Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Following things has been on my pc: Smitfraud-c, Zlob, Virtumundo

Started by Texnux , Mar 31 2009 05:07 PM

  • Please log in to reply

#1
Texnux
Posted 31 March 2009 - 05:07 PM

Texnux

    New Member

  • Member
  • Pip
  • 2 posts
Note:
- Everything after the ComboFix was something I did while writing this topic, to get it to work just a bit
- OSTL logs are added as attachments because their lenght makes the post too long.
- The OSTL log (without the extras log) is added inside a zip folder due to its 523kb and this forums 500kb limit.
- As this is my work pc it is important for me to get it working again as fast as possible without any reformat due to sensitive data stored on it.


The malwares:
Smitfraud-c, Zlob, Virtumundo and I think BlazeFind too.

Got infected most likely by a ActiveX object that got installed two days ago. It was first after that it began becoming very slow atleast.

Those are the ones I have seen in various scans of the computer.


List of problems:
- The computer became very slow, but after various scans it has become faster again.
- Malware uses 100% of internet connection, if connection is active. (Does not seem to do it anymore.)
- Rendered the computer useless (by renaming/moving userinit, but it has been fixed)
- Icons are gone from My Computer and Show Desktop, but only in a normal boot (not in safe boot).
- Some ActiveX objects, like microsofts update tool, does not work.
- Can't install any updates to Windows XP.
- Opens My Documents at each bootup.


What I've done:
After I rebooted my computer after a SpyDoctor update, the computer would go into a log in, log out loop.
This problem I was able to fix by using a copy of userinit.exe from another pc and boot up from a Bart PE bootable disc, link: http://nu2.nu/pebuilder/

Then I began scanning, first with Spybot, then SpyHunter and after that SpyDoctor. The result were that, no matter how many times i scanned, the same malwares were found.

I suspect smitfraud-c installed zlob and Virtumundo, and properly BlazeFind since the problem with log in and out loop is a problem usually created by BlazeFind.

I have before been able to remove Virtumundo, but these others I really have no idea to beat, atleast not all of them at once. Usually I've been able to fix must virus/malware caused problems and removed them from my own pcs aswell as friends.

Then I did, as I see it now, a big mistake by running ComboFix, it found, and deleted, alot of stuff, but the computer ended up in a reboot loop. That I was able to fix by using the repair tool on the Windows XP installation tool.

When I was able to log in again after all those things, the computer, of course, is was still slow but slightly faster, so I ran Malwarebytes' Anti-Malware and deleted everything it found, but the computer ended up in a reboot loop again.

Fixed it once again with the Windows XP cd and got it to boot up and it was remarkably faster and no more did it eat my internet connection. I was now able to do a normal restart without any problems, except that ComboFix runs and closes a few seconds after that.

I could not install SP3 in a normal boot, so I used safemode to install it, but it failed too.

- Used ATF_Cleaner and cleaned the harddisk
- Created a restore point with SysRestorePoint
- Made a valid registry backup with Erunt
- Created a Rooter log
- Created a OTListIt2 Log


System:
Microsoft Windows XP Professional SP2 - due to problems I cannot update it to SP3.


OTLI log:
The OTLI log was added as an attachment (.txt file inside the .zip package) due to its 523kb size and the forums 500kb size limit. I cannot post it inside this post as it makes the post too long...

The OTLI Extras log:

OTListIt Extras logfile created on: 2009-04-01 00:47:14 - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = O:\Remove
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: yyyy-MM-dd

1.50 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 65.45% Memory free
3.35 Gb Paging File | 2.69 Gb Available in Paging File | 80.32% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Programmer
Drive C: | 127.99 Gb Total Space | 26.67 Gb Free Space | 20.84% Space Free | Partition Type: NTFS
Drive D: | 21.05 Gb Total Space | 17.14 Gb Free Space | 81.40% Space Free | Partition Type: NTFS
Drive E: | 578.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 232.88 Gb Total Space | 162.54 Gb Free Space | 69.79% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 155.45 Gb Free Space | 66.75% Space Free | Partition Type: NTFS
Drive H: | 232.88 Gb Total Space | 54.64 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive O: | 7.45 Gb Total Space | 2.94 Gb Free Space | 39.49% Space Free | Partition Type: FAT32

Computer Name: XXXXXXX-XXXX
Current User Name: XXXX
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Programmer\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Programmer\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Programmer\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe:*:Enabled:WLAN configuration utility ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Programmer\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
H:\Fae\Sega\Universe At War Earth Assault\UAWEA.exe:*:Enabled:Universe at War Earth Assault (Petroglyph Games, Inc.)
H:\Fake\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander (Gas Powered Games)
H:\Fake\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander (Gas Powered Games)
C:\Programmer\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Programmer\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
H:\Fake\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable (Microsoft Corporation)
C:\Programmer\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Programmer\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 (SmartSoft Ltd.)
G:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent ()
H:\Fake\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008 File not found
C:\Documents and Settings\Alex\Lokale indstillinger\Temp\.tt18.tmp:*:Enabled:enable File not found
C:\WINNT\system32\sysrest32.exe:*:Enabled:enable File not found
G:\Spil\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 (Firefly Studios)
H:\Fake\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009 (Sports Interactive)
C:\Programmer\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe:*:Enabled:WLAN configuration utility ()
G:\Fake\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ ()
H:\Steam\steamapps\common\deus ex invisible war\System\dx2.exe:*:Enabled:Deus Ex: Invisible War ()
H:\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever ()
H:\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever ()
H:\Steam\steamapps\common\left 4 dead demo\left4dead.exe:*:Enabled:Left 4 Dead Demo ()
H:\Steam\steamapps\common\thief deadly shadows\System\runme.exe:*:Enabled:Thief: Deadly Shadows ()
H:\Steam\steamapps\common\tomb raider legend\trl.exe:*:Enabled:Tomb Raider: Legend (Eidos Inc.)
H:\Steam\steamapps\common\project snowblind\Snowblind.exe:*:Enabled:Project: Snowblind (Eidos, Inc.)
H:\Steam\steamapps\common\rogue trooper\RogueTrooper.exe:*:Enabled:Rogue Trooper ()
H:\Steam\steamapps\common\commandos behind enemy lines\Comandos.exe:*:Enabled:Commandos: Behind Enemy Lines ()
H:\Steam\steamapps\common\commandos behind enemy lines\readme.doc:*:Enabled:Commandos: Behind Enemy Lines ()
H:\Steam\steamapps\common\kane and lynch dead men\Launcher.exe:*:Enabled:Kane and Lynch: Dead Men (Io Interactive A/S)
H:\Steam\steamapps\common\infernal\game\game.exe:*:Enabled:Infernal ()
H:\Steam\steamapps\common\commandos beyond the call of duty\coman_mp.exe:*:Enabled:Commandos: Beyond the Call of Duty ()
H:\Steam\steamapps\common\commandos beyond the call of duty\Tutorial.exe:*:Enabled:Commandos: Beyond the Call of Duty ()
H:\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme ()
H:\Steam\steamapps\common\commandos 2 men of courage\comm2.exe:*:Enabled:Commandos 2: Men of Courage ()
H:\Steam\steamapps\common\commandos 2 men of courage\Readme.rtf:*:Enabled:Commandos 2: Men of Courage ()
H:\Steam\steamapps\common\commandos 3 destination berlin\readme.rtf:*:Enabled:Commandos 3: Destination Berlin ()
H:\Steam\steamapps\common\hitman blood money\HitmanBloodMoney.exe:*:Enabled:Hitman: Blood Money ()
H:\Steam\steamapps\common\hitman blood money\configure.exe:*:Enabled:Hitman: Blood Money ()
H:\Steam\steamapps\common\battlestations midway\Battlestationsmidway.exe:*:Enabled:Battlestations: Midway ()
H:\Steam\steamapps\common\battlestations midway\Options.exe:*:Enabled:Battlestations: Midway (EIDOS)
H:\Steam\steamapps\common\just cause\JustCause.exe:*:Enabled:Just Cause ()
H:\Steam\steamapps\common\just cause\JCSetup.exe:*:Enabled:Just Cause ()
H:\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition ()
C:\Programmer\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Programmer\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Programmer\FrostWire\FrostWire.exe:*:Enabled:FrostWire (FrostWire Group)
H:\Fake\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War (Lucasfilm Entertainment Company, Ltd.)
H:\Fake\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™ (EA Digital Illusions CE AB)
H:\Fake\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 ()
H:\Steam\steamapps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server ()
G:\Fake\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
G:\Fake\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
G:\Fake\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Programmer\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Programmer\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Development Company, L.P.)
C:\Programmer\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Development Company, L.P.)
C:\Programmer\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Development Company, L.P.)
C:\Programmer\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Programmer\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Programmer\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Development Company, L.P.)
C:\Programmer\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Programmer\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Development Company, L.P.)
C:\Programmer\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Development Company, L.P.)
C:\Programmer\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
C:\Programmer\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Programmer\IDA\idag.exe:*:Enabled:Interactive Disassembler (32-bit) (Datarescue sa/nv)
C:\Programmer\IDA\idag64.exe:*:Enabled:Interactive Disassembler (64-bit) (Datarescue sa/nv)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298c9-a4d3-490b-9ff9-ab023a9238f3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1" = Oxin's Style! 3D Sexvilla 2.058.002
"{12A1CF5C-70F9-4F67-AC21-5708313B7BF5}" = GZ Compressor
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{27968397-2FC3-4D79-BD5D-E6AC44A263FE}" = TortoiseSVN 1.5.7.15182 (32 bit)
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A25B240-218D-3880-8066-109CDF96F7E4}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DAN
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160120}" = Java™ SE Development Kit 6 Update 12
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4C612090-51DB-11D4-B142-004005A0A275}" = LiveMath Maker
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58344DA3-BE43-4B4F-8BF7-7DE69A9CBB77}" = DisSharp
"{5888428e-699c-4e71-bf71-94ee06b497da}" = TuneUp Utilities 2008
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5ED2D0BA-F1DC-42FE-9D05-EFAFF9DD8239}" = Philips SNU5600 Wireless USB Adapter 11b/g
"{649BBBCC-CC26-4899-AD02-C1BC5F3AA7A1}" = SpView
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{69352f8b-66ad-493c-9138-5fe0d300fb17}" = FIFA 09 Demo
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C56D22E-2CF6-34CB-AE06-4DB8C0395ACA}" = Microsoft .NET Framework 3.5 Language Pack - dan
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F716DA8-398F-11D3-85E1-005004838609}" = WebFldrs
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7197F874-B0E0-4A73-A880-7E712F4D0EB7}}_is1" = Uninstall KnightOnline
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.3.104
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8a5f34e2-37cf-4ad4-808c-2d413786e31a}" = Microsoft Visual C Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0406-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Danish) 12
"{90120000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2007
"{90120000-0015-0406-0000-0000000FF1CE}_ENTERPRISE_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
"{90120000-0016-0406-0000-0000000FF1CE}_ENTERPRISE_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
"{90120000-0018-0406-0000-0000000FF1CE}_ENTERPRISE_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2007
"{90120000-0019-0406-0000-0000000FF1CE}_ENTERPRISE_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
"{90120000-001A-0406-0000-0000000FF1CE}_ENTERPRISE_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
"{90120000-001B-0406-0000-0000000FF1CE}_ENTERPRISE_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_ENTERPRISE_{AAA2F315-90E9-40B3-8F83-4E52A5B461B2}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0406-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2007
"{90120000-0044-0406-0000-0000000FF1CE}_ENTERPRISE_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}_ENTERPRISE_{C378B07F-6A3F-44DB-B340-AADCED1A3B4C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0406-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2007
"{90120000-00A1-0406-0000-0000000FF1CE}_ENTERPRISE_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0406-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2007
"{90120000-00BA-0406-0000-0000000FF1CE}_ENTERPRISE_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91E44249-079D-3926-B019-738BA1A4E892}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DAN
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD10681F-2764-4600-885C-62F658BB3D3F}" = FMRTE
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE85CEF3-B620-4CCB-B65C-274EE575E0AD}" = MySQL Server 5.1
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"7-zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"ALUpdate_is1" = ALUpdate
"AMX Mod X Installer" = AMX Mod X Installer 1.8.1
"ASIO4ALL" = ASIO4ALL
"B.O.T.S][ Trainer_is1" = B.O.T.S][ Trainer v3.0.1
"CA83B0ADA8CF736712FE12CAFFD22C5BD9286CFD" = Windows-driverpakke - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"CCleaner" = CCleaner (remove only)
"Cpukiller3_is1" = Cpukiller3 v1.0.5
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EngInSite Client for MySQL_is1" = EngInSite Client for MySQL 2.0.4.231
"ENTERPRISE" = Microsoft Office Enterprise 2007
"erunt_is1" = ERUNT 1.1j
"Football Manager 2009" = Football Manager 2009
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"FrostWire" = FrostWire 4.17.2
"Hamachi" = Hamachi 1.0.2.5
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.0.3
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HyperCam 2" = HyperCam 2
"IDA Pro_is1" = IDA Pro Advanced v5.2 with WinCE v5.0 debugger
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"InstallShield_{5ED2D0BA-F1DC-42FE-9D05-EFAFF9DD8239}" = Philips SNU5600 Wireless USB Adapter
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Kwari" = Kwari
"Language File Editor" = Language File Editor
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"MegaTrainer XL_is1" = MegaTrainer XL V1.3.3.0
"Microsoft .NET Framework 3.5 Language Pack - dan" = Sprogpakke til Microsoft .NET Framework 3.5 - dansk
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"NetStore konfigurationshjælpeprogram" = NetStore konfigurationshjælpeprogram
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.1_rc15
"Packard Bell Data Secure" = Packard Bell Data Secure
"PE Explorer_is1" = PE Explorer 1.99 R5
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"Security Task Manager" = Security Task Manager 1.7f
"ServerMania_is1" = ServerMania 0.98
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SprayR" = SprayR 1.0 RC7
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Spyware Doctor" = Spyware Doctor 6.0
"SQLyog Community" = SQLyog Community 7.15
"steam app 100" = Condition Zero Deleted Scenes
"Steam App 11020" = TrackMania Nations Forever
"Steam App 12910" = Audiosurf Demo
"steam app 130" = Half-Life: Blue Shift
"Steam App 17500" = Zombie Panic! Source
"Steam App 17510" = Age of Chivalry
"Steam App 17520" = Synergy
"Steam App 17530" = D.I.P.R.I.P. Warm Up
"Steam App 17700" = Insurgency
"steam app 20" = Team Fortress Classic
"Steam App 205" = Source Dedicated Server
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"steam app 220" = Half-Life 2
"steam app 240" = Counter-Strike: Source
"steam app 280" = Half-Life: Source
"steam app 30" = Day of Defeat
"steam app 300" = Day of Defeat: Source
"steam app 320" = Half-Life 2: Deathmatch
"steam app 340" = Half-Life 2: Lost Coast
"steam app 3483" = Peggle Extreme
"steam app 360" = Half-Life Deathmatch: Source
"steam app 380" = Half-Life 2: Episode One
"steam app 40" = Deathmatch Classic
"steam app 400" = Portal
"steam app 420" = Half-Life 2: Episode Two
"steam app 440" = Team Fortress 2
"Steam App 5" = Dedicated Server
"steam app 50" = Opposing Force
"Steam App 510" = Left 4 Dead Dedicated Server
"steam app 60" = Ricochet
"Steam App 6800" = Commandos: Behind Enemy Lines
"Steam App 6810" = Commandos: Beyond the Call of Duty
"Steam App 6830" = Commandos 2: Men of Courage
"Steam App 6860" = Hitman: Blood Money
"Steam App 6870" = Battlestations: Midway
"Steam App 6880" = Just Cause
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6920" = Deus Ex: Invisible War
"Steam App 6980" = Thief: Deadly Shadows
"Steam App 7000" = Tomb Raider: Legend
"Steam App 7010" = Project: Snowblind
"Steam App 7020" = Rogue Trooper
"steam app 80" = Condition Zero
"Steam App 8080" = Kane and Lynch: Dead Men
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 3" = TeamViewer 3
"TeamViewer 4" = TeamViewer 4
"Toxic Biohazard" = Toxic Biohazard
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VTFEdit_is1" = VTFEdit 1.2.5
"Vuze" = Vuze
"WampServer 2_is1" = WampServer 2.0
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.2
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"GZ Compressor" = GZ Compressor
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-03-31 17:57:36 | Computer Name = XXXXXXX-XXXX | Source = PerfNet | ID = 2004
Description = Servertjenesten kan ikke åbnes. Der bliver ikke returneret serverydelsesdata.
Den returnerede fejlkode er i dataene DWORD 0.

Error - 2009-03-31 17:57:36 | Computer Name = XXXXXXX-XXXX | Source = PerfNet | ID = 2002
Description = Tjenesten Redirector kan ikke åbnes. Der bliver ikke returneret ydelsesdata
til Redirector. Den returnerede fejlkode er i dataene DWORD 0.

[ System Events ]
Error - 2009-03-31 18:30:25 | Computer Name = XXXXXXX-XXXX | Source = Service Control Manager | ID = 7000
Description = Tjenesten Automatiske opdateringer kunne ikke starte pga. følgende
fejl: %%2

Error - 2009-03-31 18:30:26 | Computer Name = XXXXXXX-XXXX | Source = DCOM | ID = 10005
Description = Fejlen "%2" opstod på DCOM under forsøg på at starte tjenesten wuauserv
med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2009-03-31 18:30:26 | Computer Name = XXXXXXX-XXXX | Source = Service Control Manager | ID = 7000
Description = Tjenesten Automatiske opdateringer kunne ikke starte pga. følgende
fejl: %%2

Error - 2009-03-31 18:30:36 | Computer Name = XXXXXXX-XXXX | Source = DCOM | ID = 10005
Description = Fejlen "%2" opstod på DCOM under forsøg på at starte tjenesten wuauserv
med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2009-03-31 18:30:36 | Computer Name = XXXXXXX-XXXX | Source = Service Control Manager | ID = 7000
Description = Tjenesten Automatiske opdateringer kunne ikke starte pga. følgende
fejl: %%2

Error - 2009-03-31 18:31:38 | Computer Name = XXXXXXX-XXXX | Source = DCOM | ID = 10005
Description = Fejlen "%2" opstod på DCOM under forsøg på at starte tjenesten wuauserv
med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2009-03-31 18:31:39 | Computer Name = XXXXXXX-XXXX | Source = Service Control Manager | ID = 7000
Description = Tjenesten Automatiske opdateringer kunne ikke starte pga. følgende
fejl: %%2

Error - 2009-03-31 18:32:14 | Computer Name = XXXXXXX-XXXX | Source = DCOM | ID = 10005
Description = Fejlen "%2" opstod på DCOM under forsøg på at starte tjenesten wuauserv
med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2009-03-31 18:32:14 | Computer Name = XXXXXXX-XXXX | Source = Service Control Manager | ID = 7000
Description = Tjenesten Automatiske opdateringer kunne ikke starte pga. følgende
fejl: %%2

Error - 2009-03-31 18:32:25 | Computer Name = XXXXXXX-XXXX | Source = Service Control Manager | ID = 7028
Description = Registreringsnøglen wuauserv nægtede adgang til SYSTEM-kontrolprogrammer,
så Tjenestekontrolstyring overtog ejerskabet af registreringsnøglen.


< End of report >


Rooter log:

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:131061 Mo/Free:2738 Mo)
D:\ [Fixed] - NTFS - (Total:21555 Mo/Free:1162 Mo)
E:\ [CD-Rom] (Total:578 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:238464 Mo/Free:2595 Mo)
G:\ [Fixed] - NTFS - (Total:238464 Mo/Free:3529 Mo)
H:\ [Fixed] - NTFS - (Total:238464 Mo/Free:2705 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
K:\ [Removable] (Total:0 Mo/Free:0 Mo)
L:\ [Removable] (Total:0 Mo/Free:0 Mo)
M:\ [Removable] (Total:0 Mo/Free:0 Mo)
O:\ [Removable] (Total:7633 Mo/Free:3013 Mo)

2009-04-01| 0:45

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINNT\system32\csrss.exe
---------- \??\C:\WINNT\system32\winlogon.exe
---------- C:\WINNT\system32\services.exe
---------- C:\WINNT\system32\lsass.exe
---------- C:\WINNT\system32\svchost.exe
---------- C:\WINNT\system32\svchost.exe
---------- C:\WINNT\System32\svchost.exe
---------- C:\WINNT\system32\svchost.exe
---------- C:\WINNT\system32\svchost.exe
---------- C:\WINNT\system32\spoolsv.exe
---------- C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Programmer\Bonjour\mDNSResponder.exe
---------- C:\Programmer\Java\jre6\bin\jqs.exe
---------- F:\Server\MySQL\MySQL Server 5.1\bin\mysqld.exe
---------- C:\WINNT\system32\nvsvc32.exe
---------- C:\WINNT\system32\HPZipm12.exe
---------- C:\WINNT\Explorer.EXE
---------- G:\Programmer\TortoiseSVN\bin\TSVNCache.exe
---------- C:\WINNT\System32\alg.exe
---------- C:\WINNT\SOUNDMAN.EXE
---------- C:\WINNT\system32\RUNDLL32.EXE
---------- C:\WINNT\system32\ctfmon.exe
---------- C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Programmer\Internet Explorer\IEXPLORE.EXE
---------- C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
---------- C:\WINNT\system32\wscntfy.exe
---------- C:\WINNT\system32\wbem\wmiprvse.exe
---------- C:\WINNT\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

C:\WINNT\System32\export\instdss5.dll
==> TDSS.. <==

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\ALLUSE~1.WIN\Application Data\TrackMania\Cache\8D4E6393CB31C0CB70F9A182D8DD8E60_Skins%5cVehicles%5cStadiumCar%5cNeocrack.zip


1 - "C:\Rooter$\Rooter_1.txt" - 2009-04-01| 0:45

----------------------\\ Scan completed at 0:45

Attached Files


Edited by Texnux, 01 April 2009 - 03:45 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP