Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows update blocked


  • Please log in to reply

#1
Qasimo

Qasimo

    New Member

  • Member
  • Pip
  • 1 posts
The reference in registry has been altered so I cannot start the two services.
When trying to alter the wrong path in registry, I am not allowed to do so.
I do not know the name of my infection and Antivirus does not detect anything.
If you can identify the cause and help me gain full control again, I will be very gratefull.

Here is the logs required:

Malwarebytes' Anti-Malware 1.44
Database version: 3649
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28-01-2010 14:09:48
mbam-log-2010-01-28 (14-09-48).txt

Skan type: Hurtig skanning
Objekter skannet: 110429
Tid tilbagelagt: 32 minute(s), 26 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

OTL logfile created on: 27-01-2010 23:35:33 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Administrator\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 78,13 Gb Total Space | 21,49 Gb Free Space | 27,50% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 125,72 Gb Free Space | 64,37% Space Free | Partition Type: NTFS
Drive E: | 24,64 Gb Total Space | 12,54 Gb Free Space | 50,88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARIANNEPC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-01-27 22:24:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Skrivebord\OTL.exe
PRC - [2009-11-23 14:50:24 | 00,270,336 | ---- | M] () -- C:\Programmer\WhiteSmoke\WSEnrichment.exe
PRC - [2009-09-13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Security Essentials\msseces.exe
PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\Java\jre6\bin\jqs.exe
PRC - [2009-07-02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009-06-29 09:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Internet Explorer\iexplore.exe
PRC - [2009-06-12 02:23:00 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009-05-19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009-02-06 17:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Live\Toolbar\wltuser.exe
PRC - [2008-04-14 17:05:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-03-03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010-01-27 22:24:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Skrivebord\OTL.exe
MOD - [2009-11-23 14:51:00 | 00,147,456 | ---- | M] (WhiteSmoke) -- C:\Programmer\WhiteSmoke\HookDllOE.dll
MOD - [2009-07-12 01:12:06 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009-07-12 01:09:20 | 00,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009-06-09 13:34:18 | 00,078,312 | ---- | M] (Deskperience) -- C:\Programmer\WhiteSmoke\WHook.dll
MOD - [2008-04-14 17:05:27 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CCALib8)
SRV - [2009-08-05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Programmer\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-07-02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-06-12 02:22:57 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009-05-19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009-03-24 04:43:32 | 00,120,168 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Programmer\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2008-11-04 18:55:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programmer\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006-03-03 20:03:10 | 00,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005-05-20 09:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver)
SRV - [2004-10-16 04:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcanvas.com/?ot=6
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-01-27 19:56:26 | 00,377,167 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.microsoft.com
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226 www.osguard-pro.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 13026 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Programmer\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Programmer\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,[email protected],&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [MSSE] C:\Programmer\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Launch WhiteSmoke.lnk = C:\Programmer\WhiteSmoke\WSEnrichment.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Programmer\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Programmer\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Programmer\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Programmer\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programmer\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programmer\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programmer\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} http://downol.dr.dk/...dio/Rawflow.cab (Rawflow ICD Client)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} http://www.kps.dk/Codebase/FormCtl.cab (Adobe Form Control)
O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} http://iloapp.nidlon...ImageUpload.dll (IlosoftMultipleImageCtrl Class)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...6/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus....vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide....ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1264618927250 (WUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} http://support.f-sec.../fshc/fscax.cab (F-Secure Health Check 1.1)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://business.dan...B/e-Safekey.cab (e-Safekey)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.184.128.250 89.184.128.193 89.184.128.181
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmer\Fælles filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmer\Fælles filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-14 19:07:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-03-14 19:56:11 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010-01-27 22:24:32 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Skrivebord\OTL.exe
[2010-01-27 21:44:11 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Skrivebord\TFC.exe
[2010-01-27 20:09:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010-01-27 19:58:44 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010-01-27 19:57:21 | 00,000,000 | ---D | C] -- C:\Programmer\CCleaner
[2010-01-27 19:27:38 | 00,000,000 | ---D | C] -- C:\Programmer\Microsoft Security Essentials
[2010-01-27 19:17:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010-01-27 19:17:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010-01-27 19:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft
[2010-01-27 19:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft
[2010-01-15 18:56:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-15 18:56:22 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-08-03 16:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Help
[2009-05-11 19:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Google
[2009-02-23 14:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Apple

========== Files - Modified Within 14 Days ==========

[2010-01-27 23:37:12 | 00,000,368 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010-01-27 23:36:15 | 00,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-01-27 23:30:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-27 23:29:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-27 23:28:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-27 22:24:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Skrivebord\OTL.exe
[2010-01-27 21:50:02 | 10,747,904 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-01-27 21:43:57 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Skrivebord\TFC.exe
[2010-01-27 20:26:53 | 00,064,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
[2010-01-27 20:26:03 | 01,455,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-01-27 20:01:11 | 00,192,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Dokumenter\cc_20100127_200103.reg
[2010-01-27 19:57:23 | 00,001,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Skrivebord\CCleaner.lnk
[2010-01-27 19:56:26 | 00,377,167 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-01-27 19:27:40 | 00,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Microsoft Security Essentials.lnk
[2010-01-27 19:22:57 | 00,000,192 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-01-27 15:51:24 | 00,346,563 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100127-195626.backup
[2010-01-27 14:48:42 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34683348-E300-4F25-94C3-76FE8A1E8E7C}.job
[2010-01-27 09:42:13 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Skrivebord\Microsoft Office Word 2003.lnk
[2010-01-25 14:36:09 | 00,000,278 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-01-17 18:35:24 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\World of Warcraft.lnk
[2010-01-17 02:51:00 | 00,000,440 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010-01-15 18:56:27 | 00,000,693 | ---- | M] () -- C:\Documents and Settings\Administrator\Skrivebord\Malwarebytes' Anti-Malware.lnk
[2010-01-15 13:48:14 | 00,002,469 | ---- | M] () -- C:\Documents and Settings\Administrator\Skrivebord\ZBrush3.exe.lnk

========== Files Created - No Company Name ==========

[2010-01-27 22:23:28 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Skrivebord\gmer.exe
[2010-01-27 20:01:06 | 00,192,912 | ---- | C] () -- C:\Documents and Settings\Administrator\Dokumenter\cc_20100127_200103.reg
[2010-01-27 19:57:23 | 00,001,521 | ---- | C] () -- C:\Documents and Settings\Administrator\Skrivebord\CCleaner.lnk
[2010-01-27 19:32:58 | 00,000,402 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-01-27 19:32:57 | 00,000,368 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010-01-27 19:31:59 | 00,000,930 | ---- | C] () -- C:\Documents and Settings\Administrator\Skrivebord\Spybot - Search & Destroy.lnk
[2010-01-27 19:31:12 | 00,000,693 | ---- | C] () -- C:\Documents and Settings\Administrator\Skrivebord\Malwarebytes' Anti-Malware.lnk
[2010-01-27 19:27:40 | 00,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Microsoft Security Essentials.lnk
[2009-12-05 22:44:46 | 00,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-12-05 22:44:44 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-11-14 10:33:19 | 00,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\3113.sys
[2009-10-02 08:10:12 | 00,000,282 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009-09-05 16:27:53 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2009-08-03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-06-12 01:06:57 | 00,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ÐÝÃÄ›.sys
[2009-06-12 01:06:41 | 00,220,160 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2009-06-12 01:06:41 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DGRip.dll
[2009-06-12 01:06:38 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009-06-12 01:06:38 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2009-06-12 01:06:36 | 01,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009-06-12 01:06:36 | 01,015,808 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009-06-12 01:06:36 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2009-06-12 01:06:36 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2009-05-15 12:08:52 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-22 23:22:38 | 00,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2009-02-22 16:57:50 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2009-02-18 19:31:34 | 00,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
[2009-02-18 18:29:21 | 00,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys
[2008-11-16 10:39:48 | 00,000,259 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008-11-04 19:04:46 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008-11-04 18:07:13 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-09-20 11:31:22 | 00,000,054 | ---- | C] () -- C:\WINDOWS\CmdFile.INI
[2008-08-09 10:17:00 | 00,000,072 | ---- | C] () -- C:\WINDOWS\CmdPrint.INI
[2008-06-30 11:16:31 | 00,000,362 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008-06-16 17:09:25 | 00,102,912 | R--- | C] () -- C:\WINDOWS\System32\Jpegcode.dll
[2008-06-11 21:24:38 | 00,001,629 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008-06-11 21:23:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008-03-16 13:44:28 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\fusioncache.dat
[2008-03-16 13:31:59 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008-03-16 13:22:29 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-01-10 07:44:26 | 01,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006-04-23 00:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2003-02-18 18:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2001-07-07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009-04-12 11:33:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2009-10-22 07:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cool Record Edit Pro
[2010-01-26 21:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2009-12-16 09:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ieSpell
[2009-07-28 18:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MyHeritage
[2009-12-08 14:19:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2009-12-08 13:00:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Recordpad
[2009-12-03 21:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\runic games
[2009-04-29 14:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StumbleUpon
[2009-05-18 20:56:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2009-12-20 01:16:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010-01-26 14:31:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WhiteSmoke
[2010-01-07 09:23:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WhiteSmokeTranslator
[2009-01-07 19:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\zweitgeist
[2009-11-01 11:46:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009-11-22 19:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009-11-22 19:43:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008-06-20 07:09:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2009-11-01 11:13:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009-07-29 06:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2009-12-08 13:00:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009-03-10 21:04:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-01-17 02:51:00 | 00,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2010-01-27 23:36:15 | 00,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010-01-27 23:37:12 | 00,000,368 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2010-01-27 14:48:42 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{34683348-E300-4F25-94C3-76FE8A1E8E7C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004-08-26 16:01:44 | 18,778,967 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-11-04 18:20:07 | 23,884,250 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-11-04 18:20:07 | 23,884,250 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-26 16:01:44 | 18,778,967 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-11-04 18:20:07 | 23,884,250 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-11-04 18:20:07 | 23,884,250 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-14 17:05:21 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=DAC8A51BA067F38B74766900E6DEA66A -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 17:05:21 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=DAC8A51BA067F38B74766900E6DEA66A -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008-04-14 17:05:27 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=90C7E2675B3B1B6ADC5E694708F924F2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-14 17:05:27 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=90C7E2675B3B1B6ADC5E694708F924F2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-14 17:05:31 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=D609CB57A3B325A7B774EDD2C27665AD -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-14 17:05:31 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=D609CB57A3B325A7B774EDD2C27665AD -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-06-29 16:58:54 | 00,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009-06-29 16:58:54 | 00,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wuaueng.dll:SummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7B26785
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:689E721A
< End of report >

OTL Extras logfile created on: 27-01-2010 23:35:33 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Administrator\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 78,13 Gb Total Space | 21,49 Gb Free Space | 27,50% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 125,72 Gb Free Space | 64,37% Space Free | Partition Type: NTFS
Drive E: | 24,64 Gb Total Space | 12,54 Gb Free Space | 50,88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARIANNEPC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programmer\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = jsfile] -- C:\Programmer\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programmer\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programmer\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programmer\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programmer\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programmer\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programmer\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
jsfile [open] -- "C:\Programmer\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Programmer\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programmer\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programmer\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmer\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programmer\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmer\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programmer\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Programmer\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programmer\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programmer\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Programmer\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\hp_webrelease_\setup\HPZnet01.exe" = C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\hp_webrelease_\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\hp_webrelease_\setup\hponicifs01.exe" = C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\hp_webrelease_\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found
"C:\Programmer\LeechFTP\Leechftp.exe" = C:\Programmer\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP -- File not found
"C:\Programmer\Macromedia\Dreamweaver 4\Dreamweaver.exe" = C:\Programmer\Macromedia\Dreamweaver 4\Dreamweaver.exe:*:Enabled:Dreamweaver -- (Macromedia, Inc.)
"D:\World of Warcraft\BackgroundDownloader.exe" = D:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programmer\Internet Explorer\iexplore.exe" = C:\Programmer\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programmer\Ventrilo\Ventrilo.exe" = C:\Programmer\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Programmer\Bonjour\mDNSResponder.exe" = C:\Programmer\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"D:\World of Warcraft\Launcher.exe" = D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Programmer\Skype\Phone\Skype.exe" = C:\Programmer\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe" = D:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = D:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe" = D:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programmer\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programmer\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programmer\uTorrent\uTorrent.exe" = C:\Programmer\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programmer\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe" = C:\Programmer\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00647366-8CB3-4B3A-92EB-31538B759F46}" = Windows Live Toolbar
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Overførselsværktøj til Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B6186AB-DBF7-407C-8DE0-FBA29E7F672F}_is1" = Easy RSS Content Generator
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F3082BF-4A3B-45CA-805F-52DBBFD3C645}" = Windows Live Essentials
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{45A2D49C-8124-4015-A8B3-073A827EC5C1}" = Windows Live Sync
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{899F4B8F-1A96-4414-AA25-E9954DEF0FB5}" = Windows Live Family Safety
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110406-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94B8F069-F223-4F48-BC88-7104CBA77F30}" = Windows Live Messenger
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}" = WhiteSmoke
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1030-7B44-A81200000003}" = Adobe Reader 8.1.2 - Dansk
"{B06D1168-C6D1-11D5-BC91-0800094CFDB8}" = Samsung Digimax 350SE Camera
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5080CC6-15F5-49B1-8672-F2021FF771C0}" = Tilmeldingsassistent til Windows Live
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BFD09E5B-6D40-4CAD-A349-103BFEF1C574}" = Windows Live Mail
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7EC54D8-3D95-4F9D-A191-59C9BB7F5AC9}" = Windows Live Photo Gallery
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{FC0C6E54-BCD4-42C5-BEAA-4FFFEC499EE0}" = Windows Live Writer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"CoffeeCup GIF Animator" = CoffeeCup GIF Animator
"CoffeeCup Photo Gallery - Trial" = CoffeeCup Photo Gallery - Trial
"CoffeeCup RSS News Flash - Trial" = CoffeeCup RSS News Flash - Trial
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"FileZilla Client" = FileZilla Client 3.2.4.1
"Free Sound Recorder_is1" = Free Sound Recorder v7.1.1
"ie7" = Windows Internet Explorer 7
"ieSpell" = ieSpell
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mihov DPI to Pixel Calculator" = Mihov DPI to Pixel Calculator 2.0 (remove only)
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Runic Games Torchlight" = Torchlight
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"uTorrent" = µTorrent
"WavePad" = WavePad Sound Editor
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19-01-2010 06:56:32 | Computer Name = MARIANNEPC | Source = Application Error | ID = 1000
Description = Fejlagtigt program iexplore.exe, version 7.0.6000.16876, fejlagtigt
modul mshtml.dll, version 7.0.6000.16890, fejlagtig adresse 0x00082197.

Error - 25-01-2010 09:12:09 | Computer Name = MARIANNEPC | Source = Application Error | ID = 1000
Description = Fejlagtigt program iexplore.exe, version 7.0.6000.16876, fejlagtigt
modul mshtml.dll, version 7.0.6000.16890, fejlagtig adresse 0x00082197.

Error - 25-01-2010 15:58:58 | Computer Name = MARIANNEPC | Source = Application Error | ID = 1000
Description = Fejlagtigt program iexplore.exe, version 7.0.6000.16876, fejlagtigt
modul mshtml.dll, version 7.0.6000.16890, fejlagtig adresse 0x00082197.

Error - 27-01-2010 10:44:21 | Computer Name = MARIANNEPC | Source = Application Error | ID = 1005
Description = Windows kan ikke få adgang til filen C:\Documents and Settings\Administrator\Lokale
indstillinger\Temporary Internet Files\Content.IE5\index.dat på grund af en af
følgende årsager: der er et problem med netværksforbindelsen, disken hvor filen
er placeret på, lagerdriverne installeret på computeren eller disken mangler. Windows
lukkede programmet index.dat på grund af denne fejl. Program: index.dat Fil: C:\Documents
and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat

Fejlværdien
står på listen under afsnittet Yderligere data. Brugerhandling 1. Åbner filen igen.
Dette problem er muligvis midlertidigt, der retter sig selv, når programmet kører
igen. 2. Hvis der stadig ikke kan opnås adgang til filen og - filen er på netværket,
skal din netværksadministrator kontrollere, at der ikke er et problem med netværket
og at serveren kan kontaktes. - filen er på en flytbar disk, f.eks. en floppydisk
eller cd-rom, skal du kontrollere, at disken er korrekt indsat i computerens drev.
3.
Kontroller og reparer filsystemet ved at køre CHKDSK. Hvis du vil køre CHKDSK,
skal du klikke på Start, klikke på Kør, skrive CMD, og derefter klikke på OK. Skriv
CHKDSK /F på kommandoprompten, og tryk derefter på ENTER. 4. Hvis problemet er vedvarende,
skal du gendanne filen fra en sikkerhedskopi. 5. Fastslå, om andre filer på den
samme disk kan åbnes. Hvis andre filer heller ikke kan åbnes, er disken muligvis
beskadiget. Hvis det er en harddisk, skal du kontakte systemadministratoren eller
computerforhandleren for at få yderligere hjælp. Yderligere data Fejlværdi: C000009C
Disktype:
3

Error - 27-01-2010 10:44:28 | Computer Name = MARIANNEPC | Source = Application Error | ID = 1000
Description = Fejlagtigt program wlcomm.exe, version 14.0.8064.206, fejlagtigt modul
msvcrt.dll, version 7.0.2600.5512, fejlagtig adresse 0x00037631.

Error - 27-01-2010 10:45:51 | Computer Name = MARIANNEPC | Source = Application Error | ID = 1005
Description = Windows kan ikke få adgang til filen C:\Documents and Settings\Administrator\Lokale
indstillinger\Temporary Internet Files\Content.IE5\index.dat på grund af en af
følgende årsager: der er et problem med netværksforbindelsen, disken hvor filen
er placeret på, lagerdriverne installeret på computeren eller disken mangler. Windows
lukkede programmet index.dat på grund af denne fejl. Program: index.dat Fil: C:\Documents
and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat

Fejlværdien
står på listen under afsnittet Yderligere data. Brugerhandling 1. Åbner filen igen.
Dette problem er muligvis midlertidigt, der retter sig selv, når programmet kører
igen. 2. Hvis der stadig ikke kan opnås adgang til filen og - filen er på netværket,
skal din netværksadministrator kontrollere, at der ikke er et problem med netværket
og at serveren kan kontaktes. - filen er på en flytbar disk, f.eks. en floppydisk
eller cd-rom, skal du kontrollere, at disken er korrekt indsat i computerens drev.
3.
Kontroller og reparer filsystemet ved at køre CHKDSK. Hvis du vil køre CHKDSK,
skal du klikke på Start, klikke på Kør, skrive CMD, og derefter klikke på OK. Skriv
CHKDSK /F på kommandoprompten, og tryk derefter på ENTER. 4. Hvis problemet er vedvarende,
skal du gendanne filen fra en sikkerhedskopi. 5. Fastslå, om andre filer på den
samme disk kan åbnes. Hvis andre filer heller ikke kan åbnes, er disken muligvis
beskadiget. Hvis det er en harddisk, skal du kontakte systemadministratoren eller
computerforhandleren for at få yderligere hjælp. Yderligere data Fejlværdi: C000009C
Disktype:
3

Error - 27-01-2010 10:45:58 | Computer Name = MARIANNEPC | Source = Application Error | ID = 1000
Description = Fejlagtigt program wlcomm.exe, version 14.0.8064.206, fejlagtigt modul
msvcrt.dll, version 7.0.2600.5512, fejlagtig adresse 0x00037631.

Error - 27-01-2010 14:28:24 | Computer Name = MARIANNEPC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070002, P2 beginsearch, P3 search, P4
2.0.6212.0, P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 27-01-2010 14:28:54 | Computer Name = MARIANNEPC | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 27-01-2010 14:29:00 | Computer Name = MARIANNEPC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070002, P2 beginsearch, P3 search, P4
2.0.6212.0, P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 27-01-2010 17:41:28 | Computer Name = MARIANNEPC | Source = Service Control Manager | ID = 7000
Description = Tjenesten Canon Camera Access Library 8 kunne ikke starte pga. følgende
fejl: %%2

Error - 27-01-2010 17:56:10 | Computer Name = MARIANNEPC | Source = DCOM | ID = 10005
Description = Fejlen "%2" opstod på DCOM under forsøg på at starte tjenesten wuauserv
med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 27-01-2010 17:56:11 | Computer Name = MARIANNEPC | Source = Service Control Manager | ID = 7000
Description = Tjenesten Automatiske opdateringer kunne ikke starte pga. følgende
fejl: %%2

Error - 27-01-2010 18:29:26 | Computer Name = MARIANNEPC | Source = Disk | ID = 262151
Description = Enheden \Device\Harddisk0\D havde en fejlbehæftet blok.

Error - 27-01-2010 18:29:26 | Computer Name = MARIANNEPC | Source = Disk | ID = 262151
Description = Enheden \Device\Harddisk0\D havde en fejlbehæftet blok.

Error - 27-01-2010 18:30:12 | Computer Name = MARIANNEPC | Source = Service Control Manager | ID = 7000
Description = Tjenesten Automatiske opdateringer kunne ikke starte pga. følgende
fejl: %%2

Error - 27-01-2010 18:30:12 | Computer Name = MARIANNEPC | Source = Service Control Manager | ID = 7000
Description = Tjenesten Canon Camera Access Library 8 kunne ikke starte pga. følgende
fejl: %%2

Error - 27-01-2010 18:30:57 | Computer Name = MARIANNEPC | Source = System Error | ID = 1003
Description = Fejlkode 0000004e, parameter 1 00000007, parameter 2 0001ce87, parameter
3 00000001, parameter 4 00000000.

Error - 27-01-2010 18:44:44 | Computer Name = MARIANNEPC | Source = DCOM | ID = 10005
Description = Fejlen "%2" opstod på DCOM under forsøg på at starte tjenesten wuauserv
med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 27-01-2010 18:44:44 | Computer Name = MARIANNEPC | Source = Service Control Manager | ID = 7000
Description = Tjenesten Automatiske opdateringer kunne ikke starte pga. følgende
fejl: %%2


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-28 12:43:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\uxlyifod.sys


---- System - GMER 1.0.15 ----

SSDT spcw.sys ZwCreateKey [0xF74E40E0]
SSDT spcw.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spcw.sys ZwEnumerateValueKey [0xF74FD132]
SSDT spcw.sys ZwOpenKey [0xF74E40C0]
SSDT spcw.sys ZwQueryKey [0xF74FD20A]
SSDT spcw.sys ZwQueryValueKey [0xF74FD08A]
SSDT spcw.sys ZwSetValueKey [0xF74FD29C]

INT 0x62 ? 89C14BF8
INT 0x73 ? 89924F00
INT 0x73 ? 89924F00
INT 0x73 ? 89924F00
INT 0x73 ? 89924F00
INT 0x73 ? 89924F00
INT 0x73 ? 89924F00
INT 0x82 ? 89C14BF8

---- Kernel code sections - GMER 1.0.15 ----

? spcw.sys Den angivne fil blev ikke fundet. !
PAGE Ntfs.sys F7B91C00 7 Bytes [FE, FF, 33, C0, E9, 9E, 14]
PAGE Ntfs.sys F7B91C09 3 Bytes [C6, 45, E7]
PAGE Ntfs.sys F7B91C0D 95 Bytes JMP F7B918BE Ntfs.sys (NT File System Driver/Microsoft Corporation)
PAGE Ntfs.sys F7B91C6E 7 Bytes [8B, 46, 14, 89, 86, 0C, 01]
PAGE Ntfs.sys F7B91C77 3 Bytes [C6, 45, E5]
PAGE ...
.text USBPORT.SYS!DllUnload BA0E38AC 5 Bytes JMP 899244E0
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0x9F56D300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xA012D300, 0x1B7E, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89BA92D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750FDDC] spcw.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750FE30] spcw.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E5042] spcw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E513E] spcw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E50C0] spcw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E5800] spcw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E56D6] spcw.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 899245E0

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89C131F8
Device \FileSystem\Fastfat \FatCdrom 899FA500
Device \FileSystem\Fastfat \FatCdrom 9EF5E297
Device \Driver\usbuhci \Device\USBPDO-0 89A5C1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89BA71F8
Device \Driver\dmio \Device\DmControl\DmConfig 89BA71F8
Device \Driver\dmio \Device\DmControl\DmPnP 89BA71F8
Device \Driver\dmio \Device\DmControl\DmInfo 89BA71F8
Device \Driver\usbuhci \Device\USBPDO-1 89A5C1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2534579D-875B-427B-AD00-97D554A8DE16} 89982500
Device \Driver\usbuhci \Device\USBPDO-2 89A5C1F8
Device \Driver\usbuhci \Device\USBPDO-3 89A5C1F8
Device \Driver\usbehci \Device\USBPDO-4 89A451F8

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89C151F8
Device \Driver\USBSTOR \Device\00000071 89A22500
Device \Driver\Ftdisk \Device\HarddiskVolume2 89C151F8
Device \Driver\Cdrom \Device\CdRom0 89A5D500
Device \Driver\Ftdisk \Device\HarddiskVolume3 89C151F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89982500
Device \Driver\NetBT \Device\NetbiosSmb 89982500
Device \Driver\usbuhci \Device\USBFDO-0 89A5C1F8
Device \Driver\USBSTOR \Device\0000006c 89A22500
Device \Driver\usbuhci \Device\USBFDO-1 89A5C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89983500
Device \Driver\usbuhci \Device\USBFDO-2 89A5C1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89983500
Device \Driver\usbuhci \Device\USBFDO-3 89A5C1F8
Device \Driver\usbehci \Device\USBFDO-4 89A451F8
Device \Driver\Ftdisk \Device\FtControl 89C151F8
Device \FileSystem\Fastfat \Fat 899FA500
Device \FileSystem\Fastfat \Fat 9EF5E297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89A31500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x60 0xBC 0xB0 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xCA 0x45 0x89 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x7E 0xCF 0xA6 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x7D 0xF7 0x38 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x60 0xBC 0xB0 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xCA 0x45 0x89 0x66 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x7E 0xCF 0xA6 0x34 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x7D 0xF7 0x38 0x07 ...

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP