Solved Zbot (I think)

[petka]

just to make doubly sure:

the folder is: E:\WINDOWS\system32\drivers

pasted the folder path from my explorer window

 

[Broni]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  

  :filefind
  xpsec.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[petka]

SystemLook 30.07.11 by jpshortstuff
Log created at 03:03 on 28/03/2012 by petka
Administrator - Elevation successful

========== filefind ==========

Searching for "xpsec.sys"
No files found.

-= EOF =-

I guess that isn't so hot....

 

[Broni]

Very good.
It looks like just registry leftover.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
xpsec

Registry::

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[petka]

running

The same interesting behaviour with the internet connection.

starts at 292 746 packets sent
265 472 packets received

of course, that's from the point where I get curios and open the connection status window

now 292 748 sent
265 474 received


it seems CF zaps the D-link (I think that is what I have) but then the windows wireless thing survives


ok, now CF says it is going to restart the PC. We'll see how it goes.

 

[petka]

ComboFix 12-03-27.02 - petka 2012-03-28 3:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1128 [GMT 2:00]
Körs från: e:\documents and settings\petka.PKNEW\Skrivbord\ComboFix.exe
Kommandoväxlar som använts :: e:\documents and settings\petka.PKNEW\Skrivbord\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xpsec
.
.
(((((((((((((((((((((((( Filer skapade från 2012-02-28 till 2012-03-28 ))))))))))))))))))))))))))))))
.
.
2012-03-25 23:49 . 2012-03-25 23:49 -------- d-----w- E:\TDSSKiller_Quarantine
2012-03-25 18:23 . 2012-03-25 18:23 -------- d-----w- e:\program\Delade filer\Java
2012-03-25 18:23 . 2012-03-25 18:23 73728 ----a-w- e:\windows\system32\javacpl.cpl
2012-03-25 17:39 . 2012-03-25 17:39 -------- d-----w- e:\program\Malwarebytes' Anti-Malware
2012-03-25 17:39 . 2011-12-10 13:24 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
2012-03-24 20:56 . 2012-03-24 20:56 -------- d-----w- e:\documents and settings\petka.PKNEW\Application Data\Malwarebytes
2012-03-24 20:56 . 2012-03-24 20:56 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-24 19:53 . 2012-03-24 19:53 -------- d-----w- e:\program\Toolbar Cleaner
2012-03-24 14:59 . 2012-03-24 14:59 -------- d-----r- e:\documents and settings\LocalService\Favoriter
2012-03-22 23:15 . 2012-03-22 23:15 592824 ----a-w- e:\program\Mozilla Firefox\gkmedias.dll
2012-03-22 23:15 . 2012-03-22 23:15 44472 ----a-w- e:\program\Mozilla Firefox\mozglue.dll
2012-03-20 20:47 . 2012-03-20 20:47 -------- d-----w- e:\documents and settings\All Users\Application Data\VS
2012-03-17 21:08 . 2001-09-06 19:33 5632 ----a-w- e:\windows\system32\ptpusb.dll
2012-03-17 21:08 . 2008-04-13 19:45 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys
2012-03-17 21:08 . 2008-04-13 19:45 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys
2012-03-17 21:08 . 2008-04-14 17:04 159232 ----a-w- e:\windows\system32\ptpusd.dll
2012-03-04 10:59 . 2012-03-04 10:59 -------- d-----w- e:\documents and settings\All Users\Application Data\ATI
2012-03-04 10:54 . 2012-03-04 10:54 -------- d-----w- e:\program\AMD APP
2012-03-04 10:53 . 2011-12-20 07:39 100368 ----a-w- e:\windows\system32\drivers\AtihdXP3.sys
2012-03-04 10:53 . 2011-12-06 02:39 956160 ----a-w- e:\windows\system32\ativvamv.dll
2012-03-04 10:51 . 2012-03-04 10:51 -------- d-----w- E:\AMD
2012-03-04 10:41 . 2010-11-03 17:15 359016 ----a-w- e:\windows\vncutil.exe
2012-03-04 10:41 . 2011-12-12 16:20 64616 ----a-w- e:\windows\system32\RtkCoInstIIXP.dll
2012-03-04 10:41 . 2011-11-22 15:28 11368 ----a-w- e:\windows\system32\RtkCoLDRXP.dll
2012-03-04 10:41 . 2010-11-03 17:14 129640 ----a-w- e:\windows\RtkAudioService.exe
2012-03-04 10:41 . 2011-11-24 10:37 21736 ----a-w- e:\windows\system32\drivers\RTAIODAT.DAT
2012-03-04 10:24 . 2012-03-04 10:24 -------- d-----w- e:\documents and settings\NetworkService\Application Data\Xfire
2012-03-04 10:16 . 2012-03-04 10:16 -------- d-----w- e:\documents and settings\petka.PKNEW\Application Data\Easeware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 00:46 . 2009-06-28 22:34 196608 ----a-w- e:\windows\system32\drivers\nStandard.bin
2012-03-25 18:23 . 2010-04-24 22:23 472808 ----a-w- e:\windows\system32\deployJava1.dll
2012-03-25 17:18 . 2009-06-28 22:35 94208 ----a-w- e:\windows\DUMP74e1.tmp
2012-03-22 23:27 . 2010-05-20 22:15 112832 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-03-19 21:57 . 2011-05-21 09:20 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 18:34 . 2012-02-18 19:04 444952 ----a-w- e:\windows\system32\wrap_oal.dll
2012-02-19 18:34 . 2012-02-18 19:04 109080 ----a-w- e:\windows\system32\OpenAL32.dll
2012-02-15 12:11 . 2011-10-24 08:52 137416 ----a-w- e:\windows\system32\drivers\avipbb.sys
2012-02-03 09:57 . 2003-04-24 12:00 1860096 ----a-w- e:\windows\system32\win32k.sys
2012-01-09 16:20 . 2009-06-28 20:45 139784 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2000-08-14 19:33 . 2011-07-14 20:37 6287360 ----a-w- e:\program\IDMain.exe
1998-06-02 04:32 . 2011-07-14 20:38 705024 ----a-w- e:\program\3dfx.dll
2012-03-22 23:15 . 2011-05-11 21:42 97208 ----a-w- e:\program\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_00.12.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-28 01:22 . 2012-03-28 01:22 16384 e:\windows\Temp\Perflib_Perfdata_38c.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="e:\program\Delade filer\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"TomTomHOME.exe"="e:\program\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Steam"="e:\program\Steam\Steam.exe" [2011-08-07 1242448]
"Emotum Mobile Broadband"="e:\program\Emotum\Mobile Broadband\Mobile.exe" [2009-07-09 348968]
"Skype"="e:\program\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="e:\program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="e:\program\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-01 1629744]
"InCD"="e:\program\Nero\Nero 7\InCD\InCD.exe" [2007-06-01 1057328]
"SxgTkBar"="SxgTkBar.exe" [2002-07-22 53248]
"ANIWZCS2Service"="e:\program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]
"D-Link D-Link Wireless N DWA-140"="e:\program\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456]
"ATICustomerCare"="e:\program\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"VoddlerNet Manager"="e:\program\Voddler\service\VNetManager.exe" [2011-08-24 50784]
"avgnt"="e:\program\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="e:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="e:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="e:\program\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="e:\program\Delade filer\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"StartCCC"="e:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 98304]
"Malwarebytes' Anti-Malware"="e:\program\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="e:\program\Delade filer\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adawarebp"="reg.exe delete HKCU\Software\AppDataLow\Software\adawarebp" [X]
"adawarebp_XP"="reg.exe delete HKCU\Software\adawarebp" [X]
.
e:\documents and settings\sofia\Start-meny\Program\Autostart\
OpenOffice.org 3.1.lnk - e:\program\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - e:\program\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
e:\documents and settings\petka.PKNEW\Start-meny\Program\Autostart\
OpenOffice.org 3.3.lnk - e:\program\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
e:\documents and settings\All Users\Start-meny\Program\Autostart\
Samsung Auto Backup Guage.lnk - e:\program\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-3-26 888832]
Samsung Auto Backup Real-Time Daemon.lnk - e:\program\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-3-26 77824]
Samsung Auto Backup Scheduler.lnk - e:\program\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-3-26 94208]
Windows Search.lnk - e:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "e:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\f:\0autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"e:\\Program\\Spotify\\spotify.exe"=
"e:\\Program\\Messenger\\msmsgs.exe"=
"e:\\Program\\Steam\\Steam.exe"=
"e:\\Program\\THQ\\Company of Heroes\\RelicCOH.exe"=
"e:\\Program\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"e:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Program\\uTorrent\\uTorrent.exe"=
"e:\\Program\\Voddler\\service\\voddler.exe"=
"e:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"e:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"e:\\Program\\Skype\\Phone\\Skype.exe"=
"e:\\Program\\Steam\\steamapps\\common\\dawn of war ii - retribution\\DOW2.exe"=
"e:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Program\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 mdf15;mdf15;e:\program\Clarus\Samsung SecretZone\mdf15.sys [2011-03-26 12800]
R2 ANIWConnService;ANIWConn Service;e:\windows\system32\ANIWConnService.exe [2010-05-24 147456]
R2 AntiVirSchedulerService;Avira Scheduler;e:\program\Avira\AntiVir Desktop\sched.exe [2011-10-24 86224]
R2 MBAMService;MBAMService;e:\program\Malwarebytes' Anti-Malware\mbamservice.exe [2012-03-25 652360]
R2 MSR Service;Virtual Disk Service Manager;e:\program\Clarus\Samsung SecretZone\MSSvc.exe [2011-03-26 114688]
R2 TomTomHOMEService;TomTomHOMEService;e:\program\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdXP3.sys [2012-03-04 100368]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2012-03-25 20464]
R3 SOFTXG;YAMAHA XG SoftSynthesizer;e:\windows\system32\drivers\sxgxgwdm.sys [2009-07-03 966784]
S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys --> e:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate);e:\program\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
S3 80czzt43.sys;80czzt43.sys;\??\e:\windows\system32\drivers\80czzt43.sys --> e:\windows\system32\drivers\80czzt43.sys [?]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2009-06-30 1691480]
S3 AWINDIS5;AWINDIS5 Protocol Driver;e:\windows\system32\AWINDIS5.SYS [2009-06-28 16194]
S3 gupdatem;Tjänsten Google Update (gupdatem);e:\program\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
S3 hwusbfake;Huawei DataCard USB Fake;e:\windows\system32\drivers\ewusbfake.sys [2010-02-21 102656]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\e:\program\Lavasoft\Ad-Aware\KernExplorer.sys --> e:\program\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;e:\windows\system32\DRIVERS\wg311tn5.sys --> e:\windows\system32\DRIVERS\wg311tn5.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;e:\windows\System32\svchost.exe -k nosGetPlusHelper [2003-04-24 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- e:\program\Delade filer\LightScribe\LSRunOnce.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-03-15 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-03-28 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program\Google\Update\GoogleUpdate.exe [2010-06-01 22:47]
.
2012-03-28 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program\Google\Update\GoogleUpdate.exe [2010-06-01 22:47]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - e:\documents and settings\petka.PKNEW\Application Data\Mozilla\Firefox\Profiles\vhhkse1z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - about:blank
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 03:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Samsung_ rev. -> Harddisk2\DR4 -> \Device\00000086
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
error: Read Felaktig parameter.
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-261478967-839522115-1006\Software\SecuROM\License information*]
"datasecu"=hex:a0,ab,ad,f8,20,e7,6b,fb,54,2e,e5,a6,e5,2d,cf,f9,fa,dc,40,15,89,
42,e6,5f,54,1f,3c,1f,ee,d0,ae,16,60,cc,24,07,ac,2e,67,72,bc,8c,dc,f5,1a,a9,\
"rkeysecu"=hex:9d,85,06,89,db,86,0d,97,8d,1b,91,81,ad,62,08,76
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2864)
e:\program\Windows Desktop Search\deskbar.dll
e:\program\Windows Desktop Search\sv-se\dbres.dll.mui
e:\program\Windows Desktop Search\dbres.dll
e:\program\Windows Desktop Search\wordwheel.dll
e:\program\Windows Desktop Search\sv-se\msnlExtRes.dll.mui
e:\program\Windows Desktop Search\msnlExtRes.dll
e:\windows\system32\msi.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andra processer som körs ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\Ati2evxx.exe
e:\program\Avira\AntiVir Desktop\avguard.exe
e:\windows\ATKKBService.exe
e:\program\Nero\Nero 7\InCD\InCDsrv.exe
e:\program\Java\jre6\bin\jqs.exe
e:\program\Delade filer\LightScribe\LSSrvc.exe
e:\program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
e:\program\Voddler\service\voddler.exe
e:\program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
e:\windows\system32\SearchIndexer.exe
e:\program\Delade filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
e:\program\Avira\AntiVir Desktop\avshadow.exe
e:\windows\system32\SxgTkBar.exe
e:\windows\system32\wscntfy.exe
e:\windows\RTHDCPL.EXE
e:\program\OpenOffice.org 3\program\soffice.exe
e:\program\OpenOffice.org 3\program\soffice.bin
e:\windows\system32\SearchProtocolHost.exe
e:\windows\system32\SearchFilterHost.exe
e:\windows\system32\rundll32.exe
.
**************************************************************************
.
Sluttid: 2012-03-28 03:31:25 - datorn startades om.
ComboFix-quarantined-files.txt 2012-03-28 01:31
ComboFix2.txt 2012-03-28 00:14
.
Före genomsökningen: 85*628*936*192 byte ledigt
Efter genomsökningen: 85*603*237*888 byte ledigt
.
- - End Of File - - 8791F99D58285D1A701779280C595007

 

[Broni]

Looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[petka]

At work

I am at work at the moment.

I would like to extend my heartfelt gratitude once more, even though there might be some work to do that remains.

I can answer the first Q:
The PC seems much faster under "operation". I think I have too much junk running when I start, so that is still quite slow. The only glitching I have detected during operation yesterday is for instance:
- If I am playing music with WMP and hit the reload button in my Firefox browser, there is a short stutter in the music before it resumes running smoothly. This is quite brief and might be due to the fantastic animations that WMP is running

I have not noticed any other glitching.

I have not attempted to do any banking or similar. I have notified my bank of current events and will not attempt any financial transactions with this computer until you have declared it cured.

The time is now approx 2:40 PM here, and I will get back with the OTL logs no sooner than 7 PM local time but no later than 00:00.

Thx!

 

[petka]

OTL, part 1

OTL logfile created on: 2012-03-28 21:11:08 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = E:\Documents and Settings\petka.PKNEW\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,02% Memory free
3,85 Gb Paging File | 2,94 Gb Available in Paging File | 76,50% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program
Drive C: | 931,28 Gb Total Space | 668,65 Gb Free Space | 71,80% Space Free | Partition Type: FAT32
Drive E: | 465,75 Gb Total Space | 83,90 Gb Free Space | 18,01% Space Free | Partition Type: NTFS
Drive F: | 186,30 Gb Total Space | 140,89 Gb Free Space | 75,63% Space Free | Partition Type: NTFS

Computer Name: PKNEW | User Name: petka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-28 21:09:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\petka.PKNEW\Skrivbord\OTL.exe
PRC - [2012-03-23 01:15:37 | 000,924,600 | ---- | M] (Mozilla Corporation) -- E:\Program\Mozilla Firefox\firefox.exe
PRC - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- E:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-01-13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- E:\Program\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-10-11 15:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011-10-11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program\Avira\AntiVir Desktop\sched.exe
PRC - [2011-10-11 15:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011-10-11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-08-24 17:13:08 | 000,050,784 | ---- | M] (Voddler) -- E:\Program\Voddler\service\VNetManager.exe
PRC - [2011-08-24 17:12:26 | 002,271,200 | ---- | M] (Voddler) -- E:\Program\Voddler\service\voddler.exe
PRC - [2011-03-09 14:30:08 | 000,092,592 | ---- | M] (TomTom) -- E:\Program\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011-01-17 20:11:22 | 011,322,880 | ---- | M] (OpenOffice.org) -- E:\Program\OpenOffice.org 3\program\soffice.exe
PRC - [2011-01-17 20:11:22 | 011,314,688 | ---- | M] (OpenOffice.org) -- E:\Program\OpenOffice.org 3\program\soffice.bin
PRC - [2010-01-04 21:25:02 | 000,094,208 | ---- | M] (Clarus, Inc.) -- E:\Program\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2010-01-04 21:24:24 | 000,077,824 | ---- | M] (Clarus, Inc.) -- E:\Program\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2010-01-04 21:23:22 | 000,888,832 | ---- | M] (Clarus, Inc.) -- E:\Program\Clarus\Samsung Auto Backup\ISFGuage.exe
PRC - [2009-12-30 20:36:06 | 000,114,688 | ---- | M] () -- E:\Program\Clarus\Samsung SecretZone\MSSvc.exe
PRC - [2009-08-18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-08-18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009-05-07 17:26:12 | 001,683,456 | ---- | M] (D-Link Corp.) -- E:\Program\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2009-05-07 14:59:00 | 000,098,304 | ---- | M] (Wireless Service) -- E:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009-02-26 13:46:40 | 000,147,456 | ---- | M] () -- E:\WINDOWS\system32\ANIWConnService.exe
PRC - [2008-08-29 14:26:20 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- E:\WINDOWS\ATKKBService.exe
PRC - [2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2008-04-14 18:05:01 | 000,391,168 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\cmd.exe
PRC - [2007-08-15 09:49:25 | 000,063,040 | ---- | M] () -- E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
PRC - [2007-06-28 11:31:38 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- E:\Program\Delade filer\LightScribe\LSSrvc.exe
PRC - [2007-06-20 12:49:10 | 000,451,872 | ---- | M] (Hewlett-Packard Company) -- E:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe
PRC - [2007-06-01 10:06:06 | 001,629,744 | ---- | M] (Nero AG) -- E:\Program\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007-06-01 10:05:56 | 001,551,408 | ---- | M] (Nero AG) -- E:\Program\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007-06-01 10:05:46 | 001,057,328 | ---- | M] (Nero AG) -- E:\Program\Nero\Nero 7\InCD\InCD.exe
PRC - [2002-07-22 16:03:00 | 000,053,248 | ---- | M] (YAMAHA COROPRATION) -- E:\WINDOWS\system32\Sxgtkbar.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-23 01:15:37 | 001,969,080 | ---- | M] () -- E:\Program\Mozilla Firefox\mozjs.dll
MOD - [2012-03-20 22:47:33 | 011,817,472 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012-03-20 22:47:18 | 000,212,992 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012-03-20 22:45:48 | 000,971,264 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012-03-20 22:44:58 | 000,025,600 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2012-03-20 22:42:14 | 005,450,752 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012-03-20 22:42:10 | 012,430,848 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012-03-20 22:42:00 | 001,587,200 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012-03-20 22:41:05 | 007,953,408 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012-03-20 22:40:59 | 011,490,816 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012-02-26 13:09:44 | 008,527,008 | ---- | M] () -- E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012-02-15 20:58:25 | 000,303,104 | ---- | M] () -- E:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011-12-05 22:45:14 | 000,270,336 | ---- | M] () -- E:\Program\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011-10-24 00:31:00 | 000,985,088 | ---- | M] () -- E:\Program\OpenOffice.org 3\program\libxml2.dll
MOD - [2011-10-11 15:00:22 | 000,398,288 | ---- | M] () -- E:\Program\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010-12-12 21:37:55 | 000,200,704 | ---- | M] () -- E:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_sv_b77a5c561934e089\System.resources.dll
MOD - [2010-12-12 21:37:53 | 000,409,600 | ---- | M] () -- E:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_sv_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010-12-12 21:37:53 | 000,032,768 | ---- | M] () -- E:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_sv_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010-12-12 21:37:51 | 000,299,008 | ---- | M] () -- E:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-03-16 13:22:12 | 000,014,848 | ---- | M] () -- E:\Program\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009-12-30 20:36:06 | 000,114,688 | ---- | M] () -- E:\Program\Clarus\Samsung SecretZone\MSSvc.exe
MOD - [2009-12-30 20:36:04 | 000,294,912 | ---- | M] () -- E:\Program\Clarus\Samsung SecretZone\MSMgrSDK.dll
MOD - [2009-12-30 20:36:00 | 000,528,384 | ---- | M] () -- E:\Program\Clarus\Samsung SecretZone\MSMgrSDK.EN
MOD - [2009-12-30 20:36:00 | 000,110,592 | ---- | M] () -- E:\Program\Clarus\Samsung SecretZone\MSUtilSDK.dll
MOD - [2009-03-05 11:12:08 | 000,258,048 | ---- | M] () -- E:\WINDOWS\system32\wlanapp.dll
MOD - [2009-02-27 19:23:48 | 000,311,296 | ---- | M] () -- E:\Program\Delade filer\Adobe\Acrobat\ActiveX\pdfshell.SVE
MOD - [2009-02-26 13:46:40 | 000,147,456 | ---- | M] () -- E:\WINDOWS\system32\ANIWConnService.exe
MOD - [2009-02-09 18:26:10 | 000,315,392 | ---- | M] () -- E:\WINDOWS\system32\ANIOApi.dll
MOD - [2009-02-09 18:26:10 | 000,315,392 | ---- | M] () -- E:\Program\D-Link\DWA-140 revB\ANIOApi.dll
MOD - [2008-07-09 10:06:32 | 000,675,840 | ---- | M] () -- E:\Program\K-Lite Codec Pack\Filters\ac3filter.ax
MOD - [2008-04-14 18:04:42 | 000,014,336 | ---- | M] () -- E:\WINDOWS\system32\msdmo.dll
MOD - [2007-08-15 09:49:25 | 000,063,040 | ---- | M] () -- E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
MOD - [2007-02-16 17:40:42 | 005,521,408 | ---- | M] () -- E:\Program\Delade filer\LightScribe\QtGui4.dll
MOD - [2007-02-16 17:40:40 | 001,466,368 | ---- | M] () -- E:\Program\Delade filer\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Auto | Stopped] -- E:\DOCUME~1\PETKA~1.PKN\LOKALA~1\Temp\hpdj.exe -- (hpdj)
SRV - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-10-11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Program\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-10-11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Program\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-08-24 17:12:26 | 002,271,200 | ---- | M] (Voddler) [Auto | Running] -- E:\Program\Voddler\service\voddler.exe -- (VoddlerNet)
SRV - [2011-03-09 14:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- E:\Program\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010-08-13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- E:\Program\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009-12-30 20:36:06 | 000,114,688 | ---- | M] () [Auto | Running] -- E:\Program\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2009-08-18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009-02-26 13:46:40 | 000,147,456 | ---- | M] () [Auto | Running] -- E:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2008-08-29 14:26:20 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- E:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2007-08-15 09:49:25 | 000,063,040 | ---- | M] () [Auto | Running] -- E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe -- (PnkBstrA)
SRV - [2007-06-28 11:31:38 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- E:\Program\Delade filer\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007-06-01 10:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-06-01 10:05:56 | 001,551,408 | ---- | M] (Nero AG) [Auto | Running] -- E:\Program\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007-01-19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- E:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- E:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wg311tn5.sys -- (NETGEAR_WG311T_SERVICE)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Program\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\80czzt43.sys -- (80czzt43.sys)
DRV - [2012-02-15 14:11:44 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-12-20 09:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011-12-13 19:27:30 | 007,069,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011-12-10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-12-06 05:42:18 | 007,490,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011-10-11 15:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011-10-11 15:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011-02-07 22:08:58 | 000,132,096 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2010-08-12 12:44:06 | 000,071,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2010-06-17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-04-28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009-11-18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-04-21 14:25:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- E:\Program\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15)
DRV - [2009-04-15 14:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009-02-09 18:10:04 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- E:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2008-12-30 12:55:20 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008-12-13 12:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008-09-16 05:40:16 | 001,343,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008-08-29 14:26:24 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008-08-29 14:26:24 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2008-08-29 14:26:20 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-02 09:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007-06-01 10:05:56 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007-06-01 10:05:56 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007-06-01 10:05:56 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- E:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007-06-01 10:05:46 | 000,118,704 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- E:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007-04-16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007-01-29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2002-05-22 08:34:00 | 000,966,784 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\sxgxgwdm.sys -- (SOFTXG)
DRV - [2002-04-11 18:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1292428093-261478967-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKU\S-1-5-21-1292428093-261478967-839522115-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1292428093-261478967-839522115-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1292428093-261478967-839522115-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1292428093-261478967-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: mr.nojd@gmail.com:0.7.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: E:\Program\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@curl.com/Curl.RTE: e:\Program\Curl Corporation\Surge\plugins\np-curl-surge.dll (Curl, Inc.)
FF - HKLM\Software\MozillaPlugins\@curl.com/Curl.RTE.8.0: e:\Program\Curl Corporation\Surge\plugins\np-curl-surge-8-0.dll (Curl, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.90: E:\Program\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: E:\Program\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: E:\Program\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Program\Mozilla Firefox\components [2012-03-23 01:15:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Program\Mozilla Firefox\plugins [2012-03-25 21:46:12 | 000,000,000 | ---D | M]

[2009-08-02 22:13:36 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\petka.PKNEW\Application Data\Mozilla\Extensions
[2009-08-02 22:13:36 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\petka.PKNEW\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012-03-26 01:02:55 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\petka.PKNEW\Application Data\Mozilla\Firefox\Profiles\vhhkse1z.default\extensions
[2010-06-10 23:06:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\petka.PKNEW\Application Data\Mozilla\Firefox\Profiles\vhhkse1z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-06-10 23:06:17 | 000,000,000 | ---D | M] ("Freekick Youth Analyzer") -- E:\Documents and Settings\petka.PKNEW\Application Data\Mozilla\Firefox\Profiles\vhhkse1z.default\extensions\mr.nojd@gmail.com
[2011-05-11 23:43:33 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\petka.PKNEW\Application Data\Mozilla\Firefox\Profiles\vhhkse1z.default\extensions\nostmp
[2012-03-25 20:23:35 | 000,000,000 | ---D | M] (No name found) -- E:\Program\Mozilla Firefox\extensions
[2011-12-02 19:35:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-03-25 20:23:35 | 000,000,000 | ---D | M] (Java Console) -- E:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012-03-25 20:23:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- E:\PROGRAM\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-03-23 01:15:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program\mozilla firefox\components\browsercomps.dll
[2012-03-25 20:23:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program\mozilla firefox\plugins\npdeployJava1.dll
[2012-02-22 00:09:47 | 000,001,470 | ---- | M] () -- E:\Program\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2010-04-24 20:30:31 | 000,002,191 | ---- | M] () -- E:\Program\mozilla firefox\searchplugins\babylon.xml
[2012-02-22 00:09:47 | 000,002,252 | ---- | M] () -- E:\Program\mozilla firefox\searchplugins\bing.xml
[2012-02-22 00:09:47 | 000,002,670 | ---- | M] () -- E:\Program\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2012-02-22 00:09:47 | 000,000,948 | ---- | M] () -- E:\Program\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2012-02-22 00:09:47 | 000,001,174 | ---- | M] () -- E:\Program\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2012-02-22 00:09:47 | 000,000,951 | ---- | M] () -- E:\Program\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2012-03-28 02:12:37 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1292428093-261478967-839522115-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] E:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] E:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] E:\Program\Delade filer\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] E:\Program\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] E:\Program\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] E:\Program\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [InCD] E:\Program\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] E:\Program\Delade filer\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] E:\Program\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] E:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SxgTkBar] E:\WINDOWS\System32\Sxgtkbar.exe (YAMAHA COROPRATION)
O4 - HKLM..\Run: [VoddlerNet Manager] E:\Program\Voddler\service\VNetManager.exe (Voddler)
O4 - HKU\S-1-5-21-1292428093-261478967-839522115-1006..\Run: [Emotum Mobile Broadband] E:\Program\Emotum\Mobile Broadband\Mobile.exe (Emotum)
O4 - HKU\S-1-5-21-1292428093-261478967-839522115-1006..\Run: [LightScribe Control Panel] E:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1292428093-261478967-839522115-1006..\Run: [Steam] E:\Program\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1292428093-261478967-839522115-1006..\Run: [TomTomHOME.exe] E:\Program\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\.DEFAULT..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O4 - Startup: E:\Documents and Settings\All Users\Start-meny\Program\Autostart\Samsung Auto Backup Guage.lnk = E:\Program\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start-meny\Program\Autostart\Samsung Auto Backup Real-Time Daemon.lnk = E:\Program\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start-meny\Program\Autostart\Samsung Auto Backup Scheduler.lnk = E:\Program\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O4 - Startup: E:\Documents and Settings\petka.PKNEW\Start-meny\Program\Autostart\OpenOffice.org 3.3.lnk = E:\Program\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: E:\Documents and Settings\sofia\Start-meny\Program\Autostart\OpenOffice.org 3.1.lnk = E:\Program\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: E:\Documents and Settings\sofia\Start-meny\Program\Autostart\OpenOffice.org 3.3.lnk = E:\Program\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-261478967-839522115-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-261478967-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-261478967-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-261478967-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6120850-2646-4333-AD87-2C0EA347C1EE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: E:\Documents and Settings\petka.PKNEW\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\petka.PKNEW\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - E:\Program\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /p \??\F
O34 - HKLM BootExecute: (autocheck autochk /p \??\C
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

Drivers32: msacm.ac3acm - E:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - E:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.asv2 - E:\WINDOWS\System32\ASUSASV2.DLL ()
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - E:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - E:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax (Ligos Corporation)
Drivers32: vidc.iv50 - E:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: VIDC.XVID - E:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - E:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - E:\WINDOWS\System32\iyvu9_32.dll ()

 

[petka]

OTL, part 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-03-28 21:14:02 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\petka.PKNEW\Recent
[2012-03-28 21:09:07 | 000,593,920 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\petka.PKNEW\Skrivbord\OTL.exe
[2012-03-28 04:04:32 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2012-03-27 14:08:19 | 000,000,000 | RHSD | C] -- E:\cmdcons
[2012-03-27 14:05:33 | 000,518,144 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
[2012-03-27 14:05:33 | 000,406,528 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
[2012-03-27 14:05:33 | 000,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
[2012-03-27 14:05:33 | 000,060,416 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
[2012-03-27 14:05:24 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2012-03-27 14:05:21 | 000,000,000 | ---D | C] -- E:\Qoobox
[2012-03-27 13:47:38 | 004,447,641 | R--- | C] (Swearware) -- E:\Documents and Settings\petka.PKNEW\Skrivbord\ComboFix.exe
[2012-03-26 01:49:53 | 000,000,000 | ---D | C] -- E:\TDSSKiller_Quarantine
[2012-03-26 01:48:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\petka.PKNEW\Skrivbord\tdsskiller
[2012-03-26 01:09:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\petka.PKNEW\Skrivbord\bootkit_remover
[2012-03-26 01:00:07 | 004,731,392 | ---- | C] (AVAST Software) -- E:\Documents and Settings\petka.PKNEW\Skrivbord\aswMBR.exe
[2012-03-25 23:59:55 | 000,607,260 | R--- | C] (Swearware) -- E:\Documents and Settings\petka.PKNEW\Skrivbord\dds.scr
[2012-03-25 22:11:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\petka.PKNEW\Skrivbord\JavaRa-1.16-16-12-11
[2012-03-25 20:23:49 | 000,000,000 | ---D | C] -- E:\Program\Delade filer\Java
[2012-03-25 19:39:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes' Anti-Malware
[2012-03-25 19:39:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2012-03-25 19:39:33 | 000,000,000 | ---D | C] -- E:\Program\Malwarebytes' Anti-Malware
[2012-03-24 22:56:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\petka.PKNEW\Application Data\Malwarebytes
[2012-03-24 22:56:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-03-24 21:53:47 | 000,000,000 | ---D | C] -- E:\Program\Toolbar Cleaner
[2012-03-24 16:59:24 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\Adobe
[2012-03-20 22:47:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\VS
[2012-03-04 12:59:15 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\ATI
[2012-03-04 12:54:30 | 000,000,000 | ---D | C] -- E:\Program\AMD APP
[2012-03-04 12:54:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start-meny\Program\Catalyst Control Center
[2012-03-04 12:51:49 | 000,000,000 | ---D | C] -- E:\AMD
[2012-03-04 12:49:30 | 000,792,704 | ---- | C] (AMD) -- E:\Documents and Settings\petka.PKNEW\Mina dokument\amddriverdownloader.exe
[2012-03-04 12:41:53 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- E:\WINDOWS\vncutil.exe
[2012-03-04 12:41:51 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- E:\WINDOWS\RtkAudioService.exe
[2012-03-04 12:24:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Application Data\Xfire
[2012-03-04 12:16:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\petka.PKNEW\Application Data\Easeware
[2012-03-04 12:15:52 | 002,104,888 | ---- | C] (Easeware ) -- E:\Documents and Settings\petka.PKNEW\Mina dokument\DriverEasy_Setup.exe
[2011-07-14 22:38:04 | 000,705,024 | ---- | C] (3Dfx Interactive, Inc.) -- E:\Program\3dfx.dll
[2011-07-14 22:37:44 | 006,287,360 | ---- | C] (Interplay Entertainment, Corp.) -- E:\Program\IDMain.exe
[5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-28 21:09:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\petka.PKNEW\Skrivbord\OTL.exe
[2012-03-28 21:04:23 | 000,003,284 | ---- | M] () -- E:\WINDOWS\System32\ANIWZCS{B6120850-2646-4333-AD87-2C0EA347C1EE}
[2012-03-28 21:00:55 | 000,000,006 | ---- | M] () -- E:\WINDOWS\System32\ANIWZCSUSERNAME{B6120850-2646-4333-AD87-2C0EA347C1EE}
[2012-03-28 21:00:42 | 000,000,007 | ---- | M] () -- E:\WINDOWS\System32\ANIWZCSUSERNAME
[2012-03-28 21:00:36 | 000,012,598 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2012-03-28 21:00:33 | 000,000,964 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-28 20:41:00 | 000,000,968 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-28 19:44:15 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2012-03-28 04:08:46 | 000,196,608 | ---- | M] () -- E:\WINDOWS\System32\drivers\nStandard.bin
[2012-03-28 04:07:58 | 000,239,616 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-28 03:47:44 | 000,000,069 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2012-03-28 03:02:51 | 000,139,264 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Skrivbord\SystemLook.exe
[2012-03-28 02:12:37 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2012-03-27 14:08:24 | 000,000,310 | RHS- | M] () -- E:\boot.ini
[2012-03-27 13:47:39 | 004,447,641 | R--- | M] (Swearware) -- E:\Documents and Settings\petka.PKNEW\Skrivbord\ComboFix.exe
[2012-03-26 01:00:10 | 004,731,392 | ---- | M] (AVAST Software) -- E:\Documents and Settings\petka.PKNEW\Skrivbord\aswMBR.exe
[2012-03-25 23:59:55 | 000,607,260 | R--- | M] (Swearware) -- E:\Documents and Settings\petka.PKNEW\Skrivbord\dds.scr
[2012-03-25 23:03:55 | 000,523,388 | ---- | M] () -- E:\WINDOWS\System32\perfh01D.dat
[2012-03-25 23:03:55 | 000,502,422 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2012-03-25 23:03:55 | 000,111,652 | ---- | M] () -- E:\WINDOWS\System32\perfc01D.dat
[2012-03-25 23:03:55 | 000,088,328 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2012-03-25 22:36:14 | 000,302,592 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Skrivbord\4b6r06uv.exe
[2012-03-25 22:07:28 | 000,160,639 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Skrivbord\JavaRa-1.16-16-12-11.zip
[2012-03-25 19:39:40 | 000,000,740 | ---- | M] () -- E:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk
[2012-03-24 21:53:25 | 000,000,765 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\Ad-Aware.lnk
[2012-03-24 21:50:59 | 012,442,112 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\Ad-Aware96Install.msi
[2012-03-24 20:46:03 | 000,118,514 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\boven_i_dramat.JPG
[2012-03-24 13:19:37 | 000,147,666 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\kaparsida.JPG
[2012-03-24 03:13:03 | 000,000,064 | ---- | M] () -- E:\WINDOWS\System32\rp_stats.dat
[2012-03-24 03:13:03 | 000,000,044 | ---- | M] () -- E:\WINDOWS\System32\rp_rules.dat
[2012-03-20 22:56:24 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2012-03-20 18:59:00 | 000,000,664 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat
[2012-03-15 10:57:01 | 000,000,272 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-03-15 10:21:45 | 000,245,512 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2012-03-04 16:03:22 | 000,015,841 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Skrivbord\Bättre Stenbergs.odt
[2012-03-04 12:49:30 | 000,792,704 | ---- | M] (AMD) -- E:\Documents and Settings\petka.PKNEW\Mina dokument\amddriverdownloader.exe
[2012-03-04 12:22:50 | 000,000,594 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\Xfire.lnk
[2012-03-04 12:22:18 | 008,525,192 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\xfire_installer_45320.exe
[2012-03-04 12:16:46 | 000,000,771 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\DriverEasy.lnk
[2012-03-04 12:15:52 | 002,104,888 | ---- | M] (Easeware ) -- E:\Documents and Settings\petka.PKNEW\Mina dokument\DriverEasy_Setup.exe
[5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-28 03:02:51 | 000,139,264 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Skrivbord\SystemLook.exe
[2012-03-27 14:08:24 | 000,000,193 | ---- | C] () -- E:\Boot.bak
[2012-03-27 14:08:21 | 000,260,784 | RHS- | C] () -- E:\cmldr
[2012-03-27 14:05:33 | 000,256,000 | ---- | C] () -- E:\WINDOWS\PEV.exe
[2012-03-27 14:05:33 | 000,208,896 | ---- | C] () -- E:\WINDOWS\MBR.exe
[2012-03-27 14:05:33 | 000,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
[2012-03-27 14:05:33 | 000,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
[2012-03-27 14:05:33 | 000,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
[2012-03-25 22:36:13 | 000,302,592 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Skrivbord\4b6r06uv.exe
[2012-03-25 22:07:27 | 000,160,639 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Skrivbord\JavaRa-1.16-16-12-11.zip
[2012-03-25 19:39:40 | 000,000,740 | ---- | C] () -- E:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk
[2012-03-24 20:46:03 | 000,118,514 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\boven_i_dramat.JPG
[2012-03-24 13:32:52 | 012,442,112 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\Ad-Aware96Install.msi
[2012-03-24 13:19:37 | 000,147,666 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\kaparsida.JPG
[2012-03-04 13:16:11 | 000,015,841 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Skrivbord\Bättre Stenbergs.odt
[2012-03-04 12:41:49 | 000,021,736 | ---- | C] () -- E:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012-03-04 12:22:50 | 000,000,594 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\Xfire.lnk
[2012-03-04 12:22:15 | 008,525,192 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\xfire_installer_45320.exe
[2012-03-04 12:16:46 | 000,000,771 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Mina dokument\DriverEasy.lnk
[2012-02-17 15:05:58 | 000,000,016 | -H-- | C] () -- E:\WINDOWS\System32\gqbvo9j.dll
[2012-02-17 15:05:56 | 000,001,025 | ---- | C] () -- E:\WINDOWS\System32\u0b3xyo.dll
[2012-02-17 15:05:56 | 000,001,025 | ---- | C] () -- E:\WINDOWS\System32\grcauth2.dll
[2012-02-17 15:05:56 | 000,001,025 | ---- | C] () -- E:\WINDOWS\System32\grcauth1.dll
[2012-02-17 15:05:54 | 000,001,025 | ---- | C] () -- E:\WINDOWS\System32\clauth2.dll
[2012-02-17 15:05:54 | 000,001,025 | ---- | C] () -- E:\WINDOWS\System32\clauth1.dll
[2012-02-17 15:05:50 | 000,000,016 | -H-- | C] () -- E:\WINDOWS\System32\uqp9b32.dll
[2011-12-05 23:04:00 | 000,059,904 | ---- | C] () -- E:\WINDOWS\System32\OpenVideo.dll
[2011-12-05 23:03:52 | 000,054,784 | ---- | C] () -- E:\WINDOWS\System32\OVDecode.dll
[2011-07-14 22:38:04 | 000,007,550 | ---- | C] () -- E:\Program\Keymap.ini
[2011-07-14 22:38:04 | 000,001,251 | ---- | C] () -- E:\Program\icewind.ini
[2011-07-14 22:37:47 | 000,216,476 | ---- | C] () -- E:\Program\CHITIN.KEY
[2011-07-14 22:37:47 | 000,011,889 | ---- | C] () -- E:\Program\Language.ini
[2011-07-14 22:37:46 | 002,906,002 | ---- | C] () -- E:\Program\Dialog.tlk
[2011-07-14 22:37:44 | 000,416,623 | ---- | C] () -- E:\Program\Uninst.isu
[2011-04-25 00:16:05 | 000,000,064 | ---- | C] () -- E:\WINDOWS\System32\rp_stats.dat
[2011-04-25 00:16:05 | 000,000,044 | ---- | C] () -- E:\WINDOWS\System32\rp_rules.dat
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- E:\WINDOWS\System32\xlive.dll.cat
[2010-10-26 15:27:28 | 000,000,072 | ---- | C] () -- E:\WINDOWS\wininit.ini
[2010-07-05 19:43:22 | 000,000,056 | -H-- | C] () -- E:\WINDOWS\System32\ezsidmv.dat
[2010-05-30 20:45:45 | 000,000,741 | ---- | C] () -- E:\WINDOWS\CoD.INI
[2010-05-25 09:06:33 | 000,000,280 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Application Data\ANICONFIG_{B6120850-2646-4333-AD87-2C0EA347C1EE}.ini
[2010-05-24 00:36:19 | 000,147,456 | ---- | C] () -- E:\WINDOWS\System32\ANIWConnService.exe
[2010-05-24 00:35:43 | 000,258,048 | ---- | C] () -- E:\WINDOWS\System32\wlanapp.dll
[2010-05-24 00:35:43 | 000,204,800 | ---- | C] () -- E:\WINDOWS\System32\aIPH.dll
[2010-05-24 00:35:43 | 000,049,152 | ---- | C] () -- E:\WINDOWS\System32\JJAKEn.dll
[2010-05-24 00:35:43 | 000,049,152 | ---- | C] () -- E:\WINDOWS\System32\AQCKGen.dll
[2010-05-24 00:35:43 | 000,045,115 | ---- | C] () -- E:\WINDOWS\System32\ANICtl.dll
[2010-05-24 00:35:22 | 000,315,392 | ---- | C] () -- E:\WINDOWS\System32\ANIOApi.dll
[2010-05-24 00:35:22 | 000,048,640 | ---- | C] () -- E:\WINDOWS\System32\ANIO64.sys
[2010-05-24 00:35:22 | 000,029,411 | ---- | C] () -- E:\WINDOWS\System32\ANIO.sys
[2010-05-24 00:35:14 | 000,724,992 | ---- | C] () -- E:\WINDOWS\System32\ANIOWPS.dll
[2010-05-24 00:35:14 | 000,237,568 | ---- | C] () -- E:\WINDOWS\System32\ANIWPS.exe
[2010-05-21 01:16:28 | 000,402,558 | ---- | C] () -- E:\Documents and Settings\LocalService\Lokala inställningar\Application Data\WPFFontCache_v0400-S-1-5-21-1292428093-261478967-839522115-1006-0.dat
[2010-05-21 01:16:28 | 000,192,502 | ---- | C] () -- E:\Documents and Settings\LocalService\Lokala inställningar\Application Data\WPFFontCache_v0400-System.dat
[2010-04-27 17:59:05 | 000,000,664 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat
[2010-04-18 15:33:25 | 000,000,280 | ---- | C] () -- E:\Documents and Settings\petka.PKNEW\Application Data\ANICONFIG_{1D817C79-8E79-4DC1-B29C-3E072AE4041A}.ini
[2010-04-18 15:25:38 | 000,013,931 | ---- | C] () -- E:\WINDOWS\System32\RaCoInst.dat

========== LOP Check ==========

[2011-11-13 18:37:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\CheckPoint
[2010-05-17 22:33:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ChessBase
[2011-06-22 15:16:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Clarus
[2010-06-21 22:33:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010-12-12 20:51:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Emotum
[2010-12-19 20:57:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\LightScribe
[2009-09-10 22:51:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MailFrontier
[2012-02-21 23:37:45 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Nokia
[2012-02-21 23:36:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010-04-05 21:14:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010-04-05 21:06:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010-04-05 21:19:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Suite
[2009-08-02 22:24:30 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TomTom
[2010-01-17 19:47:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2010-07-21 00:52:10 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Voddler
[2012-03-20 22:47:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\VS
[2010-07-03 11:12:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Katarina\Application Data\CheckPoint
[2010-04-11 11:49:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Katarina\Application Data\PC Suite
[2012-02-09 13:49:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Katarina\Application Data\Spotify
[2011-07-28 15:40:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Katarina\Application Data\Windows Desktop Search
[2010-07-03 02:53:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\CheckPoint
[2010-05-17 22:33:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\ChessBase
[2012-02-17 15:05:45 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Curl Corporation
[2012-03-04 12:16:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Easeware
[2011-03-13 21:00:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Internet Chess Club
[2012-02-24 02:02:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Nokia
[2010-04-05 21:25:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Nokia Ovi Suite
[2012-02-24 02:02:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Nokia Suite
[2009-08-18 08:18:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\OpenOffice.org
[2010-04-05 21:24:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\PC Suite
[2010-01-17 19:06:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Serif
[2010-06-21 23:02:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\SPORE
[2012-03-24 13:35:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Spotify
[2009-08-02 22:13:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\TomTom
[2012-03-25 05:33:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\uTorrent
[2010-01-17 19:47:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Virtual Mechanics
[2010-04-12 21:28:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\VoddlerPlayer.22AA32E1C519F8FB77514A36DC6C2AE2C623240F.1
[2011-06-22 16:45:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\wargaming.net
[2011-07-25 12:41:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Windows Desktop Search
[2011-08-09 07:31:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\petka.PKNEW\Application Data\Windows Search
[2010-10-04 21:46:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\sofia\Application Data\CheckPoint
[2009-10-23 11:59:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\sofia\Application Data\OpenOffice.org
[2011-10-03 04:28:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\sofia\Application Data\Windows Desktop Search
[2011-04-02 16:10:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\TEMP\Application Data\CheckPoint

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009-06-29 00:37:53 | 000,000,193 | ---- | M] () -- E:\Boot.bak
[2012-03-27 14:08:24 | 000,000,310 | RHS- | M] () -- E:\boot.ini
[2003-04-24 14:00:00 | 000,004,952 | RHS- | M] () -- E:\Bootfont.bin
[2004-08-03 23:00:18 | 000,260,784 | RHS- | M] () -- E:\cmldr
[2012-03-28 03:31:26 | 000,017,332 | ---- | M] () -- E:\ComboFix.txt
[2012-03-25 22:17:06 | 000,025,778 | ---- | M] () -- E:\JavaRa.log
[2009-06-30 23:29:33 | 000,047,564 | RHS- | M] () -- E:\NTDETECT.COM
[2009-06-30 23:55:11 | 000,250,560 | RHS- | M] () -- E:\ntldr
[2012-03-28 19:44:04 | 2145,386,496 | -HS- | M] () -- E:\pagefile.sys
[2012-03-26 01:50:02 | 000,089,542 | ---- | M] () -- E:\TDSSKiller.2.7.22.0_26.03.2012_01.48.29_log.txt
[2012-03-26 02:30:48 | 000,088,574 | ---- | M] () -- E:\TDSSKiller.2.7.22.0_26.03.2012_02.24.34_log.txt
[2012-03-27 13:43:57 | 000,004,136 | ---- | M] () -- E:\TDSSKiller.2.7.22.0_27.03.2012_13.43.44_log.txt
[2012-03-27 13:45:36 | 000,088,574 | ---- | M] () -- E:\TDSSKiller.2.7.23.0_27.03.2012_13.44.56_log.txt

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-06-28 22:47:13 | 000,000,067 | -HS- | M] () -- E:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006-09-15 11:36:32 | 000,208,896 | R--- | M] (CIB software GmbH, München) -- E:\WINDOWS\system32\spool\prtprocs\w32x86\CIBpdfPP.dll
[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010-04-17 00:21:16 | 000,306,544 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\WLXPGSS.SCR
[5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010-02-21 12:16:50 | 000,001,674 | -H-- | M] () -- E:\Documents and Settings\petka.PKNEW\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[1998-06-02 06:32:48 | 000,705,024 | ---- | M] (3Dfx Interactive, Inc.) -- E:\Program\3dfx.dll
[2000-06-22 01:45:14 | 000,216,476 | ---- | M] () -- E:\Program\CHITIN.KEY
[2000-06-22 23:39:12 | 002,906,002 | ---- | M] () -- E:\Program\Dialog.tlk
[2011-07-15 00:39:02 | 000,001,251 | ---- | M] () -- E:\Program\icewind.ini
[2000-08-14 21:33:46 | 006,287,360 | ---- | M] (Interplay Entertainment, Corp.) -- E:\Program\IDMain.exe
[2000-06-22 21:42:24 | 000,007,550 | ---- | M] () -- E:\Program\Keymap.ini
[2000-06-22 23:03:26 | 000,011,889 | ---- | M] () -- E:\Program\Language.ini
[2000-08-09 13:53:16 | 000,044,871 | ---- | M] () -- E:\Program\README_ENG.TXT
[2011-07-14 22:46:12 | 000,416,623 | ---- | M] () -- E:\Program\Uninst.isu

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009-06-29 00:37:53 | 000,094,208 | ---- | M] () -- E:\WINDOWS\System32\config\default.sav
[2009-06-29 00:37:53 | 000,626,688 | ---- | M] () -- E:\WINDOWS\System32\config\software.sav
[2009-06-29 00:37:53 | 000,409,600 | ---- | M] () -- E:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >
[2011-06-22 15:17:10 | 000,000,000 | ---D | M] -- E:\Program\Clarus\Samsung Auto Backup\Bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009-07-01 00:08:56 | 000,000,185 | -HS- | M] () -- E:\Documents and Settings\petka.PKNEW\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009-06-28 23:40:38 | 000,000,079 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Application Data\Microsoft\Internet Explorer\Quick Launch\Visa skrivbordet.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012-03-15 10:57:01 | 000,000,272 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2003-04-24 14:00:00 | 000,000,065 | RH-- | M] () -- E:\WINDOWS\tasks\desktop.ini
[2012-03-28 21:00:33 | 000,000,964 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-28 20:41:00 | 000,000,968 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-28 19:44:37 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012-03-27 14:51:41 | 000,000,067 | -HS- | M] () -- E:\Documents and Settings\petka.PKNEW\Cookies\desktop.ini
[2012-03-28 21:04:58 | 000,229,376 | ---- | M] () -- E:\Documents and Settings\petka.PKNEW\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007-06-27 16:11:30 | 000,317,952 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008-04-14 18:04:35 | 000,033,792 | ---- | M] (Microsoft Corporation) -- E:\Program\Messenger\custsat.dll
[2003-02-05 10:32:46 | 000,012,858 | ---- | M] () -- E:\Program\Messenger\license.txt
[2002-12-17 10:23:22 | 000,004,821 | ---- | M] () -- E:\Program\Messenger\logowin.gif
[2002-12-17 10:23:22 | 000,007,047 | ---- | M] () -- E:\Program\Messenger\lvback.gif
[2003-02-05 10:32:46 | 000,000,895 | ---- | M] () -- E:\Program\Messenger\mailtmpl.txt
[2008-05-02 16:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- E:\Program\Messenger\msgsc.dll
[2008-04-13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- E:\Program\Messenger\msgslang.dll
[2008-04-14 18:05:13 | 001,695,232 | ---- | M] (Microsoft Corporation) -- E:\Program\Messenger\msmsgs.exe
[2002-08-20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- E:\Program\Messenger\msmsgsin.exe
[2002-12-17 10:23:18 | 000,002,882 | ---- | M] () -- E:\Program\Messenger\newalert.wav
[2002-12-17 10:23:18 | 000,006,156 | ---- | M] () -- E:\Program\Messenger\newemail.wav
[2002-12-17 10:23:18 | 000,006,160 | ---- | M] () -- E:\Program\Messenger\online.wav
[2002-12-17 10:23:24 | 000,004,454 | ---- | M] () -- E:\Program\Messenger\type.wav
[2004-07-17 20:38:43 | 000,120,159 | ---- | M] () -- E:\Program\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

 

[petka]

OTL Extras

OTL Extras logfile created on: 2012-03-28 21:11:08 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = E:\Documents and Settings\petka.PKNEW\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,02% Memory free
3,85 Gb Paging File | 2,94 Gb Available in Paging File | 76,50% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program
Drive C: | 931,28 Gb Total Space | 668,65 Gb Free Space | 71,80% Space Free | Partition Type: FAT32
Drive E: | 465,75 Gb Total Space | 83,90 Gb Free Space | 18,01% Space Free | Partition Type: NTFS
Drive F: | 186,30 Gb Total Space | 140,89 Gb Free Space | 75,63% Space Free | Partition Type: NTFS

Computer Name: PKNEW | User Name: petka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe" = E:\Program\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne -- (Electronic Arts Inc.)
"E:\Program\Spotify\spotify.exe" = E:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"E:\Program\Steam\Steam.exe" = E:\Program\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Program\THQ\Company of Heroes\RelicCOH.exe" = E:\Program\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"E:\Program\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = E:\Program\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"E:\Program\uTorrent\uTorrent.exe" = E:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program\Voddler\service\voddler.exe" = E:\Program\Voddler\service\voddler.exe:*:Enabled:Voddler -- (Voddler)
"E:\Games\World_of_Tanks\WOTLauncher.exe" = E:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher -- (Wargaming.net)
"E:\Games\World_of_Tanks\WorldOfTanks.exe" = E:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks -- (Wargaming.net)
"E:\Program\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe" = E:\Program\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe:*:Enabled:Warhammer® 40,000®: Dawn of War® II – Retribution™ -- (THQ Canada Inc.)
"E:\Program\Delade filer\Apple\Apple Application Support\WebKit2WebProcess.exe" = E:\Program\Delade filer\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"E:\Program\Steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = E:\Program\Steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe:*:Enabled:Call of Duty: Modern Warfare 3 - Multiplayer -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05D39184-D7E2-4D62-B8E1-69BFF71F5A1D}" = Windows Live Family Safety
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09C6A4C7-A2D2-1DD9-A81C-44C30042A00C}" = CCC Help Greek
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A173336-214D-0609-4897-5E2547D0395D}" = CCC Help Dutch
"{0BEC6C67-F087-4F7A-AF3A-2324C9A87A33}" = Voddler
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{12CEE8C7-8983-4FEC-A046-3FB4AE3A691C}" = Windows Live Sync
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1B9E212F-DFDC-F1D4-D1FD-986149513125}" = CCC Help Russian
"{1CAEFAE2-D12E-CA26-62BC-DF452004B3B1}" = CCC Help Swedish
"{1D9B2B74-82B1-9CE7-0A9A-6234008D11EE}" = CCC Help Polish
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{30C4509E-2124-4743-83E8-2EDCBD39D3F7}" = Windows Live Photo Gallery
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32939827-D8E5-470A-B126-870DB3C69FDF}" = Python 2.7.1
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{406AE7DC-5FD1-FC3A-00F5-024AD25DF01B}" = CCC Help Danish
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{49D70E70-23CB-4BE5-8A67-8770F6B1BB2F}" = Microsoft Carioca Rummy
"{4A742CBE-078E-03FF-C7D5-B3E1B676BDF2}" = CCC Help Czech
"{4B6DD00B-BC05-185B-BE8B-997A23B367C4}" = CCC Help Chinese Traditional
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{588C135F-0B15-4A02-8F2D-04697BE2904E}" = Icewind Dale II
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5F1AE198-965A-C65D-218A-B76F19B86BEC}" = CCC Help German
"{5F51441D-48C6-4308-9824-5D34211BB715}" = OpenOffice.org 3.3
"{5FEEB4D3-31F1-FF10-5F61-A988CD44CA59}" = CCC Help Hungarian
"{62FC357F-022B-4F90-9376-7A0DF9FBE7A1}" = Sonic Foundry Sound Forge 6.0
"{651CD0A0-8B64-B3F1-23B9-294C39F09A31}" = CCC Help Finnish
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77514C51-66D9-2F7C-56D8-5495B8CFAF5E}" = CCC Help French
"{77701BFD-3A86-34B0-A9EC-0D7440C6D8AF}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - SVE
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{792A669E-71A6-9210-2C06-3FCF0DDFC4C5}" = Catalyst Control Center Localization All
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D7152AF-581B-316F-8CA4-15342C3EFA4B}" = Microsoft .NET Framework 3.5 Language Pack SP1 - sve
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{860BD052-49CB-7220-8792-15523D08C2A2}" = CCC Help Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C93615B-5333-B61B-625E-0D4DCD9E09CA}" = CCC Help Norwegian
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}" = Microsoft .NET Framework 1.1 Swedish Language Pack
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBE7AA1-AFA8-4D76-8FC2-1FDFD9BD3371}" = Windows Live Mail
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2B41C5-919A-7037-F5E8-42A5E90873B8}" = Catalyst Control Center Graphics Previews Common
"{9D71329D-95A5-4297-8F79-DCDBD156420A}" = Windows Live Essentials
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6991E11-AF13-652B-5736-C8800EF5527B}" = Catalyst Control Center
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8771D31-A60E-473A-92D6-69B8ACF25D76}" = ASUS Smart Doctor
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA8CF3BD-6717-3B70-83BF-377426410A66}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - SVE
"{AC76BA86-7AD7-1053-7B44-A95000000001}" = Adobe Reader 9.5.0 - Svenska
"{ADD24D05-DDEA-39CB-0E92-AA371AEE2894}" = Catalyst Control Center InstallProxy
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2420CAA-ADC1-8581-938A-2B25C22EF17A}" = ccc-utility
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B713000F-FBE3-11D3-9D91-0050DA5C3DCF}" = YAMAHA XG SoftSynthesizer S-YXG50
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B81D9181-67D7-6A90-78EA-34108EBBCF7F}" = CCC Help Thai
"{BA314F9D-8401-1E44-11BF-F112E93F465E}" = CCC Help English
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}" = Battlestations: Pacific
"{BC61F51E-8AF7-46B9-AF20-B33B5EE81053}" = Nero 7 Essentials
"{BEB0B424-3692-E0DC-8D25-04A36C7AB580}" = CCC Help Portuguese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}" = AMD Catalyst Install Manager
"{C4574477-C9FA-CF5F-B5AC-D379D655A962}" = CCC Help Chinese Standard
"{C5288856-CAB4-432A-8CF2-CFCA60A0D36E}" = Mobile Broadband
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA4DD0F-0871-39EB-A48B-03BC9E5E437B}" = CCC Help Japanese
"{CD11704A-4B99-4666-8681-ADA43EC3B3FD}" = Huawei Driver Installation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2D36A7-3CDD-4782-B987-D1326C0B34B0}" = ASUS Utilities
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link Wireless N DWA-140
"{DE0C72A8-B4A3-4B80-3CF9-2DC45CF865D5}" = CCC Help Spanish
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5B2C34F-BEDE-5AF8-DBD3-C05E8C030588}" = CCC Help Italian
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.0.24
"{F0A6D1C4-7E73-963B-C4C6-C97121B1992B}" = CCC Help Turkish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F13225E2-6533-4923-A657-083A151E667E}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES
"ASRock InstantBoot_is1" = ASRock InstantBoot
"ASRock OC Tuner_is1" = ASRock OC Tuner
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bridge_Base_Online" = Bridge Base Online
"Call of Duty" = Call of Duty
"CBLight 2009" = CBLight 2009
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Company of Heroes" = Company of Heroes
"Curl RTE 8.0.0" = Curl RTE 8.0.0
"EA Download Manager" = EA Download Manager
"FLV Player" = FLV Player 2.0 (build 25)
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Homeworld2" = Homeworld2
"hp deskjet 5100 series_Driver" = hp deskjet 5100 series
"Icewind Dale" = Icewind Dale
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{A8771D31-A60E-473A-92D6-69B8ACF25D76}" = ASUS Smart Doctor
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - sve" = Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 11.0 (x86 sv-SE)" = Mozilla Firefox 11.0 (x86 sv-SE)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Red Alert 2" = Command & Conquer Red Alert 2
"Return to Castle Wolfenstein - Platinum Edition" = Return to Castle Wolfenstein - Platinum Edition
"Spotify" = Spotify
"ST6UNST #1" = Bridge Bidding Trainer V2.0 Basic Edition
"StarRuler" = Star Ruler
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"SwitchInTime_is1" = SwitchInTime
"The Rosetta Stone" = The Rosetta Stone
"TomTom HOME" = TomTom HOME 2.8.1.2218
"Ultima IX" = Ultima IX
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"xvid" = XviD MPEG-4 Video Codec
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1292428093-261478967-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2012-03-24 14:58:26 | Computer Name = PKNEW | Source = Windows Search Service | ID = 3024
Description = Det går inte att starta uppdateringen eftersom det inte går att komma
åt innehållskällorna. Korrigera felen och försök uppdatera igen. Kontext: program
, katalog SystemIndex

Error - 2012-03-24 15:59:55 | Computer Name = PKNEW | Source = Application Error | ID = 1000
Description = Felaktigt program iexplore.exe, version 8.0.6001.18702, felaktig modul
msvcrt.dll, version 7.0.2600.5512, felaktig adress 0x000372e3.

Error - 2012-03-24 16:01:32 | Computer Name = PKNEW | Source = Application Error | ID = 1001
Description = Fel-bucket 1192441763.

Error - 2012-03-24 16:09:07 | Computer Name = PKNEW | Source = Application Error | ID = 1000
Description = Felaktigt program ANIWZCSdS.exe, version 1.0.3.7034, felaktig modul
user32.dll, version 5.1.2600.5512, felaktig adress 0x00014acd.

Error - 2012-03-24 17:04:54 | Computer Name = PKNEW | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2012-03-25 13:38:18 | Computer Name = PKNEW | Source = Application Error | ID = 1000
Description = Felaktigt program ANIWZCSdS.exe, version 1.0.3.7034, felaktig modul
user32.dll, version 5.1.2600.5512, felaktig adress 0x00014acd.

Error - 2012-03-25 16:14:47 | Computer Name = PKNEW | Source = Application Error | ID = 1000
Description = Felaktigt program javara.exe, version 1.16.1.1763, felaktig modul
ntdll.dll, version 5.1.2600.6055, felaktig adress 0x0000100b.

Error - 2012-03-25 16:14:52 | Computer Name = PKNEW | Source = Application Error | ID = 1001
Description = Fel-bucket -1991232768.

Error - 2012-03-25 16:43:34 | Computer Name = PKNEW | Source = Windows Search Service | ID = 3100
Description = Det gick inte att initiera filtervärdprocessen. Avslutar. Information:
Otillräckliga
systemresurser för att kunna avsluta den begärda tjänsten. (0x800705aa)

Error - 2012-03-25 17:05:32 | Computer Name = PKNEW | Source = Application Hang | ID = 1002
Description = Stoppat program iexplore.exe, version 8.0.6001.18702, stoppad modul
hungapp, version 0.0.0.0, stoppad adress 0x00000000.

[ Application Events ]
Error - 2012-03-24 14:58:26 | Computer Name = PKNEW | Source = Windows Search Service | ID = 3024
Description = Det går inte att starta uppdateringen eftersom det inte går att komma
åt innehållskällorna. Korrigera felen och försök uppdatera igen. Kontext: program
, katalog SystemIndex

Error - 2012-03-24 15:59:55 | Computer Name = PKNEW | Source = Application Error | ID = 1000
Description = Felaktigt program iexplore.exe, version 8.0.6001.18702, felaktig modul
msvcrt.dll, version 7.0.2600.5512, felaktig adress 0x000372e3.

Error - 2012-03-24 16:01:32 | Computer Name = PKNEW | Source = Application Error | ID = 1001
Description = Fel-bucket 1192441763.

Error - 2012-03-24 16:09:07 | Computer Name = PKNEW | Source = Application Error | ID = 1000
Description = Felaktigt program ANIWZCSdS.exe, version 1.0.3.7034, felaktig modul
user32.dll, version 5.1.2600.5512, felaktig adress 0x00014acd.

Error - 2012-03-24 17:04:54 | Computer Name = PKNEW | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2012-03-25 13:38:18 | Computer Name = PKNEW | Source = Application Error | ID = 1000
Description = Felaktigt program ANIWZCSdS.exe, version 1.0.3.7034, felaktig modul
user32.dll, version 5.1.2600.5512, felaktig adress 0x00014acd.

Error - 2012-03-25 16:14:47 | Computer Name = PKNEW | Source = Application Error | ID = 1000
Description = Felaktigt program javara.exe, version 1.16.1.1763, felaktig modul
ntdll.dll, version 5.1.2600.6055, felaktig adress 0x0000100b.

Error - 2012-03-25 16:14:52 | Computer Name = PKNEW | Source = Application Error | ID = 1001
Description = Fel-bucket -1991232768.

Error - 2012-03-25 16:43:34 | Computer Name = PKNEW | Source = Windows Search Service | ID = 3100
Description = Det gick inte att initiera filtervärdprocessen. Avslutar. Information:
Otillräckliga
systemresurser för att kunna avsluta den begärda tjänsten. (0x800705aa)

Error - 2012-03-25 17:05:32 | Computer Name = PKNEW | Source = Application Hang | ID = 1002
Description = Stoppat program iexplore.exe, version 8.0.6001.18702, stoppad modul
hungapp, version 0.0.0.0, stoppad adress 0x00000000.

[ System Events ]
Error - 2012-03-27 20:03:09 | Computer Name = PKNEW | Source = Service Control Manager | ID = 7034
Description = Tjänsten Virtual Disk Service Manager avslutades oväntat. Detta har
skett 1 gånger.

Error - 2012-03-27 21:22:02 | Computer Name = PKNEW | Source = Service Control Manager | ID = 7000
Description = Tjänsten hpdj kunde inte startas på grund av följande fel: %%2

Error - 2012-03-27 21:22:02 | Computer Name = PKNEW | Source = Service Control Manager | ID = 7023
Description = Tjänsten Automatic Updates avbröts med följande fel: %%126

Error - 2012-03-27 21:22:18 | Computer Name = PKNEW | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: i8042prt Lbd

Error - 2012-03-27 21:22:27 | Computer Name = PKNEW | Source = Dhcp | ID = 1002
Description = IP-adresslånet 192.168.2.102 för det nätverkskort som har nätverksadressen
00265A0B354B har nekats av DHCP-servern 192.168.1.1 (DHCP-servern skickade ett DHCPNACK-meddelande).

Error - 2012-03-28 13:44:39 | Computer Name = PKNEW | Source = Service Control Manager | ID = 7000
Description = Tjänsten hpdj kunde inte startas på grund av följande fel: %%2

Error - 2012-03-28 13:44:41 | Computer Name = PKNEW | Source = Service Control Manager | ID = 7023
Description = Tjänsten Automatic Updates avbröts med följande fel: %%126

Error - 2012-03-28 13:44:49 | Computer Name = PKNEW | Source = Dhcp | ID = 1002
Description = IP-adresslånet 192.168.2.102 för det nätverkskort som har nätverksadressen
00265A0B354B har nekats av DHCP-servern 192.168.1.1 (DHCP-servern skickade ett DHCPNACK-meddelande).

Error - 2012-03-28 13:44:50 | Computer Name = PKNEW | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: i8042prt Lbd

Error - 2012-03-28 15:04:27 | Computer Name = PKNEW | Source = Dhcp | ID = 1002
Description = IP-adresslånet 192.168.2.102 för det nätverkskort som har nätverksadressen
00265A0B354B har nekats av DHCP-servern 192.168.1.1 (DHCP-servern skickade ett DHCPNACK-meddelande).


< End of report >

 

[Broni]

Thank you for all info

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Auto | Stopped] -- E:\DOCUME~1\PETKA~1.PKN\LOKALA~1\Temp\hpdj.exe -- (hpdj)
  DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\80czzt43.sys -- (80czzt43.sys)
  O3 - HKU\S-1-5-21-1292428093-261478967-839522115-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
  O4 - HKU\.DEFAULT..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
  O4 - HKU\.DEFAULT..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
  O4 - HKU\S-1-5-18..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
  O4 - HKU\S-1-5-18..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
  O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...0C/wmv9dmo.cab (Reg Error: Key error.)
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[petka]

OTL problem

I tried it earlier today.

It just stood at "killing processes". I gave it 30 minutes.

I'll try again later.

 

[petka]

II need some tips so I know if it is working properly, do you think you could help out?
How long should I wait for something to happen when I run OTL?

Errata:
the msnmgr service or whatever its name is (that opened the windows live login) no longer starts when I log in, which I am happy about. Just FYI.
the mouse and keyboard are alive when I run OTL, but they do not seem to interact with the desktop as far as I can see.

 

[petka]

I gave OTL another go.

I had my earphones on, and when I clicked the Run Fix button there was a bling-blong from windows that I usually associate with something that pops up a dialogue box (something going wrong). Unfortunately my keyboard and mouse do not interact with the desktop, and there is no activity going on, so for all purposes it is hung and I cannopt see if there is any dialogue window active.

The keyboard is still active, I can activate numlock etc, but the windows key for instance does not produce any reaction. I can also move my mouse pointer around, but that's it.

 

[Broni]

Run OTL fix from safe mode.

 

[petka]

so, start PC in safe mode and then otl?

 

[petka]

OTL fix log

Safe mode worked fine. Thx!


OTL:

All processes killed
========== OTL ==========
Service hpdj stopped successfully!
Service hpdj deleted successfully!
File E:\DOCUME~1\PETKA~1.PKN\LOKALA~1\Temp\hpdj.exe not found.
Service 80czzt43.sys stopped successfully!
Service 80czzt43.sys deleted successfully!
File E:\WINDOWS\system32\drivers\80czzt43.sys not found.
Registry value HKEY_USERS\S-1-5-21-1292428093-261478967-839522115-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp_XP deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp_XP not found.
Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71}
E:\WINDOWS\Downloaded Program Files\wmv9dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administratör
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Katarina
->Temp folder emptied: 103183595 bytes
->Temporary Internet Files folder emptied: 2875499210 bytes
->Java cache emptied: 117506 bytes
->FireFox cache emptied: 2304867 bytes
->Google Chrome cache emptied: 41719075 bytes
->Flash cache emptied: 270178 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: petka

User: petka.PKNEW
->Temp folder emptied: 708835 bytes
->Temporary Internet Files folder emptied: 22403298 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72660741 bytes
->Flash cache emptied: 2933748 bytes

User: PETKA~1

User: PETKA~1~PKN

User: sofia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2230024 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 3202 bytes

User: TEMP
->Temp folder emptied: 396 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1233410 bytes
%systemroot%\System32 .tmp files removed: 2578 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19394 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2*982,00 mb


[EMPTYJAVA]

User: Administratör

User: All Users

User: Default User

User: Katarina
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: petka

User: petka.PKNEW
->Java cache emptied: 0 bytes

User: PETKA~1

User: PETKA~1~PKN

User: sofia
->Java cache emptied: 0 bytes

User: TEMP

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Administratör

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Katarina
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: petka

User: petka.PKNEW
->Flash cache emptied: 0 bytes

User: PETKA~1

User: PETKA~1~PKN

User: sofia
->Flash cache emptied: 0 bytes

User: TEMP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03302012_020835

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



i will move on to the final scans as per your instructions.

 

[petka]

Security Check

Security Check:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
Adobe Flash Player 11.1.102.62
Mozilla Firefox (x86 sv-SE..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

 

[petka]

Farbar

Farbar Service Scanner:


Farbar Service Scanner Version: 01-03-2012
Ran by petka (administrator) on 30-03-2012 at 02:25:37
Running from "E:\Documents and Settings\petka.PKNEW\Skrivbord"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


File Check:
========
E:\WINDOWS\system32\dhcpcsvc.dll
[2003-04-24 14:00] - [2008-04-14 18:04] - 0126464 ____A (Microsoft Corporation) 0CE3FA1C1A6803B34022D6C47273930D

E:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
E:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
E:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
E:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
E:\WINDOWS\system32\dnsrslvr.dll
[2003-04-24 14:00] - [2009-04-20 19:20] - 0045568 ____A (Microsoft Corporation) EFAC4D4C80CCD725CC5BD7D3DBF18C74

E:\WINDOWS\system32\ipnathlp.dll
[2003-04-24 14:00] - [2008-04-14 18:04] - 0330752 ____A (Microsoft Corporation) 30E1A46734BDF836C8770949C86B42A4

E:\WINDOWS\system32\netman.dll
[2009-06-30 00:19] - [2008-04-14 18:04] - 0198144 ____A (Microsoft Corporation) 7F791C1C9D3FEC5D3F519C9DB19465D3

E:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-06-28 22:45] - [2008-04-14 18:04] - 0145408 ____A (Microsoft Corporation) CF4E2A27495F7EA6B3128D9A731B3716

E:\WINDOWS\system32\srsvc.dll
[2009-06-28 22:46] - [2008-04-14 18:04] - 0171008 ____A (Microsoft Corporation) 25EDB60132F9D82CB1B7961C1D0D13F2

E:\WINDOWS\system32\Drivers\sr.sys
[2009-06-28 22:46] - [2008-04-14 17:45] - 0073344 ____A (Microsoft Corporation) 1193EF00869F6367367E6E7CB96BE325

E:\WINDOWS\system32\wscsvc.dll
[2004-08-04 10:34] - [2008-04-14 18:04] - 0080896 ____A (Microsoft Corporation) 4AC32513FA47C8219448269BF895FC34

E:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-06-28 22:45] - [2008-04-14 18:04] - 0145408 ____A (Microsoft Corporation) CF4E2A27495F7EA6B3128D9A731B3716

E:\WINDOWS\system32\wuauserv.dll
[2009-06-28 22:45] - [2008-04-14 18:04] - 0006656 ____A (Microsoft Corporation) 4CEAF29D35C2608C6463E80574DDCA10

E:\WINDOWS\system32\qmgr.dll
[2009-06-28 22:46] - [2008-04-14 18:04] - 0409088 ____A (Microsoft Corporation) 9741942A86E579231D3C41AA51DE042F

E:\WINDOWS\system32\es.dll
[2009-06-30 00:19] - [2008-07-07 22:29] - 0253952 ____A (Microsoft Corporation) 01CEC6DE315F1A06CE5AA70009C6979E

E:\WINDOWS\system32\cryptsvc.dll
[2003-04-24 14:00] - [2008-04-14 18:04] - 0062464 ____A (Microsoft Corporation) 04FD6585508A7320B2C7453CED231D6B

E:\WINDOWS\system32\svchost.exe
[2003-04-24 14:00] - [2008-04-14 18:05] - 0014336 ____A (Microsoft Corporation) 6CCEF19D7301D9861F90E299C798AD3F

E:\WINDOWS\system32\rpcss.dll
[2009-06-30 00:19] - [2009-02-09 12:56] - 0401408 ____A (Microsoft Corporation) 87DADC3F6E6CD5AAEB913E19CBFF922C

E:\WINDOWS\system32\services.exe
[2003-04-24 14:00] - [2009-02-09 13:27] - 0110592 ____A (Microsoft Corporation) 8870B0C4A094C1CE80CEA6F85FA38FF2


Extra List:
=======
fssfltr(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0C0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

 

[Broni]

Good
Go on.....

 

[petka]

TFC hung in same way as OTL, whille killing processes.

Safe mode?

 

[Broni]

Yes........

 

[petka]

Careful

I am perhaps overly careful, but I don't want to mess anything up after having been a good boy and followed all instructions carefully

So unless you say "safe mode", I'm not going to do anything....

Rebooting back to normal, output forthcoming.

 

[petka]

TFC output

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: Administratör
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Katarina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: petka

User: petka.PKNEW
->Temp folder emptied: 3263703 bytes
->Temporary Internet Files folder emptied: 328747 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19192477 bytes
->Flash cache emptied: 689 bytes

User: PETKA~1

User: PETKA~1~PKN

User: sofia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1031 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 22,00 mb