The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Email and wow account gets compromised repeatedly

Posted 6/2/2010 12:55 PM
#86344
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
Hi there

The helpful folks over at blizzard have been resetting my password multiple times, but its no use when the new password is stolen right away. I can't seem to prevent this from happening :(. I've used a multitude of different scanning tools during the last couple of days. The ones used today with intention of creating a hijackthis log afterwards and submitting it to you guys are:
atf-cleaner
cc-cleaner
adaware
spybot S&D
Eset NoD32 smart security (free trial - I recently uninstalled my free avast seeing as it did not help me keep my passwords safe)
malwarebytes antimalware
DDS

My computer doesnt seem slow or affected in any way, but since I keep losing control of my WoW- and email-account (gmail) something must be off.

As requested, the logs are in the following order:
Hijackthis log
Malwarebyte log
DDs log files (even tho the header in the "attach" one specifically says dont post, i did it anyway, since you asked for 2 logs)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:38, on 02-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmer\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ESET\ESET Smart Security\ekrn.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\ESET\ESET Smart Security\egui.exe
C:\Programmer\CheckPoint\ZAForceField\ForceField.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\TEXTware\HotKey\TWALINK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programmer\ZoneAlarm\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programmer\ZoneAlarm\tbZone.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmer\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmer\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programmer\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmer\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Programmer\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: https://*.danid.dk
O15 - Trusted Zone: https://*.danid.dk (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - https://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - https://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240515232921
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - https://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmer\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Programmer\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7788 bytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4162

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02-06-2010 14:19:17
mbam-log-2010-06-02 (14-19-17).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 250801
Tid gået: 1 time(e), 7 minut(ter), 27 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)


DDS (Ver_10-03-17.01) - NTFSx86
Run by Anders at 14:32:10,01 on 02-06-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3069.2169 [GMT 2:00]

AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmer\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ESET\ESET Smart Security\ekrn.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\ESET\ESET Smart Security\egui.exe
svchost.exe
C:\Programmer\CheckPoint\ZAForceField\ForceField.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\TEXTware\HotKey\TWALINK.EXE
C:\Documents and Settings\Anders\Skrivebord\hijackthis\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\programmer\zonealarm\tbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\programmer\zonealarm\tbZone.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\programmer\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmer\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\programmer\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\programmer\zonealarm\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\programmer\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ZoneAlarm Client] "c:\programmer\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\programmer\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\programmer\fælles filer\java\java update\jusched.exe"
mRun: [egui] "c:\programmer\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240515232921
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anders\applic~1\mozilla\firefox\profiles\85s6nkh3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\programmer\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmer\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmer\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmer\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmer\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmer\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmer\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmer\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.firefox.com");
c:\programmer\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmer\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 14:35:27,37 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23-04-2009 18:56:46
System Uptime: 06-02-2010 09:11:28 (2789 hours ago)

Motherboard: Zepto | | Zepto
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | CPU | 1319/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 45,561 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Bluetooth2.1module
Device ID: USB\VID_13D3&PID_3250\002243A7AEFF
Manufacturer:
Name: Bluetooth2.1module
PNP Device ID: USB\VID_13D3&PID_3250\002243A7AEFF
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ACPIHIDMAPPER\5&15D725F4&0
Manufacturer:
Name:
PNP Device ID: ACPI\ACPIHIDMAPPER\5&15D725F4&0
Service:

==== System Restore Points ===================

RP201: 08-03-2010 10:08:17 - Systemkontrolpunkt
RP202: 09-03-2010 14:58:23 - Systemkontrolpunkt
RP203: 11-03-2010 23:23:57 - Software Distribution Service 3.0
RP204: 15-03-2010 10:48:49 - Systemkontrolpunkt
RP205: 16-03-2010 10:53:01 - Fjernede NVIDIA PhysX
RP206: 18-03-2010 21:42:04 - Systemkontrolpunkt
RP207: 20-03-2010 16:19:38 - Systemkontrolpunkt
RP208: 26-03-2010 09:17:23 - Systemkontrolpunkt
RP209: 27-03-2010 19:31:43 - Systemkontrolpunkt
RP210: 30-03-2010 00:33:22 - Software Distribution Service 3.0
RP211: 31-03-2010 10:06:56 - Software Distribution Service 3.0
RP212: 31-03-2010 14:13:02 - Registreringsdatabasen er renset med Windows Live OneCare-sikkerhedsscanner
RP213: 03-04-2010 23:35:02 - Systemkontrolpunkt
RP214: 06-04-2010 08:29:52 - Systemkontrolpunkt
RP215: 08-04-2010 11:56:49 - Systemkontrolpunkt
RP216: 09-04-2010 14:03:16 - Systemkontrolpunkt
RP217: 12-04-2010 08:40:42 - Systemkontrolpunkt
RP218: 13-04-2010 23:30:10 - Systemkontrolpunkt
RP219: 15-04-2010 09:16:20 - Software Distribution Service 3.0
RP220: 19-04-2010 09:42:19 - Systemkontrolpunkt
RP221: 22-04-2010 11:48:56 - Systemkontrolpunkt
RP222: 23-04-2010 14:46:26 - Systemkontrolpunkt
RP223: 25-04-2010 12:18:58 - Installed Java(TM) 6 Update 20
RP224: 26-04-2010 17:23:07 - Systemkontrolpunkt
RP225: 30-04-2010 12:17:37 - Systemkontrolpunkt
RP226: 01-05-2010 18:51:04 - Systemkontrolpunkt
RP227: 02-05-2010 20:24:28 - Systemkontrolpunkt
RP228: 04-05-2010 17:04:52 - Systemkontrolpunkt
RP229: 07-05-2010 19:09:20 - Systemkontrolpunkt
RP230: 09-05-2010 09:54:04 - Systemkontrolpunkt
RP231: 10-05-2010 10:50:05 - Systemkontrolpunkt
RP232: 11-05-2010 11:30:24 - Systemkontrolpunkt
RP233: 13-05-2010 07:48:15 - Software Distribution Service 3.0
RP234: 14-05-2010 19:35:15 - Systemkontrolpunkt
RP235: 16-05-2010 12:13:52 - Systemkontrolpunkt
RP236: 18-05-2010 15:09:17 - Systemkontrolpunkt
RP237: 21-05-2010 18:51:25 - Systemkontrolpunkt
RP238: 23-05-2010 14:39:55 - Systemkontrolpunkt
RP239: 24-05-2010 11:41:56 - Software Distribution Service 3.0
RP240: 24-05-2010 12:30:44 - Advanced Registry Optimizer 2010 - Before Installation
RP241: 24-05-2010 12:31:19 - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN
RP242: 24-05-2010 12:35:48 - Advanced Registry Optimizer 2010 Mon, May 24, 10 12:35
RP243: 24-05-2010 14:21:43 - Software Distribution Service 3.0
RP244: 25-05-2010 16:36:01 - Systemkontrolpunkt
RP245: 26-05-2010 16:56:28 - Systemkontrolpunkt
RP246: 27-05-2010 07:16:48 - Software Distribution Service 3.0
RP247: 30-05-2010 23:33:26 - Systemkontrolpunkt
RP248: 31-05-2010 17:16:33 - Installed Java(TM) 6 Update 18
RP249: 31-05-2010 17:18:06 - Installed OpenOffice.org 3.2
RP250: 31-05-2010 22:19:59 - DriverScanner - 31-05-2010 22:19:33
RP251: 31-05-2010 22:20:36 - DriverScanner - 31-05-2010 22:20:30
RP252: 01-06-2010 15:44:38 - Fjernede Skype™ 4.0
RP253: 01-06-2010 15:45:03 - Installed Skype™ 4.2
RP254: 01-06-2010 15:54:29 - Removed Java(TM) 6 Update 13
RP255: 01-06-2010 15:55:21 - Installed Java(TM) 6 Update 20
RP256: 01-06-2010 20:25:30 - Installed ESET Smart Security

==== Installed Programs ======================


==== End Of File ===========================

TY in advance <3

Anders Holten
Posted 6/2/2010 2:00 PM
#86345
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
Posted 6/2/2010 4:21 PM
#86351
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
ComboFix 10-06-01.05 - Anders 02-06-2010 18:09:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3069.2595 [GMT 2:00]
Kører fra: c:\documents and settings\Anders\Skrivebord\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Filer skabt fra 2010-05-02 til 2010-06-02 )))))))))))))))))))))))))))))))))))
.

Ingen nye filer dannet i denne periode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programmer\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 09:50 2517088 ----a-w- c:\programmer\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programmer\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\programmer\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432]
"ZoneAlarm Client"="c:\programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"ISW"="c:\programmer\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"egui"="c:\programmer\ESET\ESET Smart Security\egui.exe" [2010-03-24 2145000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HotKey.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HotKey.lnk
backup=c:\windows\pss\HotKey.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^On Screen Display.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\On Screen Display.lnk
backup=c:\windows\pss\On Screen Display.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-16 07:47 94208 ----a-w- c:\programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programmer\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-03-16 17:58 13671016 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-03-16 17:58 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\programmer\Fælles filer\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-02 21:25 68856 ----a-w- c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-07-17 15:44 774233 ----a-w- c:\programmer\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\Steam\\steamapps\\aholten@sol.dk\\counter-strike\\hl.exe"=
"c:\\Games\\World of Warcraft\\Launcher.exe"=
"c:\\Games\\World of Warcraft\\Repair.exe"=
"c:\\Programmer\\Vuze\\Azureus.exe"=
"c:\\Games\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\Games\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Games\\FlatOut2\\FlatOut2.exe"=
"c:\\Games\\Age Of Empires II CRACKED\\age2_x1.exe"=
"c:\\Games\\Q3\\quake3.exe"=
"c:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Documents and Settings\\Anders\\Lokale indstillinger\\Apps\\2.0\\BRWN9Z47.DKH\\K0NGW6EB.DER\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724


R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmer\Lavasoft\Ad-Aware\AAWService.exe [2010-05-24 1314704]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100480]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-01 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 114984]
S2 ekrn;ESET Service;c:\programmer\ESET\ESET Smart Security\ekrn.exe [2010-03-24 810120]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programmer\CheckPoint\ZAForceField\ISWKL.sys [2010-05-26 26352]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programmer\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-31 189784]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Indhold af mappen 'Planlagte Opgaver'

2010-06-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmer\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 18:01]

2010-06-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-06-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1644491937-839522115-1003.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-05-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1644491937-839522115-1003.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://google.com/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
FF - ProfilePath - c:\documents and settings\Anders\Application Data\Mozilla\Firefox\Profiles\85s6nkh3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-06-02 18:16
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, https://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AED2170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> 0x8aed2170
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1180)
c:\programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1236)
c:\programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Gennemført tid: 2010-06-02 18:18:06
ComboFix-quarantined-files.txt 2010-06-02 16:18

Pre-Kørsel: 48.875.188.224 byte ledig
Post-Kørsel: 48.863.186.944 byte ledig

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D2413681DAACBA8CC2A3E94F25158C65
Posted 6/2/2010 4:40 PM
#86353
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
DeFogger - Disable
• Please download the following tool
https://www.jpshortstuff.247fixes.com/Defogger.exe
to your desktop.
• Double click DeFogger to run the tool.
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers.
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK
• IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
• Do not re-enable these drivers until otherwise instructed.

post a new combofix log.
Posted 6/2/2010 5:33 PM
#86354
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
ComboFix 10-06-01.05 - Anders 02-06-2010 19:17:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3069.2521 [GMT 2:00]
Kører fra: c:\documents and settings\Anders\Skrivebord\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active


advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((( Filer skabt fra 2010-05-02 til 2010-06-02 )))))))))))))))))))))))))))))))))))
.

Ingen nye filer dannet i denne periode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-06-02_16.16.20 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programmer\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 09:50 2517088 ----a-w- c:\programmer\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programmer\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\programmer\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432]
"ZoneAlarm Client"="c:\programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"ISW"="c:\programmer\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"egui"="c:\programmer\ESET\ESET Smart Security\egui.exe" [2010-03-24 2145000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HotKey.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HotKey.lnk
backup=c:\windows\pss\HotKey.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^On Screen Display.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\On Screen Display.lnk
backup=c:\windows\pss\On Screen Display.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-16 07:47 94208 ----a-w- c:\programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programmer\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-03-16 17:58 13671016 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-03-16 17:58 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\programmer\Fælles filer\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-02 21:25 68856 ----a-w- c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-07-17 15:44 774233 ----a-w- c:\programmer\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\Steam\\steamapps\\aholten@sol.dk\\counter-strike\\hl.exe"=
"c:\\Games\\World of Warcraft\\Launcher.exe"=
"c:\\Games\\World of Warcraft\\Repair.exe"=
"c:\\Programmer\\Vuze\\Azureus.exe"=
"c:\\Games\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\Games\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Games\\FlatOut2\\FlatOut2.exe"=
"c:\\Games\\Age Of Empires II CRACKED\\age2_x1.exe"=
"c:\\Games\\Q3\\quake3.exe"=
"c:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Documents and Settings\\Anders\\Lokale indstillinger\\Apps\\2.0\\BRWN9Z47.DKH\\K0NGW6EB.DER\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724


R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100480]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-01 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 114984]
S2 ekrn;ESET Service;c:\programmer\ESET\ESET Smart Security\ekrn.exe [2010-03-24 810120]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programmer\CheckPoint\ZAForceField\ISWKL.sys [2010-05-26 26352]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programmer\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmer\Lavasoft\Ad-Aware\AAWService.exe [2010-05-24 1314704]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-31 189784]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Indhold af mappen 'Planlagte Opgaver'

2010-06-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmer\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 18:01]

2010-06-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-06-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1644491937-839522115-1003.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-05-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1644491937-839522115-1003.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://google.com/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
FF - ProfilePath - c:\documents and settings\Anders\Application Data\Mozilla\Firefox\Profiles\85s6nkh3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-06-02 19:26
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, https://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AE7FDE8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> 0x8ae7fde8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1180)
c:\programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1236)
c:\programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Gennemført tid: 2010-06-02 19:29:11
ComboFix-quarantined-files.txt 2010-06-02 17:29
ComboFix2.txt 2010-06-02 16:18

Pre-Kørsel: 48.831.467.520 byte ledig
Post-Kørsel: 48.791.265.280 byte ledig

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DEB9057BE36EEF6B234E1B2B83EFDA7B
Posted 6/2/2010 5:37 PM
#86355
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
ok.
download norman tdss cleaner:
https://download.norman.no/public/Norman_TDSS_Cleaner.exe

to your desktop.
run the tool, follow the promts
perhaps you must run it 2 or 3 times.
post the nfix logfile(s)
Posted 6/2/2010 6:03 PM
#86356
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
ran it 3 times

Norman TDSS Cleaner
Version 1.9.3
Copyright © 1990 - 2010, Norman ASA. Built 2010/05/25 11:56:03

Norman Scanner Engine Version: 6.04.08
Nvcbin.def Version: 6.04.00, Date: 2010/05/25 11:56:03, Variants: 57644

Scan started: 2010/06/02 19:55:27

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: SPLIFFERNOX\Anders

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Running anti-TDSS module:

No TDSS infection detected

TDSS scan complete. Will now scan for related malware

Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 31ms


Scanning running processes and process memory...

Number of processes/threads found: 3038
Number of processes/threads scanned: 3038
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 52s


Scanning file system...

Scanning: prescan

Scanning: C:\WINDOWS\system32\drivers\*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 321
Number of archives unpacked: 0
Number of files scanned: 321
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 11s

-------------------------------------------------------------------------------------------
Norman TDSS Cleaner
Version 1.9.3
Copyright © 1990 - 2010, Norman ASA. Built 2010/05/25 11:56:03

Norman Scanner Engine Version: 6.04.08
Nvcbin.def Version: 6.04.00, Date: 2010/05/25 11:56:03, Variants: 57644

Scan started: 2010/06/02 19:58:18

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: SPLIFFERNOX\Anders


Running anti-TDSS module:

No TDSS infection detected

TDSS scan complete. Will now scan for related malware

Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 16ms


Scanning running processes and process memory...

Number of processes/threads found: 3036
Number of processes/threads scanned: 3036
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 51s


Scanning file system...

Scanning: prescan

Scanning: C:\WINDOWS\system32\drivers\*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 321
Number of archives unpacked: 0
Number of files scanned: 321
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 11s

------------------------------------------------------------------------------------------
Norman TDSS Cleaner
Version 1.9.3
Copyright © 1990 - 2010, Norman ASA. Built 2010/05/25 11:56:03

Norman Scanner Engine Version: 6.04.08
Nvcbin.def Version: 6.04.00, Date: 2010/05/25 11:56:03, Variants: 57644

Scan started: 2010/06/02 20:00:39

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: SPLIFFERNOX\Anders


Running anti-TDSS module:

No TDSS infection detected

TDSS scan complete. Will now scan for related malware

Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 31ms


Scanning running processes and process memory...

Number of processes/threads found: 2954
Number of processes/threads scanned: 2954
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 33s


Scanning file system...

Scanning: prescan

Scanning: C:\WINDOWS\system32\drivers\*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 321
Number of archives unpacked: 0
Number of files scanned: 321
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 6s
Posted 6/2/2010 6:06 PM
#86357
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
https://forums.malwarebytes.org/index.php?s=b516d5dc3e0ee5ddef1c1c0c6673e090&act=attach&type=post&id=12948
try kaspersky tdss killer, post the log
Posted 6/2/2010 6:18 PM
#86358
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
I registered as member on malwarebytes site, yet i still cant get the link to work - all i get is a blank site. Do i need to read whats on that site or can i just google "kaspersky tdss killer" ? :O
Posted 6/2/2010 6:24 PM
#86359
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
sorry wrong link!
this
https://support.kaspersky.com/viruses/solutions?qid=208280684
this is the right
Posted 6/2/2010 6:26 PM
#86360
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
ye i found that one via google

heres the log:

20:23:48:390 2956 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
20:23:48:390 2956 ================================================================================
20:23:48:390 2956 SystemInfo:

20:23:48:390 2956 OS Version: 5.1.2600 ServicePack: 3.0
20:23:48:390 2956 Product type: Workstation
20:23:48:390 2956 ComputerName: SPLIFFERNOX
20:23:48:390 2956 UserName: Anders
20:23:48:390 2956 Windows directory: C:\WINDOWS
20:23:48:390 2956 Processor architecture: Intel x86
20:23:48:390 2956 Number of processors: 2
20:23:48:390 2956 Page size: 0x1000
20:23:48:390 2956 Boot type: Normal boot
20:23:48:390 2956 ================================================================================
20:23:49:140 2956 Initialize success
20:23:49:140 2956
20:23:49:140 2956 Scanning Services ...
20:23:49:703 2956 Raw services enum returned 347 services
20:23:49:718 2956
20:23:49:718 2956 Scanning Drivers ...
20:23:50:578 2956 ACPI (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:23:50:609 2956 ACPIEC (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:23:50:640 2956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:23:50:734 2956 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
20:23:50:875 2956 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
20:23:50:984 2956 AR5416 (bedbe05a8d40afdb7a3410a1e9d3bfa9) C:\WINDOWS\system32\DRIVERS\athw.sys
20:23:51:062 2956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:23:51:140 2956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:23:51:187 2956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:23:51:218 2956 ATSWPDRV (3ee6c0dc85872ad65447aa9b8dfeff30) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
20:23:51:265 2956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:23:51:296 2956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:23:51:343 2956 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
20:23:51:468 2956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:23:51:500 2956 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:23:51:531 2956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:23:51:562 2956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:23:51:625 2956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:23:51:671 2956 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:23:51:703 2956 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:23:51:750 2956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:23:51:812 2956 dmboot (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys
20:23:51:890 2956 dmio (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys
20:23:51:921 2956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:23:51:953 2956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:23:51:968 2956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:23:52:031 2956 eamon (b7b3fbc5591358b89955c4189970269e) C:\WINDOWS\system32\DRIVERS\eamon.sys
20:23:52:093 2956 ehdrv (a6823c79f80c1a76ab7f3f1f425e524c) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
20:23:52:140 2956 epfw (c5c747ba9de4a5e3505e55cf1a1691d6) C:\WINDOWS\system32\DRIVERS\epfw.sys
20:23:52:171 2956 Epfwndis (032ee036530a5cfb2c403ab42107f9e1) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
20:23:52:203 2956 epfwtdi (93adbe06d968e885bfe0cc0ba5ac113d) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
20:23:52:250 2956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:23:52:281 2956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:23:52:312 2956 Fips (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys
20:23:52:312 2956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:23:52:375 2956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:23:52:390 2956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:23:52:453 2956 Ftdisk (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:23:52:484 2956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:23:52:531 2956 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:23:52:578 2956 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:23:52:609 2956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:23:52:687 2956 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
20:23:52:734 2956 hwusbdev (b93d3c81ef1d372dc5bd5e6275362e1a) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
20:23:52:796 2956 i8042prt (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:23:52:828 2956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:23:53:046 2956 IntcAzAudAddService (c42f37a1f345219b4888188bf297ddef) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:23:53:203 2956 intelppm (d1cd31b6cd4a99f3b82aec84cfdd4cba) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:23:53:250 2956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:23:53:281 2956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:23:53:312 2956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:23:53:312 2956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:23:53:359 2956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:23:53:390 2956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:23:53:406 2956 isapnp (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:23:53:515 2956 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Programmer\CheckPoint\ZAForceField\ISWKL.sys
20:23:53:562 2956 Kbdclass (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:23:53:593 2956 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
20:23:53:640 2956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:23:53:687 2956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:23:53:750 2956 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:23:53:796 2956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:23:53:828 2956 Modem (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys
20:23:53:937 2956 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
20:23:53:984 2956 Mouclass (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:23:54:015 2956 mouhid (39f0a46109b167707018e8889d5fec93) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:23:54:046 2956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:23:54:078 2956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:23:54:171 2956 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:23:54:203 2956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:23:54:234 2956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:23:54:250 2956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:23:54:250 2956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:23:54:265 2956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:23:54:281 2956 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:23:54:296 2956 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:23:54:312 2956 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:23:54:328 2956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:23:54:343 2956 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:23:54:375 2956 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:23:54:421 2956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:23:54:421 2956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:23:54:437 2956 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
20:23:54:468 2956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:23:54:562 2956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:23:54:593 2956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:23:54:640 2956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:23:54:687 2956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:23:54:968 2956 nv (7c84d59e7092f57474921c2946250b52) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:23:55:125 2956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:23:55:140 2956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:23:55:187 2956 Parport (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\drivers\Parport.sys
20:23:55:203 2956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:23:55:234 2956 ParVdm (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys
20:23:55:265 2956 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
20:23:55:312 2956 PCI (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys
20:23:55:343 2956 PCIIde (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:23:55:375 2956 Pcmcia (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:23:55:437 2956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:23:55:453 2956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:23:55:453 2956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:23:55:500 2956 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:23:55:562 2956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:23:55:562 2956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:23:55:578 2956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:23:55:578 2956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:23:55:656 2956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:23:55:671 2956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:23:55:703 2956 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:23:55:734 2956 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:23:55:765 2956 redbook (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:23:55:812 2956 RSUSBSTOR (7b7a157d6cc1eb77bc43e2aa23dae600) C:\WINDOWS\system32\Drivers\RtsUStor.sys
20:23:55:843 2956 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:23:55:875 2956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:23:55:890 2956 Serial (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\drivers\Serial.sys
20:23:55:953 2956 sfdrv01 (58235f4483b63ff33b0fc41c1cd624c5) C:\WINDOWS\system32\drivers\sfdrv01.sys
20:23:55:953 2956 sfhlp02 (e58bfc561f3d1d9c79b61a151c208c78) C:\WINDOWS\system32\drivers\sfhlp02.sys
20:23:55:968 2956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:23:56:015 2956 sfsync04 (8451848f85453c24a8f91ac8d9dfa77f) C:\WINDOWS\system32\drivers\sfsync04.sys
20:23:56:046 2956 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:23:56:078 2956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:23:56:125 2956 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
20:23:56:187 2956 sr (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys
20:23:56:218 2956 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
20:23:56:250 2956 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:23:56:265 2956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:23:56:281 2956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:23:56:343 2956 SynTP (ae4052fc36bd4c390cee45a38ec1199a) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:23:56:359 2956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:23:56:437 2956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:23:56:484 2956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:23:56:515 2956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:23:56:562 2956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:23:56:578 2956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:23:56:640 2956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:23:56:671 2956 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:23:56:703 2956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:23:56:718 2956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:23:56:734 2956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:23:56:781 2956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:23:56:796 2956 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:23:56:828 2956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:23:56:843 2956 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:23:56:875 2956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:23:56:906 2956 VolSnap (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys
20:23:57:015 2956 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
20:23:57:046 2956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:23:57:078 2956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:23:57:093 2956 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:23:57:109 2956 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:23:57:109 2956
20:23:57:109 2956 Completed
20:23:57:109 2956
20:23:57:109 2956 Results:
20:23:57:109 2956 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:23:57:109 2956 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:23:57:109 2956
20:23:57:109 2956 KLMD(ARK) unloaded successfully
Posted 6/2/2010 6:35 PM
#86361
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
gmer:

Please download GMER from one of the following locations and save it to your desktop:
https://gmer.net/download.php
This version will download a randomly named file (Recommended)
https://gmer.net/gmer.zip
Disconnect from the Internet and close all running programs.
Temporarily turn off all antivirus programs

Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.
Posted 6/3/2010 5:18 AM
#86377
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
Dont know if its important, but I guess reporting it wont hurt. After finishing the GMER scan (which my computer did sometime during the night) i saved the log file and then re attached the internetcable. Got an error message, so tried to restart. Instead I ended up with an unresponsive grey screen. Turned the power off, started computer again, everything seems fine. Heres the log:

GMER 1.0.15.15281 - https://www.gmer.net
Rootkit scan 2010-06-03 07:00:51
Windows 5.1.2600 Service Pack 3
Running: ystdrm59.exe; Driver: C:\DOCUME~1\Anders\LOKALE~1\Temp\kxldapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB4683610]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB4536534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB4530782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB454F6DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB4536CC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB4536DF6]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB4683C10]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB4531398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB4550FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB455093C]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB4683730]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB455193C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB4551B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB4530FAA]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB46834B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB4683570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB46836D0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB45528D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB4552208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB45360F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB45532A4]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB4683690]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB453175C]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB4683650]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB4552E12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB45500C4]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB4683510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB4683590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB46834D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB46835D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB4683750]

Code \??\C:\DOCUME~1\Anders\LOKALE~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xB7F67000, 0xC0A, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F84360, 0x56C395, 0xE8000020]
? C:\DOCUME~1\Anders\LOKALE~1\Temp\catchme.sys Den angivne fil blev ikke fundet. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Den angivne fil blev ikke fundet. !
? C:\DOCUME~1\Anders\LOKALE~1\Temp\mbr.sys Den angivne fil blev ikke fundet. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programmer\CheckPoint\ZAForceField\IswSvc.exe[752] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\CheckPoint\ZAForceField\IswSvc.exe[752] USER32.dll!DefDlgProcW + 56E 7E3742A8 5 Bytes JMP 20C79270 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\explorer.exe[820] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\explorer.exe[820] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\explorer.exe[820] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\explorer.exe[820] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\explorer.exe[820] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\explorer.exe[820] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\explorer.exe[820] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\explorer.exe[820] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1016] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1016] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1016] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1016] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1016] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1016] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1016] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1016] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\ESET\ESET Smart Security\ekrn.exe[1120] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\winlogon.exe[1180] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1180] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1180] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1180] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1180] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1180] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1180] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1180] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1224] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1224] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1224] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1224] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1224] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1236] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1236] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1236] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1236] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1236] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Java\jre6\bin\jqs.exe[1296] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Java\jre6\bin\jqs.exe[1296] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Java\jre6\bin\jqs.exe[1296] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Java\jre6\bin\jqs.exe[1296] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Java\jre6\bin\jqs.exe[1296] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Java\jre6\bin\jqs.exe[1296] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Java\jre6\bin\jqs.exe[1296] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Java\jre6\bin\jqs.exe[1296] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[1432] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[1432] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[1432] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[1432] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[1432] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[1432] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[1432] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[1432] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1500] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1500] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[1768] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[1768] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[1768] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[1768] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[1768] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[1768] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[1768] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[1768] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2140] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2140] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2140] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2140] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2140] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2140] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2264] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2264] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2264] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2264] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2264] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2264] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2264] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2264] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3248] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3248] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3248] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3248] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3248] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3248] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3248] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3248] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3360] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3360] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3360] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3360] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3360] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3360] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3360] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3360] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Anders\Skrivebord\ystdrm59.exe[3752] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Anders\Skrivebord\ystdrm59.exe[3752] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Anders\Skrivebord\ystdrm59.exe[3752] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Anders\Skrivebord\ystdrm59.exe[3752] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Anders\Skrivebord\ystdrm59.exe[3752] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Anders\Skrivebord\ystdrm59.exe[3752] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Anders\Skrivebord\ystdrm59.exe[3752] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Anders\Skrivebord\ystdrm59.exe[3752] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\ESET\ESET Smart Security\egui.exe[3804] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\ESET\ESET Smart Security\egui.exe[3804] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\ESET\ESET Smart Security\egui.exe[3804] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\ESET\ESET Smart Security\egui.exe[3804] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\ESET\ESET Smart Security\egui.exe[3804] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\ESET\ESET Smart Security\egui.exe[3804] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\ESET\ESET Smart Security\egui.exe[3804] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7426 5 Bytes JMP 20C78E5D C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programmer\ESET\ESET Smart Security\egui.exe[3804] ADVAPI32.dll!SetThreadToken 77DCF193 5 Bytes JMP 20C79036 C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B453B672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B453B4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B453BCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B4539C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B4539C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B453B672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B453B4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B453BCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B453B672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B4539C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B453BCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B453B4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B453BCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B453B4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B453B672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B4539C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B453B672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B453B4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B453BCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B453B672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B4539C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B453BCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B453B4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\explorer.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\spoolsv.exe[1016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[1224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[1236] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programmer\Java\jre6\bin\jqs.exe[1296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[1432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wdfmgr.exe[1768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[2140] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wscntfy.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[3360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Documents and Settings\Anders\Skrivebord\ystdrm59.exe[3752] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programmer\ESET\ESET Smart Security\egui.exe[3804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\atapi \Device\Ide\IdePort0 8AE7FDE8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8AE7FDE8
Device \Driver\atapi \Device\Ide\IdePort1 8AE7FDE8
Device \Driver\atapi \Device\Ide\IdePort2 8AE7FDE8
Device \Driver\atapi \Device\Ide\IdePort3 8AE7FDE8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8AE7FDE8
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0xD4 0x70 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programmer\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0x4B 0x18 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE3 0x14 0x63 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5F 0x27 0xD5 0x91 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0xD4 0x70 0xD2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programmer\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0x4B 0x18 0xA0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE3 0x14 0x63 0x73 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5F 0x27 0xD5 0x91 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----
Posted 6/3/2010 11:05 AM
#86383
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
We need to create an OTL Report

1. Please download OTL
https://oldtimer.geekstogo.com/OTL.exe

2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
6. Copy and Paste the following into the textbox.


netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
winlogon.exe
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

7. Push "scan"
8. Two reports will open, copy and paste them in a reply here:
• OTListIt.txt <-- Will be opened
• Extra.txt <-- Will be minimized
perhaps you must post in two or more parts.
Posted 6/3/2010 3:27 PM
#86388
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
OTL logfile created on: 03-06-2010 17:18:56 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Anders\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 232,88 Gb Total Space | 45,42 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SPLIFFERNOX
Current User Name: Anders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-06-03 17:16:14 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anders\Skrivebord\OTL.exe
PRC - [2010-05-26 15:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Programmer\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010-05-26 15:35:14 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Programmer\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010-05-26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010-05-26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010-05-24 12:41:41 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010-05-24 12:41:40 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010-04-01 19:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programmer\Mozilla Firefox\firefox.exe
PRC - [2010-03-24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Programmer\ESET\ESET Smart Security\ekrn.exe
PRC - [2010-03-24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Programmer\ESET\ESET Smart Security\egui.exe
PRC - [2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-06-03 17:16:14 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anders\Skrivebord\OTL.exe
MOD - [2010-05-26 15:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Programmer\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2008-07-25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008-07-25 11:17:20 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
MOD - [2008-04-14 18:04:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-05-26 15:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programmer\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010-05-26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010-05-24 12:41:40 | 001,314,704 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-03-29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programmer\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010-03-24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programmer\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010-03-24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Programmer\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2006-05-10 11:59:04 | 000,353,912 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1)
SRV - [2003-07-28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-05-31 22:20:38 | 001,590,528 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2010-05-31 22:20:03 | 000,189,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010-05-26 15:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programmer\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010-03-24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010-03-24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010-03-24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010-03-24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010-03-24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010-03-17 02:01:53 | 010,259,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010-02-04 17:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-01-19 19:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-12-01 21:06:14 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009-11-27 16:20:06 | 000,177,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-11-18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-06-30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009-06-22 20:38:18 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009-06-22 20:24:48 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2008-07-17 17:44:29 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008-04-13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-lyddriver (WDM)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-01-19 15:04:16 | 000,139,144 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2006-05-10 10:59:04 | 000,052,224 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006-05-10 10:39:38 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006-05-10 10:20:28 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004-10-15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1644491937-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://google.com/
IE - HKU\S-1-5-21-842925246-1644491937-839522115-1003\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programmer\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-842925246-1644491937-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "https://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Customized Web Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programmer\CheckPoint\ZAForceField\TrustChecker [2010-06-02 08:16:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2010-05-31 14:19:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2010-05-31 14:17:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programmer\ESET\ESET Smart Security\Mozilla Thunderbird [2010-06-02 09:10:05 | 000,000,000 | ---D | M]

[2010-03-26 12:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Mozilla\Extensions
[2010-06-03 07:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Mozilla\Firefox\Profiles\85s6nkh3.default\extensions
[2010-03-28 12:33:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anders\Application Data\Mozilla\Firefox\Profiles\85s6nkh3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-05-31 14:12:32 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Documents and Settings\Anders\Application Data\Mozilla\Firefox\Profiles\85s6nkh3.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2010-05-30 20:24:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Anders\Application Data\Mozilla\Firefox\Profiles\85s6nkh3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010-05-10 14:19:32 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Anders\Application Data\Mozilla\Firefox\Profiles\85s6nkh3.default\searchplugins\conduit.xml
[2010-06-03 07:24:23 | 000,000,000 | ---D | M] -- C:\Programmer\Mozilla Firefox\extensions
[2010-06-01 15:55:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-06-01 15:55:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010-06-02 18:16:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programmer\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmer\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmer\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programmer\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmer\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-842925246-1644491937-839522115-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-842925246-1644491937-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-842925246-1644491937-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmer\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-842925246-1644491937-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Programmer\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-842925246-1644491937-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmer\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [egui] C:\Programmer\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISW] C:\Programmer\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1644491937-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-842925246-1644491937-839522115-1003\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-842925246-1644491937-839522115-1003\..Trusted Domains: danid.dk ([]https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} https://danid.dk/csp/authenticode/csp.exe (IssueUtilCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} https://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} https://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240515232921 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} https://danid.dk/csp/authenticode/csp.exe (Util Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} https://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.238.112.11 84.238.112.27
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmer\Fælles filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmer\Fælles filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Anders\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anders\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-23 18:54:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-04-23 20:37:39 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HotKey.lnk - C:\Programmer\TEXTware\HotKey\TWALINK.EXE - (TEXTware A/S)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^On Screen Display.lnk - C:\Programmer\Zepto Utilities\Zepto Mobile Utilities\On Screen Display\OSD.exe - (Zepto)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programmer\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programmer\Fælles filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programmer\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Gengivelse af vektorgrafik (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-databinding til Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Avanceret redigering
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Java-klasser til DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webmapper
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Opgavestyring
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - lhacm.acm File not found
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65878755301654528)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-06-03 17:15:59 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anders\Skrivebord\OTL.exe
[2010-06-03 07:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Skrivebord\combofix
[2010-06-03 07:21:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-06-02 19:37:44 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010-06-02 17:49:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-06-02 17:49:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-06-02 17:49:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-06-02 17:49:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-06-02 17:48:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-06-02 17:46:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-06-02 14:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Skrivebord\hijackthis
[2010-06-02 13:09:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Anders\Recent
[2010-06-01 21:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\ESET
[2010-06-01 20:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Lokale indstillinger\Application Data\ESET
[2010-06-01 20:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Application Data\ESET
[2010-06-01 20:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\ESET
[2010-06-01 20:25:33 | 000,000,000 | ---D | C] -- C:\Programmer\ESET
[2010-06-01 20:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010-06-01 18:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010-06-01 17:33:22 | 000,000,000 | ---D | C] -- C:\fb99ce6f93efa8afe8746992
[2010-06-01 15:55:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-06-01 15:55:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-06-01 15:55:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-06-01 15:45:05 | 000,000,000 | R--D | C] -- C:\Programmer\Skype
[2010-05-31 22:20:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sda
[2010-05-31 22:20:03 | 009,112,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtsUStoricon.dll
[2010-05-31 22:20:03 | 000,313,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtsUStor.dll
[2010-05-31 22:20:03 | 000,189,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtsUStor.sys
[2010-05-31 22:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2010-05-31 17:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Application Data\OpenOffice.org
[2010-05-31 17:18:25 | 000,000,000 | ---D | C] -- C:\Programmer\JRE
[2010-05-31 17:18:13 | 000,000,000 | ---D | C] -- C:\Programmer\OpenOffice.org 3
[2010-05-31 15:08:02 | 000,000,000 | ---D | C] -- C:\Programmer\CCleaner
[2010-05-31 14:44:54 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010-05-31 14:44:45 | 000,000,000 | ---D | C] -- C:\Programmer\Panda Security
[2010-05-31 14:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Dokumenter\ForceField Shared Files
[2010-05-31 14:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Application Data\CheckPoint
[2010-05-31 14:12:29 | 000,000,000 | ---D | C] -- C:\Programmer\Conduit
[2010-05-31 14:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Lokale indstillinger\Application Data\Conduit
[2010-05-31 14:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Lokale indstillinger\Application Data\ZoneAlarm
[2010-05-31 14:12:27 | 000,000,000 | ---D | C] -- C:\Programmer\ZoneAlarm
[2010-05-31 14:12:22 | 000,000,000 | ---D | C] -- C:\Programmer\CheckPoint
[2010-05-31 14:12:18 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010-05-31 14:12:15 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010-05-31 14:12:15 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010-05-31 14:12:09 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010-05-31 14:12:08 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010-05-31 14:12:08 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010-05-31 14:12:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010-05-31 14:12:07 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010-05-31 14:12:07 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010-05-31 14:12:06 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010-05-31 14:12:05 | 000,000,000 | ---D | C] -- C:\Programmer\Zone Labs
[2010-05-31 14:11:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010-05-31 14:11:21 | 000,712,192 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010-05-31 14:11:21 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010-05-31 14:11:21 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010-05-31 14:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Dokumenter\Downloads
[2010-05-24 12:40:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010-05-24 11:48:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-05-24 10:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010-05-24 10:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010-05-19 09:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Adobe
[2010-05-19 09:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010-05-18 12:45:53 | 000,000,000 | ---D | C] -- C:\Programmer\Microsoft Silverlight
[2010-05-16 13:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Dokumenter\Hentede filer
[2010-05-16 11:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Application Data\Uniblue
[2010-05-16 11:23:08 | 000,000,000 | ---D | C] -- C:\Programmer\Uniblue
[2010-05-15 10:45:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-05-04 19:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anders\Dokumenter\Å
[2004-11-24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-06-03 17:16:14 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anders\Skrivebord\OTL.exe
[2010-06-03 17:07:38 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-06-03 17:03:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010-06-03 17:03:58 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1644491937-839522115-1003.job
[2010-06-03 17:03:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-03 17:03:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-03 17:03:08 | 3218,059,264 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-03 12:06:37 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Anders\NTUSER.DAT
[2010-06-03 12:06:37 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\Anders\ntuser.ini
[2010-06-02 19:26:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-06-02 19:00:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Anders\defogger_reenable
[2010-06-02 18:18:34 | 000,051,584 | ---- | M] () -- C:\Documents and Settings\Anders\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
[2010-06-02 18:16:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-06-02 18:06:23 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-02 17:46:51 | 000,000,531 | ---- | M] () -- C:\WINDOWS\TEXTWARE.INI
[2010-06-02 11:29:55 | 000,025,858 | ---- | M] () -- C:\Documents and Settings\Anders\Dokumenter\cc_20100602_112950.reg
[2010-06-02 09:08:49 | 000,002,660 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-06-01 20:09:56 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Anders\Lokale indstillinger\Application Data\housecall.guid.cache
[2010-06-01 15:55:31 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-06-01 15:55:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-06-01 15:55:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-06-01 15:55:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-06-01 15:55:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-06-01 14:23:34 | 000,217,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-01 09:50:40 | 000,006,038 | ---- | M] () -- C:\Documents and Settings\Anders\Dokumenter\cc_20100601_095031.reg
[2010-05-31 22:21:55 | 000,447,834 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2010-05-31 22:21:55 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-31 22:21:55 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-31 22:21:54 | 000,078,192 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2010-05-31 22:21:53 | 001,038,810 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-31 22:20:38 | 001,590,528 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athw.sys
[2010-05-31 22:20:03 | 009,112,096 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtsUStoricon.dll
[2010-05-31 22:20:03 | 000,313,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtsUStor.dll
[2010-05-31 22:20:03 | 000,189,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtsUStor.sys
[2010-05-31 15:15:46 | 000,025,646 | ---- | M] () -- C:\Documents and Settings\Anders\Dokumenter\cc_20100531_151532.reg
[2010-05-31 14:41:24 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-05-31 14:38:10 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-05-31 14:13:20 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010-05-31 14:12:20 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010-05-26 13:03:22 | 001,238,528 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010-05-26 13:03:16 | 000,712,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010-05-26 13:03:16 | 000,110,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010-05-26 13:03:16 | 000,103,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010-05-26 13:03:16 | 000,069,120 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010-05-26 13:03:16 | 000,043,008 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010-05-26 13:03:14 | 000,302,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010-05-26 13:03:14 | 000,228,352 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010-05-26 13:03:14 | 000,112,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010-05-26 13:03:14 | 000,107,520 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010-05-26 13:03:14 | 000,058,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010-05-24 12:42:10 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010-05-24 12:42:08 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010-05-23 22:12:36 | 000,002,216 | ---- | M] () -- C:\WINDOWS\CDPLAYER.INI
[2010-05-19 09:07:04 | 000,006,686 | ---- | M] () -- C:\Documents and Settings\Anders\Application Data\PrimoPDFSet.xml
[2010-05-19 08:32:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-05-15 13:56:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-05-15 13:56:45 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\Anders\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-13 19:35:23 | 000,000,175 | ---- | M] () -- C:\Documents and Settings\Anders\default.pls
[2010-05-13 13:22:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010-05-11 07:52:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1644491937-839522115-1003.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-06-02 19:00:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Anders\defogger_reenable
[2010-06-02 17:49:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-06-02 17:49:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-06-02 17:49:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-06-02 17:49:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-06-02 17:49:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-06-02 11:29:53 | 000,025,858 | ---- | C] () -- C:\Documents and Settings\Anders\Dokumenter\cc_20100602_112950.reg
[2010-06-01 20:09:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Anders\Lokale indstillinger\Application Data\housecall.guid.cache
[2010-06-01 14:58:28 | 3218,059,264 | -HS- | C] () -- C:\hiberfil.sys
[2010-06-01 09:50:37 | 000,006,038 | ---- | C] () -- C:\Documents and Settings\Anders\Dokumenter\cc_20100601_095031.reg
[2010-05-31 15:15:37 | 000,025,646 | ---- | C] () -- C:\Documents and Settings\Anders\Dokumenter\cc_20100531_151532.reg
[2010-05-31 14:12:20 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010-05-31 14:12:06 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010-05-19 09:06:57 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\PrimoPDFSet.xml
[2010-01-28 15:45:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009-12-11 15:00:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ltserial.dll
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-08-01 19:27:36 | 000,000,297 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-07-18 17:20:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009-05-28 02:36:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009-05-24 18:23:51 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009-05-14 12:33:43 | 000,000,048 | ---- | C] () -- C:\WINDOWS\CDCOPS.INI
[2009-05-11 20:07:13 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-05-08 13:56:45 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009-05-08 13:56:45 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009-04-27 17:24:59 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\TWAHKY32.DLL
[2009-04-27 17:24:59 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\WIN32CMI.DLL
[2009-04-27 06:13:36 | 000,000,308 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009-04-24 00:34:04 | 000,000,531 | ---- | C] () -- C:\WINDOWS\TEXTWARE.INI
[2009-04-23 21:31:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-04-23 21:22:18 | 000,000,259 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-04-23 21:05:34 | 000,002,216 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2009-04-23 20:17:01 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\MLowCtl.sys
[2009-04-23 19:03:06 | 005,386,240 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2009-01-05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008-12-19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008-12-17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008-12-17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008-12-17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-12-17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008-12-17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008-12-11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-03-20 18:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2004-10-03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009-05-09 09:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010-01-11 18:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009-12-01 21:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009-04-27 18:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2010-06-01 20:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010-06-01 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009-04-25 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marginal Team
[2010-05-24 10:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009-06-18 23:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010-05-24 10:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010-06-01 09:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-05-24 12:40:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009-08-29 11:22:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BE1D7187-C39B-4B11-9EBD-9D19FAE66E65}
[2010-06-02 07:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Auslogics
[2010-05-31 15:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Azureus
[2009-10-21 21:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Blitware
[2010-05-31 14:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\CheckPoint
[2009-06-29 14:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\com.guppyworks.TrafficTestAIR-Normal.EF65CBC8490B8DE562751ED3D05F1E6FF784EDC0.1
[2009-04-28 17:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Cryptomathic
[2009-04-23 21:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\DAEMON Tools Lite
[2010-06-01 20:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\ESET
[2010-01-16 19:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Mumble
[2010-05-31 17:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\OpenOffice.org
[2009-06-30 14:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Red Alert 3
[2010-05-31 22:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Uniblue
[2010-06-03 17:07:38 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010-06-03 17:03:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2010-01-29 20:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009-04-23 20:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009-05-09 09:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010-01-11 18:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009-04-24 00:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009-08-20 09:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009-12-01 21:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009-04-27 18:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2010-06-01 20:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010-06-01 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009-08-29 16:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009-10-15 19:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009-08-14 13:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-04-25 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marginal Team
[2010-03-31 10:03:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010-05-24 10:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010-05-31 14:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010-01-28 15:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009-04-23 19:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009-04-23 22:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009-06-18 23:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010-03-16 08:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2010-06-01 15:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010-06-02 13:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010-05-24 10:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010-04-25 12:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010-06-01 09:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-04-23 21:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010-05-24 12:40:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009-08-29 11:22:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BE1D7187-C39B-4B11-9EBD-9D19FAE66E65}

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2010-02-04 17:53:47 | 002,954,656 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
[2009-07-10 13:52:22 | 003,113,376 | ---- | M] (DanID ) -- C:\Documents and Settings\All Users\Application Data\{BE1D7187-C39B-4B11-9EBD-9D19FAE66E65}\csp.exe
[2010-05-24 12:41:40 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010-05-24 12:41:41 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2010-05-24 12:41:42 | 000,755,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
[2010-06-01 20:01:03 | 001,509,384 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010-06-01 20:01:05 | 000,902,208 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010-05-24 12:41:45 | 000,869,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010-03-01 14:33:36 | 003,803,208 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
[2010-05-24 12:42:08 | 000,015,880 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010-05-24 12:42:09 | 000,894,488 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2010-05-24 11:35:45 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2009-04-25 19:54:37 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Marginal Team\Wowhead Client\gzip.exe

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2009-06-29 14:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Adobe
[2010-01-31 16:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Ahead
[2010-06-02 07:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Auslogics
[2010-05-31 15:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Azureus
[2009-10-21 21:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Blitware
[2009-09-14 20:12:08 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Anders\Application Data\Brother
[2010-05-31 14:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\CheckPoint
[2009-06-29 14:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\com.guppyworks.TrafficTestAIR-Normal.EF65CBC8490B8DE562751ED3D05F1E6FF784EDC0.1
[2009-04-28 17:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Cryptomathic
[2009-04-23 21:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\DAEMON Tools Lite
[2009-09-01 19:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\dvdcss
[2010-06-01 20:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\ESET
[2009-04-23 19:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Google
[2010-05-01 15:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Help
[2009-04-23 18:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Identities
[2009-04-23 18:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\InstallShield
[2009-04-23 19:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Macromedia
[2009-08-14 13:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Malwarebytes
[2010-05-31 15:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Media Player Classic
[2010-05-02 13:56:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Anders\Application Data\Microsoft
[2010-03-26 12:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Mozilla
[2010-01-16 19:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Mumble
[2010-03-31 11:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Office Genuine Advantage
[2010-05-31 17:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\OpenOffice.org
[2010-03-16 08:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Real
[2009-06-30 14:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Red Alert 3
[2010-06-01 21:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Skype
[2010-06-01 15:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\skypePM
[2009-04-23 20:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Sun
[2009-06-09 00:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\teamspeak2
[2010-05-31 22:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Uniblue
[2009-04-24 19:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Ventrilo
[2009-05-02 09:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\vlc
[2009-08-31 16:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anders\Application Data\Winamp

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010-01-03 17:27:49 | 010,686,001 | ---- | M] () -- C:\Documents and Settings\Anders\Application Data\Azureus\plugins\azump\mplayer.exe
[2009-06-29 14:32:28 | 000,037,176 | ---- | M] () -- C:\Documents and Settings\Anders\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009-04-23 19:05:18 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Anders\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009-07-31 17:08:09 | 000,011,502 | R--- | M] () -- C:\Documents and Settings\Anders\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\ARPPRODUCTICON.exe
[2009-07-31 17:08:10 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Anders\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2009-07-31 17:08:09 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Anders\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2009-07-31 17:08:10 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Anders\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2009-07-31 17:08:10 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Anders\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-03-02 14:00:00 | 018,778,967 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009-04-23 21:55:04 | 023,884,250 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009-04-23 21:55:04 | 023,884,250 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\fe47693290fa91ed8502b337ef351ea4\backup\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-03-02 14:00:00 | 018,778,967 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009-04-23 21:55:04 | 023,884,250 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009-04-23 21:55:04 | 023,884,250 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\fe47693290fa91ed8502b337ef351ea4\backup\atapi.sys
[2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9AF52B89ACD5DCC707A1F7DE1720B419 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9AF52B89ACD5DCC707A1F7DE1720B419 -- C:\WINDOWS\SoftwareDistribution\Download\fe47693290fa91ed8502b337ef351ea4\backup\eventlog.dll
[2008-04-14 18:05:21 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=DAC8A51BA067F38B74766900E6DEA66A -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-14 18:05:21 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=DAC8A51BA067F38B74766900E6DEA66A -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 18:05:21 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=DAC8A51BA067F38B74766900E6DEA66A -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008-04-14 18:05:27 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=90C7E2675B3B1B6ADC5E694708F924F2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008-04-14 18:05:27 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=90C7E2675B3B1B6ADC5E694708F924F2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-14 18:05:27 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=90C7E2675B3B1B6ADC5E694708F924F2 -- C:\WINDOWS\system32\netlogon.dll
[2006-03-02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAEC07FEB65065D65B113399586EDEAD -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2006-03-02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAEC07FEB65065D65B113399586EDEAD -- C:\WINDOWS\SoftwareDistribution\Download\fe47693290fa91ed8502b337ef351ea4\backup\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2006-03-02 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=8089DF546BCB65603013764BA12961A8 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2006-03-02 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=8089DF546BCB65603013764BA12961A8 -- C:\WINDOWS\SoftwareDistribution\Download\fe47693290fa91ed8502b337ef351ea4\backup\scecli.dll
[2008-04-14 18:05:31 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=D609CB57A3B325A7B774EDD2C27665AD -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008-04-14 18:05:31 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=D609CB57A3B325A7B774EDD2C27665AD -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-14 18:05:31 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=D609CB57A3B325A7B774EDD2C27665AD -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2006-03-02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=3A03D6433E4E5FD3430DD3431FC6AC54 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2006-03-02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=3A03D6433E4E5FD3430DD3431FC6AC54 -- C:\WINDOWS\SoftwareDistribution\Download\fe47693290fa91ed8502b337ef351ea4\backup\userinit.exe
[2008-04-14 18:06:05 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008-04-14 18:06:05 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-14 18:06:05 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772 -- C:\WINDOWS\system32\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006-03-02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=713AD65B9FF9CEE0A43181B442D846EB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2006-03-02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=713AD65B9FF9CEE0A43181B442D846EB -- C:\WINDOWS\SoftwareDistribution\Download\fe47693290fa91ed8502b337ef351ea4\backup\winlogon.exe
[2008-04-14 18:06:06 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008-04-14 18:06:06 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 18:06:06 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2009-04-23 20:42:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-04-23 20:42:18 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-04-23 20:42:18 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

OTL Extras logfile created on: 03-06-2010 17:18:56 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Anders\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 232,88 Gb Total Space | 45,42 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SPLIFFERNOX
Current User Name: Anders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_USERS\S-1-5-21-842925246-1644491937-839522115-1003\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programmer\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [!ezcddaxa] -- "C:\Programmer\Easy CD-DA Extractor 9\convert.exe" "%1" ()
Directory [!ezcddaxb] -- "C:\Programmer\Easy CD-DA Extractor 9\burn.exe" "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Programmer\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmer\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programmer\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programmer\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programmer\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmer\Ventrilo\Ventrilo.exe" = C:\Programmer\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Games\Steam\steamapps\aholten@sol.dk\counter-strike\hl.exe" = C:\Games\Steam\steamapps\aholten@sol.dk\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Games\World of Warcraft\Launcher.exe" = C:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Games\World of Warcraft\Repair.exe" = C:\Games\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- (Blizzard Entertainment, Inc.)
"C:\Programmer\Vuze\Azureus.exe" = C:\Programmer\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Games\Red Alert 3\Data\ra3_1.0.game" = C:\Games\Red Alert 3\Data\ra3_1.0.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"C:\Games\World of Warcraft\BackgroundDownloader.exe" = C:\Games\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Games\FlatOut2\FlatOut2.exe" = C:\Games\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2 -- ()
"C:\Games\Age Of Empires II CRACKED\age2_x1.exe" = C:\Games\Age Of Empires II CRACKED\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Games\Q3\quake3.exe" = C:\Games\Q3\quake3.exe:*:Enabled:quake3 -- ()
"C:\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Games\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Games\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Games\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe" = C:\Games\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Games\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = C:\Games\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Games\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe" = C:\Games\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 : Beyond The Sword -- (Firaxis Games)
"C:\Games\Dragon Age\bin_ship\daorigins.exe" = C:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"C:\Games\Dragon Age\DAOriginsLauncher.exe" = C:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\Documents and Settings\Anders\Lokale indstillinger\Apps\2.0\BRWN9Z47.DKH\K0NGW6EB.DER\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\Anders\Lokale indstillinger\Apps\2.0\BRWN9Z47.DKH\K0NGW6EB.DER\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Disabled:vsmon -- (Check Point Software Technologies LTD)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{121A64FD-6D62-40A1-BDE3-F9A590A2B96B}" = Zepto Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Overførselsværktøj til Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.1.184_Foxconn Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2F3082BF-4A3B-45CA-805F-52DBBFD3C645}" = Windows Live Essentials
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41779D63-3B63-438A-A137-BE528E505E2F}" = Den Store Danske Encyklopædi
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5ED20FB0-678F-41EE-9211-DC9C670FD193}" = Battlefield 1942 Multiplayer Demo
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90110406-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{94B8F069-F223-4F48-BC88-7104CBA77F30}" = Windows Live Messenger
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9516A4F3-A620-4C4B-B17C-750C6B87AF4B}" = ESET Smart Security
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8
"{AC76BA86-7AD7-1030-7B44-A93000000001}" = Adobe Reader 9.3.2 - Dansk
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2314384-9A4F-11D5-8A18-0080AD737527}" = Politikens Nudansk Ordbog
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = Realtek Card Reader
"{D7452A01-9BF9-4FFD-8B2E-650F713AE099}" = Origin8
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E80F9ABB-618D-4B9E-9EA0-5BF6A7C2FE9D}" = Tilmeldingsassistent til Windows Live
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"2DA959FE3D6F0F5BC313481E72071D510DD786FB" = Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
"8461-7759-5462-8226" = Vuze
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Digital Signatur" = Digital Signatur
"E810106CD7698463921E43363A0B414A49A7A578" = Windows Driver Package - Intel (NETw5x32) net (05/21/2008 12.0.0.78)
"Easy CD-DA Extractor 9.0" = Easy CD-DA Extractor 9.0
"HijackThis" = HijackThis 2.0.2
"HotKey" = HotKey
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobilt Bredbånd" = Mobilt Bredbånd
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mumble" = Mumble and Murmur
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealPlayer 12.0" = RealPlayer
"SecureW2 Client" = SecureW2 Client 3.1.2
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-842925246-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Winamp Detect" = Winamp Detector Plug-in
"World of Warcraft Trial" = World of Warcraft Trial

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 01-02-2010 05:23:55 | Computer Name = SPLIFFERNOX | Source = Application Hang | ID = 1002
Description = Stoppet program explorer.exe, version 6.0.2900.5512, stoppet modul
hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

Error - 08-02-2010 06:12:03 | Computer Name = SPLIFFERNOX | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 03-03-2010 08:33:53 | Computer Name = SPLIFFERNOX | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 16-03-2010 03:00:17 | Computer Name = SPLIFFERNOX | Source = Application Error | ID = 1000
Description = Fejlagtigt program realplay.exe, version 12.0.0.614, fejlagtigt modul
rpcl3260.dll, version 6.0.10.760, fejlagtig adresse 0x0004dc45.

Error - 26-03-2010 06:12:08 | Computer Name = SPLIFFERNOX | Source = Application Error | ID = 1000
Description = Fejlagtigt program iexplore.exe, version 8.0.6001.18702, fejlagtigt
modul nvidia~1.ocx, version 1.0.0.3, fejlagtig adresse 0x0002c428.

Error - 26-03-2010 06:12:11 | Computer Name = SPLIFFERNOX | Source = Application Error | ID = 1001
Description = Fejl-bucket 1327451779.

Error - 31-03-2010 04:03:24 | Computer Name = SPLIFFERNOX | Source = Application Error | ID = 1000
Description = Fejlagtigt program iexplore.exe, version 8.0.6001.18702, fejlagtigt
modul nvidia~1.ocx, version 1.0.0.3, fejlagtig adresse 0x0002c428.

Error - 31-03-2010 04:03:56 | Computer Name = SPLIFFERNOX | Source = Application Hang | ID = 1002
Description = Stoppet program iexplore.exe, version 8.0.6001.18702, stoppet modul
hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

Error - 31-03-2010 04:03:59 | Computer Name = SPLIFFERNOX | Source = Application Hang | ID = 1001
Description = Fejl-bucket 1180947459.

Error - 06-04-2010 14:27:08 | Computer Name = SPLIFFERNOX | Source = Application Error | ID = 1000
Description = Fejlagtigt program iexplore.exe, version 8.0.6001.18702, fejlagtigt
modul unknown, version 0.0.0.0, fejlagtig adresse 0x00ffffff.

[ System Events ]
Error - 02-06-2010 01:50:19 | Computer Name = SPLIFFERNOX | Source = DCOM | ID = 10010
Description = Serveren {B366DEBE-645B-43A5-B865-DDD82C345492} blev ikke registreret
af DCOM inden for det specificerede tidsrum.

Error - 02-06-2010 01:59:42 | Computer Name = SPLIFFERNOX | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Den integrerede controllerhardware (EC) svarede ikke,
inden timeout-perioden udløb. Dette kan betyde en fejl i EC-hardwaren eller -softwaren
eller muligvis en dårligt designet BIOS, som fik adgang til EC'en på en usikker
måde. EC-driveren vil forsøge at gennemføre den mislykkede transaktion igen.

Error - 02-06-2010 02:31:34 | Computer Name = SPLIFFERNOX | Source = DCOM | ID = 10010
Description = Serveren {B366DEBE-645B-43A5-B865-DDD82C345492} blev ikke registreret
af DCOM inden for det specificerede tidsrum.

Error - 02-06-2010 03:12:31 | Computer Name = SPLIFFERNOX | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Den integrerede controllerhardware (EC) svarede ikke,
inden timeout-perioden udløb. Dette kan betyde en fejl i EC-hardwaren eller -softwaren
eller muligvis en dårligt designet BIOS, som fik adgang til EC'en på en usikker
måde. EC-driveren vil forsøge at gennemføre den mislykkede transaktion igen.

Error - 02-06-2010 12:04:52 | Computer Name = SPLIFFERNOX | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Den integrerede controllerhardware (EC) svarede ikke,
inden timeout-perioden udløb. Dette kan betyde en fejl i EC-hardwaren eller -softwaren
eller muligvis en dårligt designet BIOS, som fik adgang til EC'en på en usikker
måde. EC-driveren vil forsøge at gennemføre den mislykkede transaktion igen.

Error - 02-06-2010 13:03:39 | Computer Name = SPLIFFERNOX | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Den integrerede controllerhardware (EC) svarede ikke,
inden timeout-perioden udløb. Dette kan betyde en fejl i EC-hardwaren eller -softwaren
eller muligvis en dårligt designet BIOS, som fik adgang til EC'en på en usikker
måde. EC-driveren vil forsøge at gennemføre den mislykkede transaktion igen.

Error - 02-06-2010 13:13:24 | Computer Name = SPLIFFERNOX | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Den integrerede controllerhardware (EC) svarede ikke,
inden timeout-perioden udløb. Dette kan betyde en fejl i EC-hardwaren eller -softwaren
eller muligvis en dårligt designet BIOS, som fik adgang til EC'en på en usikker
måde. EC-driveren vil forsøge at gennemføre den mislykkede transaktion igen.

Error - 03-06-2010 01:02:55 | Computer Name = SPLIFFERNOX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisekunder) venter på, at tjenesten Lavasoft Ad-Aware
Service tilsluttes.

Error - 03-06-2010 01:02:57 | Computer Name = SPLIFFERNOX | Source = Service Control Manager | ID = 7000
Description = Tjenesten Lavasoft Ad-Aware Service kunne ikke starte pga. følgende
fejl: %%1053

Error - 03-06-2010 11:03:20 | Computer Name = SPLIFFERNOX | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Den integrerede controllerhardware (EC) svarede ikke,
inden timeout-perioden udløb. Dette kan betyde en fejl i EC-hardwaren eller -softwaren
eller muligvis en dårligt designet BIOS, som fik adgang til EC'en på en usikker
måde. EC-driveren vil forsøge at gennemføre den mislykkede transaktion igen.


< End of report >
Posted 6/3/2010 3:47 PM
#86390
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
do you know this folder?
C:\Documents and Settings\Anders\Dokumenter\Å
Posted 6/3/2010 3:59 PM
#86393
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
yeah its porn...
I originally just had it in C:\Documents and Settings\Anders\Dokumenter
but that got kinda akward when you brought it to school and other ppl used the computer :P

why? does it look suspicious apart from the non-descriptive name :O ?
Posted 6/3/2010 4:03 PM
#86394
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
yes sometimes malware can create such folders :d

i can not see any malware at this moment.
i have some questions.
you say, you have changed your passwords.
have you also changed your Secret Question? have you changed your mail pw also?
Posted 6/3/2010 4:33 PM
#86396
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
ok

the night before i decided to try this hijackthis forum assistance, i logged on to my mail account from another computer (which my GF uses for little else than checking her bank and facebook) and changed the pw _and_ secret question. I then logged unto my mail account on my own computer, logged back out and shut down the computer. The next morning I logged on again and used gmails feature that shows where the last 10 connections are from. Exotic locations such as Japan, China and Southkorea were listed as having connected to my email during the night, and I concluded that logging on to my gmail from my own computer resulted in someone else obtaining my pw which to me was a sign that my computer was infected with some sort of keylogger that various anti-spyware/malware scanners couldnt find.
Posted 6/3/2010 4:39 PM
#86398
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
a ok. this info is important and was not given in post1.
i must check all posebillitys and some users do not change the securety question.
we will try
Prevx safe online.
I use this tool, this protect you against data stealing techniques.
for example, you have an unknown malware and this will send your password to an backdoor server, it can protect you.
this tool is cloud based and net an internet conection to work korekt.
an test for better understanding:
https://info.prevx.com/download.asp?GRAB=IMMUNITY
please install the program:
https://pxnow.prevx.com/zeroL/PREVXFACEBOOK.EXE
it will start an "learn scan" let it run.
open your web browser. you will see the prevx safe online symbol.
klick it, select configure and set all to maximum.
screenshot:
https://www.pic-upload.de/view-5696014/prevx.jpg.html

select "safe"
have a look if all is working korekt, if not, tell me.
The program can also detect malware, but it can not remove it in this version. Please klick the symbol in the tray, select heuristik, set all to maximum.
klick now the "scan" buton.

now right klick the prevx symbol in the tray, select tool and safe log.
use the attachment manager and upload the log.
when you are installing many programms, you must set the age /popularity heuristik from maximum to high.
if you have problems to use prevx in the future, wilders have the prevx suport forum and you can open a thread.
https://www.wilderssecurity.com/
Posted 6/3/2010 5:03 PM
#86400
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
ok so -

i ran the scan.
It says 3 malicious programs are running.
i saved the log, but I didnt understant the part you wrote about uploading it - does the program have an inbuild upload feature, or should i copy/paste like I have done so far with the logs from the other programs?
also - did I understand this correct: I cannot use the big green button that says "cleanup now" because ive got the free version which only detects? or should I just click it?
Posted 6/3/2010 5:12 PM
#86401
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
no you can not remove.
you have safed the log?
now klick here the reply buton and you can see the buton attach manager. use this and you can upload the log as attachment.
Posted 6/3/2010 5:13 PM
#86402
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
ahh ok :)
Post attachments:
Posted 6/3/2010 5:25 PM
#86403
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
www.virustotal.com
check the following file:
c:\windows\system32\msvcrt.dll
if this file was already checked, select check again. post the log
Posted 6/3/2010 5:37 PM
#86410
User avatar

Splaffer Valued member

Date Joined Nov 2016
Total Posts: 20
Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.03 -
AhnLab-V3 2010.06.03.03 2010.06.03 -
AntiVir 8.2.2.4 2010.06.02 -
Antiy-AVL 2.0.3.7 2010.06.02 -
Authentium 5.2.0.5 2010.06.03 -
Avast 4.8.1351.0 2010.06.03 -
Avast5 5.0.332.0 2010.06.03 -
AVG 9.0.0.787 2010.06.03 -
BitDefender 7.2 2010.06.03 -
CAT-QuickHeal 10.00 2010.06.03 -
ClamAV 0.96.0.3-git 2010.06.03 -
Comodo 4980 2010.06.01 -
DrWeb 5.0.2.03300 2010.06.03 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7527 2010.06.03 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.03 -
Fortinet 4.1.133.0 2010.06.03 -
GData 21 2010.06.03 -
Ikarus T3.1.1.84.0 2010.06.03 -
Jiangmin 13.0.900 2010.06.03 -
Kaspersky 7.0.0.125 2010.06.03 -
McAfee 5.400.0.1158 2010.06.03 -
McAfee-GW-Edition 2010.1 2010.06.03 -
Microsoft 1.5802 2010.06.03 -
NOD32 5170 2010.06.03 -
Norman 6.04.12 2010.06.03 -
nProtect 2010-06-03.01 2010.06.03 -
Panda 10.0.2.7 2010.06.03 -
PCTools 7.0.3.5 2010.06.03 -
Prevx 3.0 2010.06.03 -
Rising 22.50.03.04 2010.06.03 -
Sophos 4.53.0 2010.06.03 -
Sunbelt 6400 2010.06.03 -
Symantec 20101.1.0.89 2010.06.03 -
TheHacker 6.5.2.0.292 2010.06.03 -
TrendMicro 9.120.0.1004 2010.06.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.03 -
VBA32 3.12.12.5 2010.06.03 -
ViRobot 2010.6.3.2335 2010.06.03 -
VirusBuster 5.0.27.0 2010.06.03 -
Additional information
File size: 343040 bytes
MD5...: 359b4ac32b5afad31551fab6a55489b3
SHA1..: a2b80a9e298de5bc1d33c7611663dd82e4385062
SHA256: 1ea0ad34c2433d96a1f8fd5fd52c65b50bfee5c9bafd8a8089733aa73ccf0088
ssdeep: 6144:xYRHRCAOnAa0cOlt/kK5dPrKnN9A1gsssKxPFMniF+NrbsYgW+bB:qfClAp
cOs6dTKnN9A11fOcq0U
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xf2a1
timedatestamp.....: 0x4803812c (Mon Apr 14 16:07:08 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4bd36 0x4be00 6.81 c710e57ff358f11f7b1296551be5b85a
.data 0x4d000 0x67c8 0x4800 3.19 506528bd7c482cc5074b414a9ef42b0c
.rsrc 0x54000 0x3e0 0x400 3.36 e5ef47aa4e31469ae695db9e725eace4
.reloc 0x55000 0x2d74 0x2e00 6.53 9431d739eecf6a31e207eb00391a2344

( 2 imports )
> KERNEL32.dll: MultiByteToWideChar, GetLastError, WideCharToMultiByte, Sleep, Beep, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FindFirstFileA, FindNextFileA, GetDiskFreeSpaceA, GetLogicalDrives, SetErrorMode, FindFirstFileW, FindNextFileW, GetCurrentThreadId, TlsSetValue, TlsGetValue, GetCommandLineA, GetVersionExA, GetFileAttributesA, SetEnvironmentVariableA, GetCurrentDirectoryA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetDriveTypeA, GetCurrentProcessId, CreateDirectoryA, RemoveDirectoryA, DeleteFileA, GetFileAttributesW, SetEnvironmentVariableW, GetCurrentDirectoryW, SetCurrentDirectoryW, SetFileAttributesW, GetFullPathNameW, CreateDirectoryW, DeleteFileW, MoveFileW, RemoveDirectoryW, GetDriveTypeW, MoveFileA, RaiseException, RtlUnwind, IsBadReadPtr, SetUnhandledExceptionFilter, IsBadWritePtr, IsBadCodePtr, CloseHandle, GetExitCodeProcess, WaitForSingleObject, GetProcAddress, LoadLibraryA, FreeLibrary, CreateProcessA, CreateProcessW, HeapReAlloc, GetModuleHandleA, HeapFree, GetModuleFileNameA, HeapAlloc, GetProcessHeap, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapValidate, HeapCompact, HeapWalk, HeapSize, VirtualProtect, GetSystemInfo, VirtualQuery, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, ReadConsoleA, SetConsoleMode, GetConsoleMode, IsDBCSLeadByteEx, GetConsoleCP, ReadConsoleW, SetEndOfFile, FlushFileBuffers, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, DuplicateHandle, GetCurrentProcess, GetFileInformationByHandle, PeekNamedPipe, SetStdHandle, EnterCriticalSection, LeaveCriticalSection, ReadConsoleInputA, PeekConsoleInputA, GetNumberOfConsoleInputEvents, ReadConsoleInputW, LockFile, UnlockFile, SetFilePointer, CreateFileA, CreatePipe, ReadFile, CreateFileW, WriteFile, GetACP, GetOEMCP, GetCPInfo, UnhandledExceptionFilter, CompareStringA, CompareStringW, GetLocaleInfoA, GetLocaleInfoW, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, SetConsoleCtrlHandler, GetCommandLineW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, InitializeCriticalSection, SetLastError, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, InterlockedExchange, ExitProcess, TlsFree, GetCurrentThread, TlsAlloc, ExitThread, ResumeThread, CreateThread, GetModuleFileNameW, GetTimeFormatA, GetDateFormatA, GetTimeZoneInformation, GetSystemTimeAsFileTime, SetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, GetLocalTime, SetLocalTime, GetTickCount, QueryPerformanceCounter, TerminateProcess
> ntdll.dll: RtlGetNtVersionNumbers

( 830 exports )
$I10_OUTPUT, __0__non_rtti_object@@QAE@ABV0@@Z, __0__non_rtti_object@@QAE@PBD@Z, __0bad_cast@@AAE@PBQBD@Z, __0bad_cast@@QAE@ABQBD@Z, __0bad_cast@@QAE@ABV0@@Z, __0bad_cast@@QAE@PBD@Z, __0bad_typeid@@QAE@ABV0@@Z, __0bad_typeid@@QAE@PBD@Z, __0exception@@QAE@ABQBD@Z, __0exception@@QAE@ABV0@@Z, __0exception@@QAE@XZ, __1__non_rtti_object@@UAE@XZ, __1bad_cast@@UAE@XZ, __1bad_typeid@@UAE@XZ, __1exception@@UAE@XZ, __1type_info@@UAE@XZ, __2@YAPAXI@Z, __3@YAXPAX@Z, __4__non_rtti_object@@QAEAAV0@ABV0@@Z, __4bad_cast@@QAEAAV0@ABV0@@Z, __4bad_typeid@@QAEAAV0@ABV0@@Z, __4exception@@QAEAAV0@ABV0@@Z, __8type_info@@QBEHABV0@@Z, __9type_info@@QBEHABV0@@Z, ___7__non_rtti_object@@6B@, ___7bad_cast@@6B@, ___7bad_typeid@@6B@, ___7exception@@6B@, ___E__non_rtti_object@@UAEPAXI@Z, ___Ebad_cast@@UAEPAXI@Z, ___Ebad_typeid@@UAEPAXI@Z, ___Eexception@@UAEPAXI@Z, ___Fbad_cast@@QAEXXZ, ___Fbad_typeid@@QAEXXZ, ___G__non_rtti_object@@UAEPAXI@Z, ___Gbad_cast@@UAEPAXI@Z, ___Gbad_typeid@@UAEPAXI@Z, ___Gexception@@UAEPAXI@Z, ___U@YAPAXI@Z, ___V@YAXPAX@Z, __query_new_handler@@YAP6AHI@ZXZ, __query_new_mode@@YAHXZ, __set_new_handler@@YAP6AHI@ZP6AHI@Z@Z, __set_new_mode@@YAHH@Z, __set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z, _before@type_info@@QBEHABV1@@Z, _name@type_info@@QBEPBDXZ, _raw_name@type_info@@QBEPBDXZ, _set_new_handler@@YAP6AXXZP6AXXZ@Z, _set_terminate@@YAP6AXXZP6AXXZ@Z, _set_unexpected@@YAP6AXXZP6AXXZ@Z, _terminate@@YAXXZ, _unexpected@@YAXXZ, _what@exception@@UBEPBDXZ, _CIacos, _CIasin, _CIatan, _CIatan2, _CIcos, _CIcosh, _CIexp, _CIfmod, _CIlog, _CIlog10, _CIpow, _CIsin, _CIsinh, _CIsqrt, _CItan, _CItanh, _CxxThrowException, _EH_prolog, _Getdays, _Getmonths, _Gettnames, _HUGE, _Strftime, _XcptFilter, __CxxCallUnwindDtor, __CxxDetectRethrow, __CxxExceptionFilter, __CxxFrameHandler, __CxxLongjmpUnwind, __CxxQueryExceptionSize, __CxxRegisterExceptionObject, __CxxUnregisterExceptionObject, __DestructExceptionObject, __RTCastToVoid, __RTDynamicCast, __RTtypeid, __STRINGTOLD, ___lc_codepage_func, ___lc_handle_func, ___mb_cur_max_func, ___setlc_active_func, ___unguarded_readlc_active_add_func, __argc, __argv, __badioinfo, __crtCompareStringA, __crtCompareStringW, __crtGetLocaleInfoW, __crtGetStringTypeW, __crtLCMapStringA, __crtLCMapStringW, __dllonexit, __doserrno, __fpecode, __getmainargs, __initenv, __iob_func, __isascii, __iscsym, __iscsymf, __lc_codepage, __lc_collate_cp, __lc_handle, __lconv_init, __mb_cur_max, __p___argc, __p___argv, __p___initenv, __p___mb_cur_max, __p___wargv, __p___winitenv, __p__acmdln, __p__amblksiz, __p__commode, __p__daylight, __p__dstbias, __p__environ, __p__fileinfo, __p__fmode, __p__iob, __p__mbcasemap, __p__mbctype, __p__osver, __p__pctype, __p__pgmptr, __p__pwctype, __p__timezone, __p__tzname, __p__wcmdln, __p__wenviron, __p__winmajor, __p__winminor, __p__winver, __p__wpgmptr, __pctype_func, __pioinfo, __pxcptinfoptrs, __set_app_type, __setlc_active, __setusermatherr, __threadhandle, __threadid, __toascii, __unDName, __unDNameEx, __uncaught_exception, __unguarded_readlc_active, __wargv, __wcserror, __wgetmainargs, __winitenv, _abnormal_termination, _access, _acmdln, _adj_fdiv_m16i, _adj_fdiv_m32, _adj_fdiv_m32i, _adj_fdiv_m64, _adj_fdiv_r, _adj_fdivr_m16i, _adj_fdivr_m32, _adj_fdivr_m32i, _adj_fdivr_m64, _adj_fpatan, _adj_fprem, _adj_fprem1, _adj_fptan, _adjust_fdiv, _aexit_rtn, _aligned_free, _aligned_malloc, _aligned_offset_malloc, _aligned_offset_realloc, _aligned_realloc, _amsg_exit, _assert, _atodbl, _atoi64, _atoldbl, _beep, _beginthread, _beginthreadex, _c_exit, _cabs, _callnewh, _cexit, _cgets, _cgetws, _chdir, _chdrive, _chgsign, _chkesp, _chmod, _chsize, _clearfp, _close, _commit, _commode, _control87, _controlfp, _copysign, _cprintf, _cputs, _cputws, _creat, _cscanf, _ctime64, _ctype, _cwait, _cwprintf, _cwscanf, _daylight, _dstbias, _dup, _dup2, _ecvt, _endthread, _endthreadex, _environ, _eof, _errno, _except_handler2, _except_handler3, _execl, _execle, _execlp, _execlpe, _execv, _execve, _execvp, _execvpe, _exit, _expand, _fcloseall, _fcvt, _fdopen, _fgetchar, _fgetwchar, _filbuf, _fileinfo, _filelength, _filelengthi64, _fileno, _findclose, _findfirst, _findfirst64, _findfirsti64, _findnext, _findnext64, _findnexti64, _finite, _flsbuf, _flushall, _fmode, _fpclass, _fpieee_flt, _fpreset, _fputchar, _fputwchar, _fsopen, _fstat, _fstat64, _fstati64, _ftime, _ftime64, _ftol, _fullpath, _futime, _futime64, _gcvt, _get_heap_handle, _get_osfhandle, _get_sbh_threshold, _getch, _getche, _getcwd, _getdcwd, _getdiskfree, _getdllprocaddr, _getdrive, _getdrives, _getmaxstdio, _getmbcp, _getpid, _getsystime, _getw, _getwch, _getwche, _getws, _global_unwind2, _gmtime64, _heapadd, _heapchk, _heapmin, _heapset, _heapused, _heapwalk, _hypot, _i64toa, _i64tow, _initterm, _inp, _inpd, _inpw, _iob, _isatty, _isctype, _ismbbalnum, _ismbbalpha, _ismbbgraph, _ismbbkalnum, _ismbbkana, _ismbbkprint, _ismbbkpunct, _ismbblead, _ismbbprint, _ismbbpunct, _ismbbtrail, _ismbcalnum, _ismbcalpha, _ismbcdigit, _ismbcgraph, _ismbchira, _ismbckata, _ismbcl0, _ismbcl1, _ismbcl2, _ismbclegal, _ismbclower, _ismbcprint, _ismbcpunct, _ismbcspace, _ismbcsymbol, _ismbcupper, _ismbslead, _ismbstrail, _isnan, _itoa, _itow, _j0, _j1, _jn, _kbhit, _lfind, _loaddll, _local_unwind2, _localtime64, _lock, _locking, _logb, _longjmpex, _lrotl, _lrotr, _lsearch, _lseek, _lseeki64, _ltoa, _ltow, _makepath, _mbbtombc, _mbbtype, _mbcasemap, _mbccpy, _mbcjistojms, _mbcjmstojis, _mbclen, _mbctohira, _mbctokata, _mbctolower, _mbctombb, _mbctoupper, _mbctype, _mbsbtype, _mbscat, _mbschr, _mbscmp, _mbscoll, _mbscpy, _mbscspn, _mbsdec, _mbsdup, _mbsicmp, _mbsicoll, _mbsinc, _mbslen, _mbslwr, _mbsnbcat, _mbsnbcmp, _mbsnbcnt, _mbsnbcoll, _mbsnbcpy, _mbsnbicmp, _mbsnbicoll, _mbsnbset, _mbsncat, _mbsnccnt, _mbsncmp, _mbsncoll, _mbsncpy, _mbsnextc, _mbsnicmp, _mbsnicoll, _mbsninc, _mbsnset, _mbspbrk, _mbsrchr, _mbsrev, _mbsset, _mbsspn, _mbsspnp, _mbsstr, _mbstok, _mbstrlen, _mbsupr, _memccpy, _memicmp, _mkdir, _mktemp, _mktime64, _msize, _nextafter, _onexit, _open, _open_osfhandle, _osplatform, _osver, _outp, _outpd, _outpw, _pclose, _pctype, _pgmptr, _pipe, _popen, _purecall, _putch, _putenv, _putw, _putwch, _putws, _pwctype, _read, _resetstkoflw, _rmdir, _rmtmp, _rotl, _rotr, _safe_fdiv, _safe_fdivr, _safe_fprem, _safe_fprem1, _scalb, _scprintf, _scwprintf, _searchenv, _seh_longjmp_unwind, _set_SSE2_enable, _set_error_mode, _set_sbh_threshold, _seterrormode, _setjmp, _setjmp3, _setmaxstdio, _setmbcp, _setmode, _setsystime, _sleep, _snprintf, _snscanf, _snwprintf, _snwscanf, _sopen, _spawnl, _spawnle, _spawnlp, _spawnlpe, _spawnv, _spawnve, _spawnvp, _spawnvpe, _splitpath, _stat, _stat64, _stati64, _statusfp, _strcmpi, _strdate, _strdup, _strerror, _stricmp, _stricoll, _strlwr, _strncoll, _strnicmp, _strnicoll, _strnset, _strrev, _strset, _strtime, _strtoi64, _strtoui64, _strupr, _swab, _sys_errlist, _sys_nerr, _tell, _telli64, _tempnam, _time64, _timezone, _tolower, _toupper, _tzname, _tzset, _ui64toa, _ui64tow, _ultoa, _ultow, _umask, _ungetch, _ungetwch, _unlink, _unloaddll, _unlock, _utime, _utime64, _vscprintf, _vscwprintf, _vsnprintf, _vsnwprintf, _waccess, _wasctime, _wchdir, _wchmod, _wcmdln, _wcreat, _wcsdup, _wcserror, _wcsicmp, _wcsicoll, _wcslwr, _wcsncoll, _wcsnicmp, _wcsnicoll, _wcsnset, _wcsrev, _wcsset, _wcstoi64, _wcstoui64, _wcsupr, _wctime, _wctime64, _wenviron, _wexecl, _wexecle, _wexeclp, _wexeclpe, _wexecv, _wexecve, _wexecvp, _wexecvpe, _wfdopen, _wfindfirst, _wfindfirst64, _wfindfirsti64, _wfindnext, _wfindnext64, _wfindnexti64, _wfopen, _wfreopen, _wfsopen, _wfullpath, _wgetcwd, _wgetdcwd, _wgetenv, _winmajor, _winminor, _winver, _wmakepath, _wmkdir, _wmktemp, _wopen, _wperror, _wpgmptr, _wpopen, _wputenv, _wremove, _wrename, _write, _wrmdir, _wsearchenv, _wsetlocale, _wsopen, _wspawnl, _wspawnle, _wspawnlp, _wspawnlpe, _wspawnv, _wspawnve, _wspawnvp, _wspawnvpe, _wsplitpath, _wstat, _wstat64, _wstati64, _wstrdate, _wstrtime, _wsystem, _wtempnam, _wtmpnam, _wtof, _wtoi, _wtoi64, _wtol, _wunlink, _wutime, _wutime64, _y0, _y1, _yn, abort, abs, acos, asctime, asin, atan, atan2, atexit, atof, atoi, atol, bsearch, calloc, ceil, clearerr, clock, cos, cosh, ctime, difftime, div, exit, exp, fabs, fclose, feof, ferror, fflush, fgetc, fgetpos, fgets, fgetwc, fgetws, floor, fmod, fopen, fprintf, fputc, fputs, fputwc, fputws, fread, free, freopen, frexp, fscanf, fseek, fsetpos, ftell, fwprintf, fwrite, fwscanf, getc, getchar, getenv, gets, getwc, getwchar, gmtime, is_wctype, isalnum, isalpha, iscntrl, isdigit, isgraph, isleadbyte, islower, isprint, ispunct, isspace, isupper, iswalnum, iswalpha, iswascii, iswcntrl, iswctype, iswdigit, iswgraph, iswlower, iswprint, iswpunct, iswspace, iswupper, iswxdigit, isxdigit, labs, ldexp, ldiv, localeconv, localtime, log, log10, longjmp, malloc, mblen, mbstowcs, mbtowc, memchr, memcmp, memcpy, memmove, memset, mktime, modf, perror, pow, printf, putc, putchar, puts, putwc, putwchar, qsort, raise, rand, realloc, remove, rename, rewind, scanf, setbuf, setlocale, setvbuf, signal, sin, sinh, sprintf, sqrt, srand, sscanf, strcat, strchr, strcmp, strcoll, strcpy, strcspn, strerror, strftime, strlen, strncat, strncmp, strncpy, strpbrk, strrchr, strspn, strstr, strtod, strtok, strtol, strtoul, strxfrm, swprintf, swscanf, system, tan, tanh, time, tmpfile, tmpnam, tolower, toupper, towlower, towupper, ungetc, ungetwc, vfprintf, vfwprintf, vprintf, vsprintf, vswprintf, vwprintf, wcscat, wcschr, wcscmp, wcscoll, wcscpy, wcscspn, wcsftime, wcslen, wcsncat, wcsncmp, wcsncpy, wcspbrk, wcsrchr, wcsspn, wcsstr, wcstod, wcstok, wcstol, wcstombs, wcstoul, wcsxfrm, wctomb, wprintf, wscanf
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 EXE PECompact compressed (generic) (41.8%)
Win32 Executable MS Visual C++ (generic) (37.9%)
Win32 Executable Generic (8.5%)
Win32 Dynamic Link Library (generic) (7.6%)
Generic Win/DOS Executable (2.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows NT CRT DLL
original name: msvcrt.dll
internal name: msvcrt.dll
file version.: 7.0.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, October 1, 2022, 6:56 PM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
23 Guest(s), 0 Registered Member(s) are currently online.