259-18A19BD8F2A7}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8342E38E-288D-4217-A44D-E918F7BC4A33}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{855067A0-AC7B-456D-8BC2-87DC82656231}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{86072C3F-8BAC-4B1E-8A63-8E9D6E1026D5}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{8BF4C35E-15F8-4FC7-9FA5-0C7AB86D179C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8CDC1D48-6E33-49EF-9B3A-860A21D327F4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\suc1992\counter-strike source\hl2.exe |
"{90552FD0-4F21-44D8-9509-A5BAAF823291}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{907BE958-583C-4682-8177-5D1D5E505BAD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{95A10B11-EB26-4C8A-A945-BB315B80AE8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97FBF3A6-E386-4CF8-9775-86FFCAB4A63D}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{9988631F-7474-43C5-B4B4-7AB3D5C8C75B}" = protocol=17 | dir=in | app=f:\setup\hpznui01.exe |
"{9B7C6069-013B-405A-9438-D4513DFF83B7}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{9F116A26-976A-4B4B-8726-5EF85C8277C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0B2F6DB-F762-48D2-AA5E-4E6E419BB8C4}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{A309AEC3-2EF2-4664-AC93-92580FC4B928}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{AC9EC97C-D5C6-4953-A465-53364418EE66}" = protocol=6 | dir=out | app=system |
"{AFA911C3-EF4E-415C-A1C1-8420F5B9D215}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{B7FE34E8-2215-441E-BBDA-B8F87DCB65FD}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B8D5D491-EA6C-45FC-9F0D-457B4F396D3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8DDF155-AB87-4BB4-AFCC-2E57B7FE4CC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C36164D6-E601-4BA8-BD91-D5A0D930306E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5FCCAC2-41E9-4BCC-B4F0-F074DD47A969}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CA57D389-00B4-447C-83B3-44A94F926E82}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{CB18AFAA-D37D-4271-9BFE-EFD0D59C1C97}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D116E5A8-CD1C-42B9-92FF-14CD4FB143B7}" = protocol=6 | dir=in | app=c:\users\henrik\desktop\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{D3383D17-FB31-4CCD-BDDD-FD55A83B3772}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D4AC3E46-8F20-4274-AF96-6F6F94308B11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D64B4C4B-42FE-4F10-BD22-E5A9B8A676F4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EBDC3DA3-F0C9-411F-A737-C3F40838FC8E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{EC55A0D1-9F43-407A-ACE9-0EF9DA9737C4}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{EC62951F-D86F-41DA-B888-23B2380222B1}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{ED9F3C17-8FE5-4598-8C27-C351FFEDF8B7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{F5E8BBC1-9DC1-4CE8-8F73-2EAF414CDE78}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{FF368416-0D59-4552-99E3-732ECB46835C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{074FBC58-4406-435D-A3FB-B66B217E0A61}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{1F1D6869-FEF3-49FB-9AC3-8C128F8B5D32}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{2170497C-5DE8-42F3-B8E9-AC7733AF2524}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{22137755-0680-497F-9ECC-47AA8F794D6F}C:\q3ademo\quake3.exe" = protocol=6 | dir=in | app=c:\q3ademo\quake3.exe |
"TCP Query User{2FF7255E-FEBE-44A5-877F-82781A5D9543}C:\users\søren\desktop\world of warcraft\wow-3.0.2.9056-to-3.0.3.9183-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\søren\desktop\world of warcraft\wow-3.0.2.9056-to-3.0.3.9183-engb-downloader.exe |
"TCP Query User{35F24EB2-82BA-4D1D-8E07-651BF066556A}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"TCP Query User{3A1C5B56-DEA5-453A-B415-9488BD718BF9}C:\users\søren\inexplorer.exe" = protocol=6 | dir=in | app=c:\users\søren\inexplorer.exe |
"TCP Query User{4744C38A-3F46-4CE9-8AB4-F50B2F356C26}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{49FC9807-81FA-48A1-8B61-58336A8E7AE7}C:\users\henrik\desktop\spil\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\henrik\desktop\spil\world of warcraft\repair.exe |
"TCP Query User{5463D881-15DF-4820-A8D7-F33290597846}C:\q3ademo\quake3.exe" = protocol=6 | dir=in | app=c:\q3ademo\quake3.exe |
"TCP Query User{7174D9FA-54DE-42D1-AD47-5FF28A962168}C:\users\brugeradmin\desktop\crack\rld-w4m\worms 4 mayhem.exe" = protocol=6 | dir=in | app=c:\users\brugeradmin\desktop\crack\rld-w4m\worms 4 mayhem.exe |
"TCP Query User{738878B4-BAFE-4582-BCDB-302AFDAC4788}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7D6ED870-ECE1-4D87-A84F-A473F74D64F5}C:\program files\steam\steamapps\suc1992\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\suc1992\team fortress 2\hl2.exe |
"TCP Query User{7E0044F7-1E23-4798-A41B-21BED4F16F2E}C:\program files\steam\steamapps\suc1992\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\suc1992\garrysmod\hl2.exe |
"TCP Query User{850FE7A8-04A7-4EDC-BDD5-F2C42388DE6E}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{9ED1474C-CD52-47A7-8B15-51DE9906EE4B}C:\program files\microsoft games\rise of nations\patriots.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\patriots.exe |
"TCP Query User{A1D10848-6AA0-4815-B807-4B8B326158DE}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{A40F51B6-9E89-48CB-B9F5-58C848724208}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{A573710B-3942-4692-A0D2-DA2919F9DB34}C:\users\brugeradmin\desktop\worms\crack\rld-w4m\worms 4 mayhem.exe" = protocol=6 | dir=in | app=c:\users\brugeradmin\desktop\worms\crack\rld-w4m\worms 4 mayhem.exe |
"TCP Query User{B2E763D5-D23D-44EB-BD46-59EDEFA4CCEF}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{C25C3FA7-8BDD-4FC7-BEC7-CDCAA0DC786F}C:\users\brugeradmin\downloads\worms 4 mayhem\crack\rld-w4m\worms 4 mayhem.exe" = protocol=6 | dir=in | app=c:\users\brugeradmin\downloads\worms 4 mayhem\crack\rld-w4m\worms 4 mayhem.exe |
"TCP Query User{CB0043D7-F2D4-412F-A745-BDAC34DFD137}C:\users\søren\desktop\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe" = protocol=6 | dir=in | app=c:\users\søren\desktop\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe |
"TCP Query User{CB9B923A-2B7D-4AC1-AFA5-F29224A39D13}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{CFE2AA8B-610A-4676-85A6-D0F04C17611A}C:\users\henrik\desktop\spil\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\henrik\desktop\spil\world of warcraft\launcher.exe |
"TCP Query User{F091A8E7-3166-4DB9-BD1C-432447C19A49}C:\users\henrik\desktop\spil\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\henrik\desktop\spil\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |
"TCP Query User{F4F83E88-F9DC-4465-A439-DA6FCDC72005}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"UDP Query User{052F66F0-BDFC-436F-9F85-0CF08E3C9924}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"UDP Query User{0C946EF9-8B09-47B6-9BA5-C2E6A766D517}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"UDP Query User{0CC99223-F948-4D4E-B153-D3E1C42DE469}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"UDP Query User{11C75B5E-41A8-42C2-8842-788CF00C7586}C:\users\henrik\desktop\spil\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\henrik\desktop\spil\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |
"UDP Query User{375296D2-26DA-41DE-9B9F-0709FB5E1F93}C:\users\brugeradmin\downloads\worms 4 mayhem\crack\rld-w4m\worms 4 mayhem.exe" = protocol=17 | dir=in | app=c:\users\brugeradmin\downloads\worms 4 mayhem\crack\rld-w4m\worms 4 mayhem.exe |
"UDP Query User{3A045C7E-A9C7-4891-BE36-52B12E9ACA70}C:\users\brugeradmin\desktop\crack\rld-w4m\worms 4 mayhem.exe" = protocol=17 | dir=in | app=c:\users\brugeradmin\desktop\crack\rld-w4m\worms 4 mayhem.exe |
"UDP Query User{41B6A949-B523-4957-BD05-72257CC90F1B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{44AF8C2C-ED9F-46BC-8708-2248CBFDD4CE}C:\users\søren\inexplorer.exe" = protocol=17 | dir=in | app=c:\users\søren\inexplorer.exe |
"UDP Query User{4B3AADE8-940E-466C-876E-12C08F44671B}C:\users\brugeradmin\desktop\worms\crack\rld-w4m\worms 4 mayhem.exe" = protocol=17 | dir=in | app=c:\users\brugeradmin\desktop\worms\crack\rld-w4m\worms 4 mayhem.exe |
"UDP Query User{5C51AC1A-55E3-48DD-A28B-26CE382359ED}C:\users\henrik\desktop\spil\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\henrik\desktop\spil\world of warcraft\launcher.exe |
"UDP Query User{698185EC-B720-4013-98F2-54ED75929019}C:\program files\steam\steamapps\suc1992\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\suc1992\team fortress 2\hl2.exe |
"UDP Query User{75EA0940-8654-4622-A2A3-5EE8518F1240}C:\q3ademo\quake3.exe" = protocol=17 | dir=in | app=c:\q3ademo\quake3.exe |
"UDP Query User{7A96C07B-B7D8-4931-B1F4-61DC7356DE1C}C:\q3ademo\quake3.exe" = protocol=17 | dir=in | app=c:\q3ademo\quake3.exe |
"UDP Query User{8D512B5E-D11B-436F-B286-772353F41D7D}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{9AB5DAA0-90A5-4FCC-801D-5D4EA4D8E982}C:\program files\microsoft games\rise of nations\patriots.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\patriots.exe |
"UDP Query User{A25299F3-5931-4432-B33F-3A31523201F7}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{AB74BDA8-6B82-4461-A479-3A60A43433C0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B09E6D7A-DF18-438B-8DF8-ED51B11944DB}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{B1B48130-2F46-4ECD-8D42-E010BE0A1667}C:\program files\steam\steamapps\suc1992\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\suc1992\garrysmod\hl2.exe |
"UDP Query User{B56C525F-4654-4E4A-9B83-C119B6589B3A}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{C79FE835-02E3-483F-837A-0E5A9947E493}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{CCC76D58-4F13-4087-8323-69729620AACD}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D258F665-CCD4-4522-9F14-CD688F0D5940}C:\users\søren\desktop\world of warcraft\wow-3.0.2.9056-to-3.0.3.9183-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\søren\desktop\world of warcraft\wow-3.0.2.9056-to-3.0.3.9183-engb-downloader.exe |
"UDP Query User{DAAB0500-B789-43BF-96A3-213877B48A7A}C:\users\henrik\desktop\spil\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\henrik\desktop\spil\world of warcraft\repair.exe |
"UDP Query User{E48E6D34-9265-46F4-9D7C-975A24E1E691}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{EDB288E2-81CB-4275-9708-DD76816083B2}C:\users\søren\desktop\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe" = protocol=17 | dir=in | app=c:\users\søren\desktop\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02418C87-F90C-4E47-8BA6-16226B35D9C3}" = Serif MoviePlus X3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{24209C2C-475B-4FC6-809F-0609050D27BE}" = TI-Nspire™ CAS Computer Software
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA Player 4.1
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ software
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F9DF109-4D98-46e1-BCE8-8EB6AA1DBF35}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775B9052-3517-47FA-817D-1BB28363D43A}" = muvee autoProducer 6.0
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8A07EC-4DAB-407C-BC4A-AA3A01F569A6}" = Politikens Nudansk Ordbog med etymologi
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
"{90120000-0016-0406-0000-0000000FF1CE}_STANDARD_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
"{90120000-0018-0406-0000-0000000FF1CE}_STANDARD_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
"{90120000-001A-0406-0000-0000000FF1CE}_STANDARD_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
"{90120000-001B-0406-0000-0000000FF1CE}_STANDARD_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_STANDARD_{25E093C2-374E-44A9-9BCE-3881BD442F3F}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}_STANDARD_{50865937-2EBB-4BBF-8861-BF5972C95D4B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1030-7B44-A81200000003}" = Adobe Reader 8.1.2 - Dansk
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B69349AE-2D41-3708-8BA4-4DC22645CA04}" = Microsoft .NET Framework 3.5 Language Pack SP1 - dan
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link Wireless N DWA-140
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0B0CC2B-D6B2-4D85-9620-FCAB8863DBE6}_is1" = Any Video-Audio Converter 5.6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Any Audio Converter_is1" = Any Audio Converter 1.1.0
"Any Video Converter_is1" = Any Video Converter 2.6.3
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"Battlecraft 19422.1" = Battlecraft 1942
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Diablo II" = Diablo II
"ExpressBurn" = Express Burn
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HD Tune_is1" = HD Tune 2.55
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Intel(R) Configuration Center" = Intel® Viiv™ software
"Microsoft .NET Framework 3.5 Language Pack SP1 - dan" = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"New LEGO Digital Designer" = LEGO Digital Designer
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Pixeline" = Pixeline
"PROSet" = Intel(R) PRO Network Connections Drivers
"Quake 3 Arena Demo" = Quake 3 Arena Demo
"RiseOfNationsExpansion 1.0" = Rise of Nations
"STANDARD" = Microsoft Office Standard 2007
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Switch" = Switch Sound File Converter
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Warcraft III" = Warcraft III
"WC3 Quickstarter" = WC3 Quickstarter
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components
"World of Warcraft" = World of Warcraft
"Zoo Tycoon 2" = Zoo Tycoon 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3851498605-421253736-3578957769-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PersSecurity" = Personal Security
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02-09-2009 12:06:54 | Computer Name = Fars-PC | Source = WerSvc | ID = 5007
Description =

Error - 03-09-2009 12:31:38 | Computer Name = Fars-PC | Source = Application Error | ID = 1000
Description = Program med fejl HpqSRmon.exe, version 10.0.0.202, tidsstempel 0x46c64b4e,
modul med fejl HpqSRmon.exe, version 10.0.0.202, tidsstempel 0x46c64b4e, undtagelseskode
0xc0000005, forskydning med fejl 0x000032db, proces-id 0x98c, programmets starttidspunkt
0x01ca2cb3ffeced0f.

Error - 03-09-2009 12:35:17 | Computer Name = Fars-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03-09-2009 13:31:23 | Computer Name = Fars-PC | Source = WerSvc | ID = 5007
Description =

Error - 04-09-2009 04:37:24 | Computer Name = Fars-PC | Source = WerSvc | ID = 5007
Description =

Error - 04-09-2009 04:38:11 | Computer Name = Fars-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 04-09-2009 14:11:11 | Computer Name = Fars-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 04-09-2009 15:07:28 | Computer Name = Fars-PC | Source = WerSvc | ID = 5007
Description =

Error - 05-09-2009 07:03:49 | Computer Name = Fars-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05-09-2009 08:00:09 | Computer Name = Fars-PC | Source = WerSvc | ID = 5007
Description =

[ System Events ]
Error - 17-08-2010 15:03:08 | Computer Name = Fars-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 17-08-2010 15:07:42 | Computer Name = Fars-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 17-08-2010 15:35:53 | Computer Name = Fars-PC | Source = DCOM | ID = 10010
Description =

Error - 18-08-2010 09:09:13 | Computer Name = Fars-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 19-08-2010 11:22:50 | Computer Name = Fars-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21-08-2010 07:00:34 | Computer Name = Fars-PC | Source = EventLog | ID = 6008
Description = Den foregående systemlukning kl. 12:58:46 d. 21-08-2010 var uventet.

Error - 21-08-2010 07:00:35 | Computer Name = FARS-PC | Source = Dhcp | ID = 1002
Description = Rettigheden til IP-adressen 192.168.1.100 for netværkskortet med netværksadressen
001D60C22AB5 blev nægtet af DHCP-serveren 192.168.1.1 (DHCP-serveren sendte en
DHCPNACK-meddelelse).

Error - 21-08-2010 10:08:34 | Computer Name = Fars-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21-08-2010 10:51:37 | Computer Name = Fars-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 22-08-2010 08:10:58 | Computer Name = Fars-PC | Source = Service Control Manager | ID = 7022
Description =

< End of report >

by **Jack&Jill** » August 25th, 2010, 11:14 am

Hello Tummelumsen

,

Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here.

Run MBAM

Double click on mbam-setup.exe and follow the prompts to install the program.
At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Please post back:
1. the MBAM report

by **Tummelumsen** » August 25th, 2010, 5:19 pm

Hello

Log as requested.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4476

Windows 6.0.6000
Internet Explorer 8.0.6001.18702

25-08-2010 23:11:53
mbam-log-2010-08-25 (23-11-53).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 413092
Tid gået: 2 time(e), 0 minut(ter), 38 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 23
Registreringsdatabaseværdier Inficeret: 1
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 7
Inficerede Filer: 8

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04dfb628-514b-4e68-9076-dc1024f58a96} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.dll (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PersSecurity (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestDns Service (Adware.QuestDns) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e879027fbd765a5330ad96 (Malware.Trace) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
C:\Program Files\Common Files\PersSecurityUninstall (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Program Files\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Program Files\VVSN (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Program Files\VVSN\URL2 (Adware.WhenU) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Users\BrugerAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU (Adware.WhenU) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Program Files\QuestDns\questdns.exe (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\PersSecurityUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Users\BrugerAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Users\BrugerAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Users\BrugerAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenU) -> Quarantined and deleted successfully.
C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.

by **Jack&Jill** » August 25th, 2010, 8:50 pm

Hello Tummelumsen

,

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here to go to ESET Online Scanner page.
Click on ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Click on Scan to proceed.
Click Finish and close the window.
Navigate to C:\Program Files\ESET\ESET Online Scanner using Windows Explorer and look for log.txt.
Post the contents of log.txt in your reply.

--------------------

Please post back:
1. the ESET online scan result
2. new OTL log

by **Tummelumsen** » August 27th, 2010, 1:24 am

Hello Jack&Jill

ESET found 2 threats but log is more or less empty :shock:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

by **Jack&Jill** » August 27th, 2010, 2:43 am

Hello Tummelumsen

,

Please post the ESET log. It is located here:
C:\Program Files\ESET\ESET Online Scanner\log.txt

I need to see what are the threats.

by **Tummelumsen** » August 27th, 2010, 4:30 am

Hello Jack&Jill

The log contained only the two lines in my previous reply! I am currently running another scan and when I return from work I will post the content of the log.txt.

Free Malware Removal Forum

GDIPLUS infected

GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Re: GDIPLUS infected

Who is online