Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Går ej köra combofix mfl. pga Internetsäkerhet.

Sabelström

Startad av Sabelström,
i Virus, skadliga program & botemedel

Rekommendera Poster

Sabelström

Sabelström

Postad
Postad

Operativ: Windows 7 64

 

Hade en bunt virus på datorn. Körde SUPERAntiSpyware, Malwarebytes Anti-Malware, Spybot SD och Avira Antivir några gånger för att få bort det mästa, sen även rkill. Sen försökte jag köra CCleaner, SmitfraudFix, ComboFix och HijackThis, endast HijackThis kunde starta.

 

Kollade även över vissa av felen från Spybot som inte försvann, fick bort alla manuellt utan en smitfraud.

 

När jag försökte starta dom andra så får jag felet:

 

Det går inte öppna de här filerna

 

En eller flera kunde inte öppnas på grund av inställningarna för internetsäkerhet

 

Körde sen alla i felsäkert läge, då funkade ccleaner med.

 

Fick bort smitfrauden med spybot i failsafe läge.

 

Så nu hittas det inget mer med dom programmen.

 

Sparade logg från HijackThis och Malwarebytes Anti-Malware från failsafe läge.

 

Skickar även med en logg från normalläge till HijackThis.

 

Har även märkt Avira Antivir inte startar automatiskt längre.

 

Kan tillägga att jag måste köra HijackThis som admin annars klagar han på någon host fil.

 

Ser även att ramar och sånt har försvunnit från aktivitetshanteraren så bara processer syns.

 

HjiackThis Failsafe

[log]Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:30:45, on 2010-10-23

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Safe mode

 

Running processes:

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: CurseClientStartup.ccip

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files (x86)\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab'>http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab'>http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab'>http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab'>http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: PortWise Add IP Helper (addiphelper) - PortWise - C:\Program Files (x86)\PortWise\Access Client\AddIpHelper.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8848 bytes

[/log]

 

Malwarebytes' Anti-Malware Failsafe

[log]Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4922

 

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

 

2010-10-23 20:04:04

mbam-log-2010-10-23 (20-04-04).txt

 

Skanningstyp: Fullständig skanning (C:\|)

Antal skannade objekt: 306044

Förfluten tid: 1 timme(ar), 52 minut(er), 47 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

HijackThis Normalläge

[log]Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:55:32, on 2010-10-23

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

 

Running processes:

C:\Windows\vsnpstd3.exe

C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: CurseClientStartup.ccip

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files (x86)\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: PortWise Add IP Helper (addiphelper) - PortWise - C:\Program Files (x86)\PortWise\Access Client\AddIpHelper.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9156 bytes

[/log]

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Ta bort SmitfraudFix och ComboFix. Inget av dem fungerar med 64-bitars Windows och SmitfraudFix har inte uppdaterats på väldigt länge och är därför väldigt inaktuellt dessutom.

 

HijackThis fungerar inte särskilt bra ihop med 64-bitars Windows eftersom det då ger en massa felaktiga (file missing).

 

RKill tar inte bort några skadliga filer utan är bara till för att tillfälligt stoppa program så att rensningsprogrammen får köra i lugn och ro.

 

I stället för loggar som inte visar något är jag ju intresserad av att veta vad som har hittats i datorn, dvs loggar från de program som har hittat något.

Länk till kommentar
Dela på andra webbplatser
Sabelström

Sabelström

Postad
  • Trådskapare
Postad

Hittar igen logg från Spybot förutom dom två senaste då det är rent och hittar bara den senaste från Avira och den är ren körd i felsäkert läge, men enligt reports fliken så har den hittat 21 virus i dag.

 

Första körningen

 

[log]Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4922

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

2010-10-23 14:05:47

mbam-log-2010-10-23 (14-05-47).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 332978

Förfluten tid: 2 timme(ar), 51 minut(er), 36 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 1

Infekterade registernycklar: 5

Infekterade registervärden: 5

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 26

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

C:\Windows\System32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb6326 (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd2792 (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga4289 (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc6978 (Rootkit.TDSS) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Windows\System32\sshnas21.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5F4R6E4R\gtovqub[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXMOB64R\gtovqub[3].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\sshnas21.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhb.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhc.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhe.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhf.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhg.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhh.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhi.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhj.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhk.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhl.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhm.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhn.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vho.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\Vhq.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Windows\Vzugya.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Windows\System32\sshnas21.dll_old (Rootkit.TDSS) -> Delete on reboot.

C:\Windows\SysWOW64\sshnas21.dll_old (Rootkit.TDSS) -> Delete on reboot.

C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Local\Temp\0.05137573552610997.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Hanna\AppData\Roaming\dsfsds.bat (Malware.Trace) -> Quarantined and deleted successfully.

[/log]

 

[log]SUPERAntiSpyware Scan Log

http://www.superantispyware.com'>http://www.superantispyware.com

 

Generated 10/23/2010 at 02:15 PM

 

Application Version : 4.43.1000

 

Core Rules Database Version : 5738

Trace Rules Database Version: 3550

 

Scan type : Complete Scan

Total Scan Time : 03:47:39

 

Memory items scanned : 549

Memory threats detected : 0

Registry items scanned : 13937

Registry threats detected : 1

File items scanned : 177460

File threats detected : 47

 

Adware.Tracking Cookie

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@imrworldwide[2].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@vidasco.rotator.hadj7.adjuggler[1].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@track.adform[1].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@content.yieldmanager[3].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@myroitracking[1].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@adtech[1].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@content.yieldmanager[2].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@opti.inextmedia[2].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@adserver.adtechus[2].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@ad.yieldmanager[1].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@clicksor[2].txt

C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Cookies\hanna@harrenmedianetwork[1].txt

serving-sys.com [ C:\Users\Smilla\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\83APGANB ]

 

Malware.Trace

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

(x86) HKU\S-1-5-21-3006390198-432352663-4072585696-1001\SOFTWARE\XML

 

Trojan.Agent/Gen-HomSec

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHJ.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHG.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHN.EXE

C:\Windows\Prefetch\VHG.EXE-2A53B700.pf

C:\Windows\Prefetch\VHJ.EXE-6454E68F.pf

C:\Windows\Prefetch\VHN.EXE-B1ABD0A3.pf

 

Trojan.Agent/Gen-VTSec

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHB.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHE.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHH.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHL.EXE

C:\Windows\Prefetch\VHB.EXE-C9A71267.pf

C:\Windows\Prefetch\VHE.EXE-03A841F6.pf

C:\Windows\Prefetch\VHH.EXE-3DA97185.pf

C:\Windows\Prefetch\VHL.EXE-8B005B99.pf

 

Trojan.Agent/Gen

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHC.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHF.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHI.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHM.EXE

C:\WINDOWS\VZUGYA.EXE

C:\Windows\Prefetch\VHC.EXE-DCFCCCEC.pf

C:\Windows\Prefetch\VHF.EXE-16FDFC7B.pf

C:\Windows\Prefetch\VHI.EXE-50FF2C0A.pf

C:\Windows\Prefetch\VHM.EXE-9E56161E.pf

C:\Windows\Prefetch\VZUGYA.EXE-1F140F28.pf

 

Trojan.Agent/Gen-Fraudera

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHK.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHO.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHP.EXE

C:\USERS\HANNA\APPDATA\LOCAL\TEMP\VHQ.EXE

C:\Windows\Prefetch\VHK.EXE-77AAA114.pf

C:\Windows\Prefetch\VHO.EXE-C5018B28.pf

C:\Windows\Prefetch\VHP.EXE-D85745AD.pf

C:\Windows\Prefetch\VHQ.EXE-EBAD0032.pf

 

Trojan.Agent/Gen-DecSec

C:\WINDOWS\SYSWOW64\SSHNAS21.DLL_OLD

[/log]

 

Andra körningen

 

Var rent enligt andra loggen i Malwarebytes.

 

[log]UPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 10/23/2010 at 06:06 PM

 

Application Version : 4.43.1000

 

Core Rules Database Version : 5738

Trace Rules Database Version: 3550

 

Scan type : Complete Scan

Total Scan Time : 03:36:52

 

Memory items scanned : 564

Memory threats detected : 0

Registry items scanned : 13936

Registry threats detected : 0

File items scanned : 161237

File threats detected : 1

 

Adware.Tracking Cookie

serving-sys.com [ C:\Users\Smilla\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\83APGANB ]

[/log]

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Rootkit är ofta besvärliga att få bort om de har bitit sig fast ordentligt. Du får pröva några olika program för jag vet inte vilka antirootkit-program som fungerar i 64-bitars Windows.

 

1.

Men först ett översiktsprogram. Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Under Standard Registry välj All.

 

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna, och att det fortfarande är lika många rader):

%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

 

Bocka för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

 

2.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

 

Klicka på Start Scan.

 

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

 

3.

Spara Gmer på Skrivbordet från:

http://www2.gmer.net/download.php

Den har ett slumpmässigt namn så notera vad programmet sparas som.

 

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta det nedladdade programmet.

En första snabbskanning startar.

Om det kommer upp en WARNING som nämner ROOTKIT och frågar om "fully scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

 

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom IAT/EAT, Show All och andra partitioner än C:\. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på och det kan ta några timmar.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.

 

4.

Spara Rootkit Unhooker på skrivbordet.

http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE

 

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

 

Dubbelklicka på Rootkit Unhooker för att starta det (i Vista och Windows 7 högerklicka och välj Kör som administratör).

Välj fliken Report och klicka på Scan

Bocka för Drivers, Stealth, Files och Code Hooks, men avbocka de andra valen.

Tryck på OK

Vänta tills skannern är klar och då väljer du File - Save Report. Spara rapporten på Skrivbordet eller på något annat ställe där du hittar igen den. Klicka på Close

 

Öppna den sparade rapporten i Anteckningar. Klistra in innehållet i ditt svar.

 

Observera att om det kommer upp en varning "Rootkit Unhooker has detected a parasite..." så ignorera den bara.

Länk till kommentar
Dela på andra webbplatser
Sabelström

Sabelström

Postad
  • Trådskapare
Postad

Log och extrafil OTL

 

[log]OTL logfile created on: 2010-10-24 12:23:12 - Run 1

OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Hanna\Desktop\NERLADDAT

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 48,73 Gb Total Space | 14,61 Gb Free Space | 29,99% Space Free | Partition Type: NTFS

Drive D: | 137,47 Gb Total Space | 5,44 Gb Free Space | 3,96% Space Free | Partition Type: NTFS

 

Computer Name: HANNAS | User Name: Hanna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Hanna\Desktop\NERLADDAT\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Hanna\Desktop\NERLADDAT\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (getPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (addiphelper) -- C:\Program Files (x86)\PortWise\Access Client\AddIpHelper.exe (PortWise)

SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys File not found

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (waclient) -- C:\Windows\SysNative\drivers\waclient.sys (PortWise)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1029unic.sys (MCCI Corporation)

DRV:64bit: - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1029mgmt.sys (MCCI Corporation)

DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\drivers\s1029obex.sys (MCCI Corporation)

DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\drivers\s1029mdm.sys (MCCI Corporation)

DRV:64bit: - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1029nd5.sys (MCCI Corporation)

DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\drivers\s1029mdfl.sys (MCCI Corporation)

DRV:64bit: - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\SysNative\drivers\s1029bus.sys (MCCI Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Tdsshbecr) -- C:\Windows\SysNative\drivers\shbecr.sys (Todos Data System AB)

DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV - (waclient) -- C:\Windows\SysWOW64\drivers\waclient.sys (PortWise)

DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 C5 7A 4D BD 72 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.se"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: {258735dc-6743-4805-95fc-f95941fffdad}:1.3.6

FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-21 16:57:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-21 16:57:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

[2010-05-20 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions

[2010-01-30 20:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010-05-20 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com

[2010-10-23 14:50:23 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] (Flash Game Maximizer) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{258735dc-6743-4805-95fc-f95941fffdad}

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

[2010-02-01 19:22:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\staged-xpis

[2010-01-30 20:54:07 | 000,002,055 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Mozilla\FireFox\Profiles\jrx9sbih.default\searchplugins\daemon-search.xml

[2010-09-21 23:38:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010-10-21 16:57:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010-02-02 00:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010-10-21 16:57:05 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll

[2010-10-21 16:57:05 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll

[2010-02-02 00:32:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll

[2010-10-21 16:57:08 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll

[2006-10-26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL

[2010-08-13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[2010-04-16 20:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll

[2010-10-02 09:29:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll

[2010-10-02 09:29:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll

[2010-04-16 20:00:00 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll

[2010-01-25 11:02:20 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll

[2010-04-03 21:17:08 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2010-04-03 21:17:08 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

[2010-04-03 21:17:08 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2010-04-03 21:17:08 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2010-04-03 21:17:08 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2010-04-03 21:17:08 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2010-04-03 21:17:08 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2010-10-24 00:54:15 | 000,421,699 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14539 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O4:64bit: - HKLM..\Run: [fssui] C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{85570d65-0dd8-11df-96a5-002354c169a5}\Shell - "" = AutoRun

O33 - MountPoints2\{85570d65-0dd8-11df-96a5-002354c169a5}\Shell\AutoRun\command - "" = G:\Installer.exe -- File not found

O33 - MountPoints2\{e376d1f0-16b3-11df-9221-002354c169a5}\Shell - "" = AutoRun

O33 - MountPoints2\{e376d1f0-16b3-11df-9221-002354c169a5}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-10-24 12:17:45 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hanna\Desktop\TDSSKiller.exe

[2010-10-23 18:12:51 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010-10-23 17:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010-10-23 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro

[2010-10-23 09:28:27 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA

[2010-10-23 09:16:45 | 000,499,712 | ---- | C] (Simply the worst) -- C:\Windows\SysWow64\0.6849983715577207.exe

[2010-10-21 19:10:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2010-10-21 19:10:29 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2010-10-21 19:10:27 | 001,833,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe

[2010-10-21 19:10:27 | 001,371,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd64.exe

[2010-10-21 19:10:27 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2010-10-21 19:10:27 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2010-10-21 19:10:27 | 000,368,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2010-10-21 19:10:27 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2010-10-21 19:10:27 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2010-10-21 19:10:27 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2010-10-21 19:10:26 | 000,882,208 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2010-10-21 19:10:26 | 000,605,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2010-10-21 19:10:26 | 000,049,184 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll

[2010-10-21 19:10:25 | 006,455,840 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe

[2010-10-21 19:10:25 | 000,245,248 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2010-10-21 19:10:24 | 000,160,768 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll

[2010-10-21 19:10:17 | 000,528,384 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2010-10-21 17:38:13 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2010-10-21 17:04:53 | 020,280,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2010-10-21 17:04:53 | 005,399,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2010-10-21 17:04:53 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010-10-21 17:04:53 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010-10-21 17:04:52 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2010-10-21 17:04:52 | 010,021,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2010-10-21 17:04:52 | 006,470,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2010-10-21 17:04:52 | 004,836,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2010-10-21 17:04:52 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2010-10-21 17:04:52 | 002,934,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2010-10-21 17:04:52 | 002,911,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2010-10-21 17:04:52 | 002,666,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2010-10-21 17:04:52 | 001,500,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll

[2010-10-21 17:04:52 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll

[2010-10-21 17:04:51 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2010-10-21 17:04:51 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2010-10-21 17:04:51 | 001,718,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2010-10-21 17:04:51 | 000,386,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll

[2010-10-21 17:04:51 | 000,318,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll

[2010-10-21 17:04:51 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[2010-10-21 16:32:37 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Apps

[2010-10-21 16:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Deployment

[2010-10-21 16:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS

[2010-10-21 15:49:47 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys

[2010-10-21 15:49:42 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Roaming\Download Manager

[2010-10-21 15:48:20 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Program Files (x86)

[2010-10-21 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Windows Live

[2010-10-21 15:40:54 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2010-10-21 15:40:54 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2010-10-21 15:40:54 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2010-10-21 15:40:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll

[2010-10-21 15:40:54 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2010-10-21 15:40:53 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll

[2010-10-21 15:40:53 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2010-10-21 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2010-10-14 15:28:29 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2010-10-14 15:28:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2010-10-14 15:28:28 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2010-10-14 15:28:28 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2010-10-14 15:28:27 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2010-10-14 15:28:26 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2010-10-14 15:28:23 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2010-10-14 15:28:20 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2010-10-14 15:28:20 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2010-10-14 15:28:13 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010-10-14 15:28:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010-10-14 15:28:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2010-10-14 15:28:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2010-10-14 15:28:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2010-10-14 15:28:11 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2010-10-14 15:28:11 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2010-10-14 15:28:11 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010-10-14 15:28:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010-10-14 15:28:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010-10-14 15:28:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010-10-14 15:28:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010-10-14 15:28:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010-10-14 15:28:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2010-10-14 15:28:07 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2010-10-14 15:28:06 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2010-10-14 15:28:04 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2010-10-14 15:28:04 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2010-10-14 15:28:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2010-10-11 09:32:01 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server

[2010-10-10 20:41:37 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2010-10-10 20:41:37 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2010-10-10 20:41:37 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2010-10-10 20:41:37 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2010-10-10 20:41:36 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2010-10-10 20:41:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2010-10-10 20:07:01 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Diagnostics

[2010-10-10 10:15:39 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\My Games

[2010-10-08 02:22:00 | 005,891,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2010-10-08 02:21:18 | 002,590,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2010-10-08 02:20:30 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2010-10-08 02:20:26 | 001,881,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2010-10-04 11:49:34 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\dark crystal

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010-10-02 09:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010-10-02 09:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010-10-02 09:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010-09-27 09:40:37 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Documents\simpsons

[2010-07-13 20:29:11 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeDC68.dll

[2007-03-12 12:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

 

========== Files - Modified Within 30 Days ==========

 

[2010-10-24 11:45:00 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3006390198-432352663-4072585696-1004UA.job

[2010-10-24 11:21:31 | 000,017,055 | ---- | M] () -- C:\Users\Hanna\Desktop\Banta.xlsx

[2010-10-24 11:05:48 | 000,000,628 | RHS- | M] () -- C:\Users\Hanna\ntuser.pol

[2010-10-24 10:54:21 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-10-24 10:54:21 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-10-24 10:45:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-10-24 10:45:30 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys

[2010-10-24 04:45:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3006390198-432352663-4072585696-1004Core.job

[2010-10-24 00:54:15 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010-10-24 00:52:01 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101024-005415.backup

[2010-10-23 18:41:25 | 000,000,583 | ---- | M] () -- C:\Windows\wininit.ini

[2010-10-23 18:02:37 | 001,474,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-10-23 18:02:37 | 000,628,634 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2010-10-23 18:02:37 | 000,619,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-10-23 18:02:37 | 000,125,288 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2010-10-23 18:02:37 | 000,107,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-10-23 09:16:45 | 000,499,712 | ---- | M] (Simply the worst) -- C:\Windows\SysWow64\0.6849983715577207.exe

[2010-10-22 18:49:17 | 003,775,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010-10-22 18:45:29 | 000,010,745 | ---- | M] () -- C:\Users\Hanna\Documents\Ella smilla.docx

[2010-10-22 17:27:30 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2010-10-21 19:10:29 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2010-10-21 18:09:46 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2010-10-21 17:08:57 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2010-10-21 16:33:33 | 000,000,000 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010-10-19 09:11:48 | 000,014,503 | ---- | M] () -- C:\Users\Hanna\Desktop\yyyyy.php

[2010-10-19 09:11:22 | 000,014,503 | ---- | M] () -- C:\Users\Hanna\Desktop\disimage.php

[2010-10-19 09:10:26 | 000,066,898 | ---- | M] () -- C:\Users\Hanna\Desktop\hot_pink_main_003.jpg

[2010-10-18 22:20:50 | 000,053,845 | ---- | M] () -- C:\Users\Hanna\Desktop\remodellering-av-anatomin.jpg

[2010-10-18 22:13:02 | 000,026,070 | ---- | M] () -- C:\Users\Hanna\Desktop\Mobiluppladdningar-Dotty.jpg

[2010-10-18 13:52:29 | 000,171,214 | ---- | M] () -- C:\Users\Hanna\HUJEDAMEJ.docx

[2010-10-17 18:04:45 | 000,060,101 | ---- | M] () -- C:\Users\Hanna\RECEPT.docx

[2010-10-16 15:56:42 | 000,140,383 | ---- | M] () -- C:\Users\Hanna\Desktop\bakverk.JPG

[2010-10-15 10:04:22 | 000,002,596 | ---- | M] () -- C:\Users\Hanna\Desktop\url.htm

[2010-10-11 14:56:19 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101024-005201.backup

[2010-10-11 14:52:28 | 000,001,985 | ---- | M] () -- C:\Users\Hanna\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk

[2010-10-10 01:48:44 | 000,010,459 | ---- | M] () -- C:\Users\Hanna\S L.docx

[2010-10-09 14:33:10 | 000,691,470 | ---- | M] () -- C:\Users\Hanna\Desktop\betty boop.jpg

[2010-10-08 15:42:42 | 000,019,968 | ---- | M] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-10-08 10:47:00 | 020,280,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2010-10-08 10:47:00 | 018,597,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2010-10-08 10:47:00 | 014,899,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2010-10-08 10:47:00 | 013,019,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2010-10-08 10:47:00 | 012,787,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2010-10-08 10:47:00 | 010,021,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2010-10-08 10:47:00 | 007,428,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2010-10-08 10:47:00 | 006,470,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2010-10-08 10:47:00 | 005,399,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2010-10-08 10:47:00 | 004,836,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2010-10-08 10:47:00 | 003,112,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2010-10-08 10:47:00 | 002,934,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2010-10-08 10:47:00 | 002,911,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2010-10-08 10:47:00 | 002,666,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2010-10-08 10:47:00 | 002,159,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll

[2010-10-08 10:47:00 | 001,718,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2010-10-08 10:47:00 | 001,500,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll

[2010-10-08 10:47:00 | 001,308,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll

[2010-10-08 10:47:00 | 000,386,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll

[2010-10-08 10:47:00 | 000,318,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll

[2010-10-08 10:47:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010-10-08 10:47:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010-10-08 10:47:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[2010-10-08 10:47:00 | 000,007,261 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2010-10-08 02:22:00 | 005,891,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2010-10-08 02:21:18 | 002,590,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2010-10-08 02:20:30 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2010-10-08 02:20:26 | 001,881,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2010-10-04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hanna\Desktop\TDSSKiller.exe

[2010-10-02 09:31:58 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010-10-01 10:01:12 | 000,010,453 | ---- | M] () -- C:\Users\Hanna\Documents\lexa2.docx

[2010-09-29 19:59:53 | 000,011,955 | ---- | M] () -- C:\Users\Hanna\Documents\lambdamätning.docx

[2010-09-27 21:06:08 | 000,180,554 | ---- | M] () -- C:\Users\Hanna\Desktop\Duvebo.docx

[2010-09-27 20:44:27 | 000,675,170 | ---- | M] () -- C:\Users\Hanna\Desktop\Dok2.docx

[2010-09-26 21:50:48 | 000,047,853 | ---- | M] () -- C:\Users\Hanna\Desktop\40053_142113612487312_100000660215529_260547_5423566_n.jpg

[2010-09-26 20:18:23 | 000,000,035 | ---- | M] () -- C:\Windows\A5W.INI

[2010-09-26 20:12:23 | 000,008,801 | ---- | M] () -- C:\Windows\Run32A50.mch

[2010-09-24 14:23:04 | 000,027,389 | ---- | M] () -- C:\Users\Hanna\Desktop\61853_435892301772_679676772_5374518_6468649_n.jpg

 

========== Files Created - No Company Name ==========

 

[2010-10-23 11:12:05 | 000,000,583 | ---- | C] () -- C:\Windows\wininit.ini

[2010-10-22 18:45:27 | 000,010,745 | ---- | C] () -- C:\Users\Hanna\Documents\Ella smilla.docx

[2010-10-21 19:11:02 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss

[2010-10-21 19:10:26 | 000,672,800 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll

[2010-10-21 16:33:33 | 000,000,000 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010-10-21 16:16:18 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2010-10-21 16:16:16 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2010-10-21 16:16:16 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2010-10-19 09:11:48 | 000,014,503 | ---- | C] () -- C:\Users\Hanna\Desktop\yyyyy.php

[2010-10-19 09:10:55 | 000,014,503 | ---- | C] () -- C:\Users\Hanna\Desktop\disimage.php

[2010-10-19 09:10:19 | 000,066,898 | ---- | C] () -- C:\Users\Hanna\Desktop\hot_pink_main_003.jpg

[2010-10-18 22:20:50 | 000,053,845 | ---- | C] () -- C:\Users\Hanna\Desktop\remodellering-av-anatomin.jpg

[2010-10-18 22:12:59 | 000,026,070 | ---- | C] () -- C:\Users\Hanna\Desktop\Mobiluppladdningar-Dotty.jpg

[2010-10-18 13:52:28 | 000,171,214 | ---- | C] () -- C:\Users\Hanna\HUJEDAMEJ.docx

[2010-10-17 18:04:42 | 000,060,101 | ---- | C] () -- C:\Users\Hanna\RECEPT.docx

[2010-10-16 15:56:41 | 000,140,383 | ---- | C] () -- C:\Users\Hanna\Desktop\bakverk.JPG

[2010-10-15 10:04:20 | 000,002,596 | ---- | C] () -- C:\Users\Hanna\Desktop\url.htm

[2010-10-10 01:48:42 | 000,010,459 | ---- | C] () -- C:\Users\Hanna\S L.docx

[2010-10-09 14:33:08 | 000,691,470 | ---- | C] () -- C:\Users\Hanna\Desktop\betty boop.jpg

[2010-10-02 09:31:58 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010-10-01 10:01:11 | 000,010,453 | ---- | C] () -- C:\Users\Hanna\Documents\lexa2.docx

[2010-09-29 19:45:37 | 000,011,955 | ---- | C] () -- C:\Users\Hanna\Documents\lambdamätning.docx

[2010-09-27 20:58:53 | 000,180,554 | ---- | C] () -- C:\Users\Hanna\Desktop\Duvebo.docx

[2010-09-27 20:44:26 | 000,675,170 | ---- | C] () -- C:\Users\Hanna\Desktop\Dok2.docx

[2010-09-26 21:50:46 | 000,047,853 | ---- | C] () -- C:\Users\Hanna\Desktop\40053_142113612487312_100000660215529_260547_5423566_n.jpg

[2010-09-26 19:25:33 | 000,017,055 | ---- | C] () -- C:\Users\Hanna\Desktop\Banta.xlsx

[2010-09-25 08:55:41 | 000,001,985 | ---- | C] () -- C:\Users\Hanna\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk

[2010-09-24 14:23:04 | 000,027,389 | ---- | C] () -- C:\Users\Hanna\Desktop\61853_435892301772_679676772_5374518_6468649_n.jpg

[2010-08-31 16:47:12 | 007,261,130 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Katy Perry - Teenage Dream.zip

[2010-08-21 12:43:24 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI

[2010-05-19 13:18:04 | 000,016,384 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Windowz.exe

[2010-05-02 11:07:16 | 000,019,968 | ---- | C] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-22 19:00:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010-04-22 19:00:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010-04-22 18:59:56 | 003,297,280 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2010-04-22 18:59:50 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010-04-22 18:59:50 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010-04-22 18:59:46 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2010-04-22 18:59:33 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010-02-04 20:41:33 | 000,022,025 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Kommaavgränsade värden (DOS).ADR

[2010-02-03 17:50:46 | 000,022,029 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Kommaavgränsade värden (Windows).ADR

[2010-02-02 12:28:41 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll

[2010-02-02 12:16:15 | 000,000,048 | ---- | C] () -- C:\Windows\iltwain.ini

[2010-01-31 02:02:37 | 001,467,514 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010-01-30 17:30:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2004-02-27 17:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

 

========== LOP Check ==========

 

[2010-10-23 09:28:28 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA

[2010-05-13 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Agency9

[2010-01-30 21:53:07 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\DAEMON Tools Lite

[2010-08-22 12:05:59 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\EVEMon

[2010-02-11 18:40:18 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\ImgBurn

[2010-05-25 10:40:23 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\IMVU

[2010-05-20 19:25:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\IMVUClient

[2010-02-01 22:05:04 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Leadertech

[2010-01-31 11:39:16 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Personal

[2010-02-12 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Sony

[2010-02-12 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Sony Setup

[2010-10-21 16:19:46 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\uTorrent

[2010-05-20 19:26:32 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Vivox

[2009-07-14 07:08:49 | 000,022,934 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010-10-24 10:45:30 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys

[2010-10-22 17:27:30 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2010-10-24 10:45:33 | 2146,689,024 | -HS- | M] () -- C:\pagefile.sys

[2010-10-23 17:22:05 | 000,000,341 | ---- | M] () -- C:\rkill.log

 

 

< MD5 for: AGP440.SYS >

[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009-07-14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 

< MD5 for: IASTORV.SYS >

[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009-07-14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009-07-14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >

[/log]

Extras.Txt

 

Hittat med TDSSKiller:

 

Suspicious objects

Locked file

Service

Service name: sptd

Service type: Kernel driver (0x1)

Service start: Boot (0x0)

File: C:\Windows\system32\Drivers\sptd.sys

MD5:602884696850c86434530790b110e8eb

 

Tog skip på den, kunde even välja Quarantine och delete.

 

I Gmer så kan jag inte kryssa i alla, nästan alla är grå. Det ända jag kan klicka i och ur är: Services, Registry, Files, C:\, D:\ och ADS

 

Gmer Log

 

[log]GMER 1.0.15.15477 - http://www.gmer.net

Rootkit scan 2010-10-24 13:20:55

Windows 6.1.7600

Running: t3n9ryn7.exe

 

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4B 0xD2 0x58 0xC6 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x50 0x47 0xE6 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0x7F 0x39 0x8A ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x78 0x1A 0xD2 0xED ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4B 0xD2 0x58 0xC6 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x50 0x47 0xE6 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0x7F 0x39 0x8A ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x78 0x1A 0xD2 0xED ...

 

---- EOF - GMER 1.0.15 ----

[/log]

 

När jag försöker starta Rootkit Unhooker så får jag felmedelandet: Error loading driver, NTSTATUS code: 0xC000036B

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

sptd är en fil som ingår i Daemon Tools och andra CD-emuleringsprogram. Du får inaktivera den på följande sätt:

 

Spara DeFogger by jpshortstuff http://www.jpshortstuff.247fixes.com/Defogger.exe på Skrivbordet.

 

Starta DeFogger.

När programmets fönster kommer upp trycker du på knappen Disable för att inaktivera drivrutinerna som hör ihop med ditt installerade CD-emuleringsprogram.

Tryck på Yes/Ja för att fortsätta.

När programmet är klart kommer det upp ett meddelande 'Finished!'.

Tryck på OK.

Programmet ber om omstart av datorn, tryck på OK.

 

VIKTIGT! Om du får ett felmeddelande medan DeFogger kör, så klistra in loggen defogger_disable som då skapas på Skrivbordet.

 

Aktivera inte dessa drivrutiner innan rensningen är helt klar.

 

Se sedan om det går att välja mer i Gmer om du högerklickar på dess fil och väljer Kör som administratör.

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här.

C:\Windows\SysWow64\0.6849983715577207.exe

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Worm = mask innebär att det är något som kan sprida sig mellan datorer och USB-minnen, externa hårddiskar, telefoner osv. Har något sådant varit anslutet till datorn sedan datorn blev infekterad eller var det något sådant som smittade datorn?

 

Vad finns i mappen C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA ?

Och i C:\Users\Public\Documents\Server ?

 

Är detta något du känner igen? Stämmer datum med när datorn blev infekterad (klockslaget kan visa fel en eller två timmar)?

[2010-10-23 09:16:45 | 000,499,712 | ---- | C] (Simply the worst) -- C:\Windows\SysWow64\0.6849983715577207.exe

 

Kolla upp C:\Users\Hanna\AppData\Roaming\Windowz.exe på virustotal-sidan.

 

Spara MBRCheck.exe av a_d_13 på Skrivbordet.

Kör programmet.

Vänta tills programmet är klart eller till texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. I det senare fallet tryck på N följt av Enter.

När det är klart skapas en loggfil på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Öppna loggen i Anteckningar genom att dubbelklicka på loggen och klistra in innehållet i ditt svar.

Länk till kommentar
Dela på andra webbplatser
Sabelström

Sabelström

Postad
  • Trådskapare
Postad

Vi håller ju på med usb minnen hela tiden, barnen har godnattsagor på sina och själv har jag ljudböcker och musik, i våra mobiler och kameror har vi sd kort, så det används flera ggr varje dag så kan inte veta vad det kommer ifrån.

 

Det ända jag kan tänka mig som utlöste det är att ett fake windows security essentials kommit upp och att barnen klickat på den för de klagade senare den morgonen på att det inte gick att surfa.

 

I mappen C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA finns: reform70700isoload.exe

och i C:\Users\Public\Documents\Server finns: hlp.dat och sphlp.dll

 

Kan inte säga det är något jag känner igen.

 

Scan Windowz.exe

Scan reform70700isoload.exe

Scan hlp.dat

Scan sphlp.dll

 

Ingen av filerna verkar skysta, ska jag ta bort dom?

 

 

[log]MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000001d

 

Kernel Drivers (total 194):

0x02E0E000 \SystemRoot\system32\ntoskrnl.exe

0x033EA000 \SystemRoot\system32\hal.dll

0x00BB8000 \SystemRoot\system32\kdcom.dll

0x00C24000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

0x00C31000 \SystemRoot\system32\PSHED.dll

0x00C45000 \SystemRoot\system32\CLFS.SYS

0x00CA3000 \SystemRoot\system32\CI.dll

0x00E5D000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F01000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F10000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F67000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F70000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F7A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00F87000 \SystemRoot\system32\DRIVERS\pci.sys

0x00FBA000 \SystemRoot\System32\drivers\partmgr.sys

0x00FCF000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00FE4000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00FEB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00D63000 \SystemRoot\System32\drivers\mountmgr.sys

0x00D7D000 \SystemRoot\system32\DRIVERS\atapi.sys

0x00D86000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x00DB0000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x0107C000 \SystemRoot\system32\drivers\fltmgr.sys

0x010C8000 \SystemRoot\system32\drivers\fileinfo.sys

0x01259000 \SystemRoot\System32\Drivers\Ntfs.sys

0x010DC000 \SystemRoot\System32\Drivers\msrpc.sys

0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0113A000 \SystemRoot\System32\Drivers\cng.sys

0x0121A000 \SystemRoot\System32\drivers\pcw.sys

0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01424000 \SystemRoot\system32\drivers\ndis.sys

0x01516000 \SystemRoot\system32\drivers\NETIO.SYS

0x01576000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01600000 \SystemRoot\System32\drivers\tcpip.sys

0x015A1000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x015EB000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x011AD000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x01400000 \SystemRoot\System32\Drivers\spldr.sys

0x01000000 \SystemRoot\System32\drivers\rdyboost.sys

0x01408000 \SystemRoot\System32\Drivers\mup.sys

0x0141A000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0103A000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01235000 \SystemRoot\system32\DRIVERS\disk.sys

0x00DBB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x038EB000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03915000 \SystemRoot\System32\Drivers\Null.SYS

0x0391E000 \SystemRoot\System32\Drivers\Beep.SYS

0x03925000 \SystemRoot\System32\drivers\vga.sys

0x03933000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x03958000 \SystemRoot\System32\drivers\watchdog.sys

0x03968000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x03971000 \SystemRoot\system32\drivers\rdpencdd.sys

0x0397A000 \SystemRoot\system32\drivers\rdprefmp.sys

0x03983000 \SystemRoot\System32\Drivers\Msfs.SYS

0x0398E000 \SystemRoot\System32\Drivers\Npfs.SYS

0x0399F000 \SystemRoot\system32\DRIVERS\tdx.sys

0x039BD000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03800000 \SystemRoot\system32\drivers\afd.sys

0x0388A000 \SystemRoot\System32\DRIVERS\netbt.sys

0x038CF000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x039CA000 \SystemRoot\system32\DRIVERS\pacer.sys

0x039F0000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02A37000 \SystemRoot\system32\DRIVERS\serial.sys

0x02A54000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02A6F000 \SystemRoot\system32\DRIVERS\termdd.sys

0x02A83000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

0x02A8D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

0x02A97000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x02AE8000 \SystemRoot\system32\drivers\nsiproxy.sys

0x02AF4000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x02AFF000 \SystemRoot\System32\drivers\discache.sys

0x02B0E000 \SystemRoot\system32\drivers\csc.sys

0x02B91000 \SystemRoot\System32\Drivers\dfsc.sys

0x02BAF000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x02BC0000 \SystemRoot\system32\DRIVERS\avipbb.sys

0x02BE2000 \SystemRoot\SysWow64\drivers\AsUpIO.sys

0x02BE8000 \SystemRoot\SysWow64\drivers\AsIO.sys

0x02A00000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03A25000 \SystemRoot\system32\DRIVERS\amdk8.sys

0x03A3C000 \SystemRoot\system32\DRIVERS\fdc.sys

0x03A49000 \SystemRoot\system32\DRIVERS\parport.sys

0x03A66000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x03A6E000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x03A8C000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x03A9B000 \SystemRoot\system32\DRIVERS\serenum.sys

0x03AA7000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x03AB2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x03B08000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03B19000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x03B3D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x03B4A000 \SystemRoot\system32\DRIVERS\nvm62x64.sys

0x0460B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x051DD000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x03E9C000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03F90000 \SystemRoot\System32\drivers\dxgmms1.sys

0x03FD6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x03FDF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x03E00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x03E16000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03E3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03E46000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03E75000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x051DF000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03BAE000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x03E90000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x03FEF000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x03FFE000 \SystemRoot\system32\DRIVERS\swenum.sys

0x040DE000 \SystemRoot\system32\DRIVERS\ks.sys

0x04121000 \SystemRoot\system32\DRIVERS\umbus.sys

0x04133000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0x0413E000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04198000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04234000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x043A1000 \SystemRoot\system32\drivers\portcls.sys

0x043DE000 \SystemRoot\system32\drivers\drmk.sys

0x04200000 \SystemRoot\system32\drivers\ksthunk.sys

0x04206000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x04223000 \SystemRoot\System32\Drivers\crashdmp.sys

0x041AD000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x041B9000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x041C2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x041D5000 \SystemRoot\system32\DRIVERS\usbprint.sys

0x04231000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x00010000 \SystemRoot\System32\win32k.sys

0x041E1000 \SystemRoot\System32\drivers\Dxapi.sys

0x041ED000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04000000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04019000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x04022000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x0402F000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00410000 \SystemRoot\System32\TSDDD.dll

0x007D0000 \SystemRoot\System32\cdd.dll

0x00960000 \SystemRoot\System32\ATMFD.DLL

0x0403D000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0x0405A000 \SystemRoot\system32\drivers\luafv.sys

0x0407D000 \SystemRoot\system32\drivers\WudfPf.sys

0x0409E000 \SystemRoot\system32\DRIVERS\fssfltr.sys

0x040AE000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x040C3000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x052D8000 \SystemRoot\system32\drivers\HTTP.sys

0x053A0000 \SystemRoot\system32\DRIVERS\bowser.sys

0x053BE000 \SystemRoot\System32\drivers\mpsdrv.sys

0x05200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0522D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0527B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0529E000 \SystemRoot\System32\Drivers\adfs.SYS

0x05889000 \SystemRoot\system32\drivers\peauth.sys

0x0592F000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0593A000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x05967000 \SystemRoot\System32\drivers\tcpipreg.sys

0x05979000 \SystemRoot\system32\drivers\waclient.sys

0x05988000 \SystemRoot\System32\DRIVERS\srv2.sys

0x05E87000 \SystemRoot\System32\DRIVERS\srv.sys

0x05FA9000 \SystemRoot\System32\Drivers\fastfat.SYS

0x772B0000 \Windows\System32\ntdll.dll

0x47E20000 \Windows\System32\smss.exe

0xFF5D0000 \Windows\System32\apisetschema.dll

0xFF7C0000 \Windows\System32\autochk.exe

0xFF5A0000 \Windows\System32\sechost.dll

0x771B0000 \Windows\System32\user32.dll

0xFF500000 \Windows\System32\clbcatq.dll

0xFF2A0000 \Windows\System32\iertutil.dll

0xFF120000 \Windows\System32\urlmon.dll

0xFF040000 \Windows\System32\advapi32.dll

0xFEFC0000 \Windows\System32\shlwapi.dll

0x77480000 \Windows\System32\psapi.dll

0xFEEE0000 \Windows\System32\oleaut32.dll

0xFEEB0000 \Windows\System32\imm32.dll

0xFED80000 \Windows\System32\rpcrt4.dll

0xFED30000 \Windows\System32\ws2_32.dll

0xFEB20000 \Windows\System32\ole32.dll

0xFEAA0000 \Windows\System32\difxapi.dll

0x77470000 \Windows\System32\normaliz.dll

0xFEA00000 \Windows\System32\msvcrt.dll

0xFE9B0000 \Windows\System32\Wldap32.dll

0xFE9A0000 \Windows\System32\nsi.dll

0xFE870000 \Windows\System32\wininet.dll

0xFE800000 \Windows\System32\gdi32.dll

0xFE7F0000 \Windows\System32\lpk.dll

0xFDA60000 \Windows\System32\shell32.dll

0xFD9C0000 \Windows\System32\comdlg32.dll

0x77090000 \Windows\System32\kernel32.dll

0xFD8B0000 \Windows\System32\msctf.dll

0xFD6D0000 \Windows\System32\setupapi.dll

0xFD600000 \Windows\System32\usp10.dll

0xFD5E0000 \Windows\System32\imagehlp.dll

0xFD5A0000 \Windows\System32\cfgmgr32.dll

0xFD530000 \Windows\System32\KernelBase.dll

0xFD510000 \Windows\System32\devobj.dll

0xFD4D0000 \Windows\System32\wintrust.dll

0xFD360000 \Windows\System32\crypt32.dll

0xFD2C0000 \Windows\System32\comctl32.dll

0xFD2B0000 \Windows\System32\msasn1.dll

 

Processes (total 63):

0 System Idle Process

4 System

260 C:\Windows\System32\smss.exe

384 csrss.exe

428 C:\Windows\System32\wininit.exe

452 csrss.exe

516 C:\Windows\System32\services.exe

524 C:\Windows\System32\winlogon.exe

544 C:\Windows\System32\lsass.exe

556 C:\Windows\System32\lsm.exe

652 C:\Windows\System32\svchost.exe

712 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

748 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

756 C:\Windows\System32\conhost.exe

880 C:\Windows\System32\nvvsvc.exe

924 C:\Windows\System32\svchost.exe

1012 C:\Windows\System32\svchost.exe

304 C:\Windows\System32\svchost.exe

292 C:\Windows\System32\svchost.exe

1128 C:\Windows\System32\svchost.exe

1252 C:\Windows\System32\svchost.exe

1356 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

1476 C:\Windows\System32\nvvsvc.exe

1568 C:\Windows\System32\spoolsv.exe

1596 C:\Windows\System32\svchost.exe

1644 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

1664 C:\Windows\System32\svchost.exe

1768 C:\Program Files\SUPERAntiSpyware\SASCore64.exe

1820 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1852 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1908 C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

1972 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

2036 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

1208 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

1228 C:\Windows\System32\svchost.exe

1632 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2060 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

2100 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2872 C:\Windows\System32\svchost.exe

2240 C:\Windows\System32\taskhost.exe

1088 C:\Windows\System32\dwm.exe

3048 C:\Windows\explorer.exe

3128 C:\Windows\vsnpstd3.exe

3192 C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe

3204 C:\Windows\RAVCpl64.exe

3228 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

3248 C:\Program Files (x86)\Personal\bin\Personal.exe

3420 C:\Users\Hanna\AppData\Local\Apps\2.0\4AQLVYBG.XEN\T45QQNV1.404\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe

3596 C:\Windows\System32\SearchIndexer.exe

3848 C:\Program Files\Windows Media Player\wmpnetwk.exe

3432 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

4052 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

1176 C:\Windows\System32\svchost.exe

664 C:\Windows\System32\svchost.exe

1352 dllhost.exe

2844 C:\Windows\System32\notepad.exe

4176 taskhost.exe

4564 C:\Windows\System32\SearchProtocolHost.exe

4364 C:\Windows\System32\SearchFilterHost.exe

2644 C:\Windows\System32\audiodg.exe

4796 C:\Users\Hanna\Desktop\MBRCheck.exe

4616 C:\Windows\System32\conhost.exe

1432 C:\Windows\System32\dllhost.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)

 

PhysicalDrive0 Model Number: SAMSUNGSP2014N, Rev: VC100-50

 

Size Device Name MBR Status

--------------------------------------------

186 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

 

 

Done![/log]

 

Antar vi bör söka igenom alla usbminnen och sd kort nu med, vad rekommenderar du då? Har detta skapat nya filer så kan jag hitta filerna men om det satt sig på befintliga filer kan jag inte hitta det.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Har du funderat på att låta barnen ha ett eget konto med begränsade rättigheter? Det minskar lite risken för att de drar in svårare infektioner i datorn.

 

C:\Users\Public\Documents\Server finns: hlp.dat och sphlp.dll
Ladda upp dem på virustotal.
Länk till kommentar
Dela på andra webbplatser
Sabelström

Sabelström

Postad
  • Trådskapare
Postad

Har gjort detta i inlägget över.

 

De har egna, men oftast loggar inte mamman ut på kvällen så det kontot är inloggat på morgonen o då är de för lata för att logga in på sina.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

OTL kan ta bort mappar och filer:

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Samt Spybot S&D Teatimer:

Högerklicka på TeaTimer-ikonen, ett Windows-fönster med hänglås, vid klockan och välj "Reset lists".

 

Starta Spybot S&D

Välj Advanced i Mode-menyn

Till vänster välj Tools - Resident

Ta bort bocken för TeaTimer

Avsluta programmet.

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:OTL
O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
[2010-10-23 18:12:51 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010-10-23 09:28:27 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA
[2010-10-23 09:16:45 | 000,499,712 | ---- | C] (Simply the worst) -- C:\Windows\SysWow64\0.6849983715577207.exe
[2010-10-11 09:32:01 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010-05-19 13:18:04 | 000,016,384 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Windowz.exe
:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar, samt en ny OTL-logg.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

 

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

Länk till kommentar
Dela på andra webbplatser
Sabelström

Sabelström

Postad
  • Trådskapare
Postad

Hade väldiga problem med att få av spybot för det gick inte starta/öppna utan låg bara i hörnet vad jag än tryckte på, brukar inte vara så, har heller inte gått att uppdatera spybot sen virusen började.

 

Här är logen från fixen

[log]All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.

File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.

File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.

Folder move failed. C:\32788R22FWJFW\License scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW\EN-US scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW scheduled to be moved on reboot.

Folder move failed. C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA scheduled to be moved on reboot.

C:\Windows\SysWOW64\0.6849983715577207.exe moved successfully.

Folder move failed. C:\Users\Public\Documents\Server scheduled to be moved on reboot.

C:\Users\Hanna\AppData\Roaming\Windowz.exe moved successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Hanna

->Temp folder emptied: 4246909 bytes

->Temporary Internet Files folder emptied: 608854 bytes

->Java cache emptied: 49493318 bytes

->FireFox cache emptied: 62186710 bytes

->Flash cache emptied: 6367 bytes

 

User: Leon

->Temp folder emptied: 161558 bytes

->Temporary Internet Files folder emptied: 16896115 bytes

->FireFox cache emptied: 60050027 bytes

->Flash cache emptied: 898 bytes

 

User: Public

 

User: Smilla

->Temp folder emptied: 70037871 bytes

->Temporary Internet Files folder emptied: 31464761 bytes

->Java cache emptied: 48375729 bytes

->FireFox cache emptied: 67273710 bytes

->Google Chrome cache emptied: 211955693 bytes

->Flash cache emptied: 77015 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 67840 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 594,00 mb

 

 

OTL by OldTimer - Version 3.2.17.0 log created on 10242010_231113

 

Files\Folders moved on Reboot...

Folder move failed. C:\32788R22FWJFW\License scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW\EN-US scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW\License scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW\EN-US scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW scheduled to be moved on reboot.

Folder move failed. C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA scheduled to be moved on reboot.

Folder move failed. C:\Users\Public\Documents\Server scheduled to be moved on reboot.

C:\Users\Hanna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INPYUXHY\addons-tracker-v4[1].htm moved successfully.

 

Registry entries deleted on Reboot...

[/log]

 

Här är loggen från scanern som jag ställde in som den första, fick dock ingen extra.txt nu.

[log]OTL logfile created on: 2010-10-24 23:23:03 - Run 2

OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Hanna\Desktop\NERLADDAT

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 48,73 Gb Total Space | 14,72 Gb Free Space | 30,20% Space Free | Partition Type: NTFS

Drive D: | 137,47 Gb Total Space | 4,87 Gb Free Space | 3,54% Space Free | Partition Type: NTFS

 

Computer Name: HANNAS | User Name: Hanna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Hanna\Desktop\NERLADDAT\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Windows\vsnpstd3.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Hanna\Desktop\NERLADDAT\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (getPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (addiphelper) -- C:\Program Files (x86)\PortWise\Access Client\AddIpHelper.exe (PortWise)

SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys File not found

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (waclient) -- C:\Windows\SysNative\drivers\waclient.sys (PortWise)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1029unic.sys (MCCI Corporation)

DRV:64bit: - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1029mgmt.sys (MCCI Corporation)

DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\drivers\s1029obex.sys (MCCI Corporation)

DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\drivers\s1029mdm.sys (MCCI Corporation)

DRV:64bit: - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1029nd5.sys (MCCI Corporation)

DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\drivers\s1029mdfl.sys (MCCI Corporation)

DRV:64bit: - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\SysNative\drivers\s1029bus.sys (MCCI Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Tdsshbecr) -- C:\Windows\SysNative\drivers\shbecr.sys (Todos Data System AB)

DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()

DRV - (waclient) -- C:\Windows\SysWOW64\drivers\waclient.sys (PortWise)

DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 C5 7A 4D BD 72 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.se"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: {258735dc-6743-4805-95fc-f95941fffdad}:1.3.6

FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-21 16:57:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-21 16:57:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

[2010-05-20 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions

[2010-01-30 20:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010-05-20 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com

[2010-10-24 14:59:11 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] (Flash Game Maximizer) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{258735dc-6743-4805-95fc-f95941fffdad}

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

[2010-02-01 19:22:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\staged-xpis

[2010-01-30 20:54:07 | 000,002,055 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Mozilla\FireFox\Profiles\jrx9sbih.default\searchplugins\daemon-search.xml

[2010-09-21 23:38:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010-10-21 16:57:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010-02-02 00:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010-10-21 16:57:05 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll

[2010-10-21 16:57:05 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll

[2010-02-02 00:32:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll

[2010-10-21 16:57:08 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll

[2006-10-26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL

[2010-08-13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[2010-04-16 20:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll

[2010-10-02 09:29:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll

[2010-10-02 09:29:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll

[2010-04-16 20:00:00 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll

[2010-01-25 11:02:20 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll

[2010-04-03 21:17:08 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2010-04-03 21:17:08 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

[2010-04-03 21:17:08 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2010-04-03 21:17:08 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2010-04-03 21:17:08 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2010-04-03 21:17:08 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2010-04-03 21:17:08 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2010-10-24 00:54:15 | 000,421,699 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14539 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [fssui] C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{85570d65-0dd8-11df-96a5-002354c169a5}\Shell - "" = AutoRun

O33 - MountPoints2\{85570d65-0dd8-11df-96a5-002354c169a5}\Shell\AutoRun\command - "" = G:\Installer.exe -- File not found

O33 - MountPoints2\{e376d1f0-16b3-11df-9221-002354c169a5}\Shell - "" = AutoRun

O33 - MountPoints2\{e376d1f0-16b3-11df-9221-002354c169a5}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-10-24 23:11:13 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-10-24 12:17:45 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hanna\Desktop\TDSSKiller.exe

[2010-10-23 18:12:51 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010-10-23 17:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010-10-23 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro

[2010-10-23 09:28:27 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA

[2010-10-21 19:10:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2010-10-21 19:10:29 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2010-10-21 19:10:27 | 001,833,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe

[2010-10-21 19:10:27 | 001,371,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd64.exe

[2010-10-21 19:10:27 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2010-10-21 19:10:27 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2010-10-21 19:10:27 | 000,368,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2010-10-21 19:10:27 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2010-10-21 19:10:27 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2010-10-21 19:10:27 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2010-10-21 19:10:26 | 000,882,208 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2010-10-21 19:10:26 | 000,605,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2010-10-21 19:10:26 | 000,049,184 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll

[2010-10-21 19:10:25 | 006,455,840 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe

[2010-10-21 19:10:25 | 000,245,248 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2010-10-21 19:10:24 | 000,160,768 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll

[2010-10-21 19:10:17 | 000,528,384 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2010-10-21 17:38:13 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2010-10-21 17:04:53 | 020,280,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2010-10-21 17:04:53 | 005,399,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2010-10-21 17:04:53 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010-10-21 17:04:53 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010-10-21 17:04:52 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2010-10-21 17:04:52 | 010,021,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2010-10-21 17:04:52 | 006,470,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2010-10-21 17:04:52 | 004,836,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2010-10-21 17:04:52 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2010-10-21 17:04:52 | 002,934,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2010-10-21 17:04:52 | 002,911,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2010-10-21 17:04:52 | 002,666,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2010-10-21 17:04:52 | 001,500,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll

[2010-10-21 17:04:52 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll

[2010-10-21 17:04:51 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2010-10-21 17:04:51 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2010-10-21 17:04:51 | 001,718,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2010-10-21 17:04:51 | 000,386,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll

[2010-10-21 17:04:51 | 000,318,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll

[2010-10-21 17:04:51 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[2010-10-21 16:32:37 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Apps

[2010-10-21 16:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Deployment

[2010-10-21 16:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS

[2010-10-21 15:49:47 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys

[2010-10-21 15:49:42 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Roaming\Download Manager

[2010-10-21 15:48:20 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Program Files (x86)

[2010-10-21 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Windows Live

[2010-10-21 15:40:54 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2010-10-21 15:40:54 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2010-10-21 15:40:54 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2010-10-21 15:40:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll

[2010-10-21 15:40:54 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2010-10-21 15:40:53 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll

[2010-10-21 15:40:53 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2010-10-21 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2010-10-14 15:28:29 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2010-10-14 15:28:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2010-10-14 15:28:28 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2010-10-14 15:28:28 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2010-10-14 15:28:27 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2010-10-14 15:28:26 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2010-10-14 15:28:23 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2010-10-14 15:28:20 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2010-10-14 15:28:20 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2010-10-14 15:28:13 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010-10-14 15:28:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010-10-14 15:28:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2010-10-14 15:28:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2010-10-14 15:28:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2010-10-14 15:28:11 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2010-10-14 15:28:11 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2010-10-14 15:28:11 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010-10-14 15:28:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010-10-14 15:28:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010-10-14 15:28:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010-10-14 15:28:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010-10-14 15:28:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010-10-14 15:28:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2010-10-14 15:28:07 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2010-10-14 15:28:06 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2010-10-14 15:28:04 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2010-10-14 15:28:04 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2010-10-14 15:28:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2010-10-11 09:32:01 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server

[2010-10-10 20:41:37 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2010-10-10 20:41:37 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2010-10-10 20:41:37 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2010-10-10 20:41:37 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2010-10-10 20:41:36 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2010-10-10 20:41:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2010-10-10 20:07:01 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Diagnostics

[2010-10-10 10:15:39 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\My Games

[2010-10-08 02:22:00 | 005,891,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2010-10-08 02:21:18 | 002,590,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2010-10-08 02:20:30 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2010-10-08 02:20:26 | 001,881,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2010-10-04 11:49:34 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\dark crystal

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010-10-02 09:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010-10-02 09:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010-10-02 09:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010-09-27 09:40:37 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Documents\simpsons

[2010-07-13 20:29:11 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeDC68.dll

[2007-03-12 12:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

 

========== Files - Modified Within 30 Days ==========

 

[2010-10-24 23:21:46 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-10-24 23:21:46 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-10-24 23:14:37 | 000,000,628 | RHS- | M] () -- C:\Users\Hanna\ntuser.pol

[2010-10-24 23:14:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-10-24 23:14:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys

[2010-10-24 22:45:00 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3006390198-432352663-4072585696-1004UA.job

[2010-10-24 18:02:31 | 000,080,384 | ---- | M] () -- C:\Users\Hanna\Desktop\MBRCheck.exe

[2010-10-24 16:41:06 | 001,474,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-10-24 16:41:06 | 000,628,634 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2010-10-24 16:41:06 | 000,619,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-10-24 16:41:06 | 000,125,288 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2010-10-24 16:41:06 | 000,107,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-10-24 16:23:33 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010-10-24 15:20:24 | 000,000,020 | ---- | M] () -- C:\Users\Hanna\defogger_reenable

[2010-10-24 13:32:53 | 000,000,162 | -H-- | M] () -- C:\Users\Hanna\Desktop\~$kument VIKTIGT.rtf

[2010-10-24 13:01:58 | 000,003,863 | ---- | M] () -- C:\Users\Hanna\Desktop\Dokument VIKTIGT.rtf

[2010-10-24 13:01:46 | 000,003,863 | ---- | M] () -- C:\Users\Hanna\Desktop\Dokument.rtf

[2010-10-24 12:18:24 | 000,133,632 | ---- | M] () -- C:\Users\Hanna\Desktop\RKUnhookerLE.EXE

[2010-10-24 12:18:00 | 000,294,912 | ---- | M] () -- C:\Users\Hanna\Desktop\t3n9ryn7.exe

[2010-10-24 11:21:31 | 000,017,055 | ---- | M] () -- C:\Users\Hanna\Desktop\Banta.xlsx

[2010-10-24 04:45:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3006390198-432352663-4072585696-1004Core.job

[2010-10-24 00:54:15 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010-10-24 00:52:01 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101024-005415.backup

[2010-10-23 18:41:25 | 000,000,583 | ---- | M] () -- C:\Windows\wininit.ini

[2010-10-22 18:49:17 | 003,775,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010-10-22 18:45:29 | 000,010,745 | ---- | M] () -- C:\Users\Hanna\Documents\Ella smilla.docx

[2010-10-22 17:27:30 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2010-10-21 19:10:29 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2010-10-21 18:09:46 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2010-10-21 17:08:57 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2010-10-21 16:33:33 | 000,000,000 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010-10-19 09:11:48 | 000,014,503 | ---- | M] () -- C:\Users\Hanna\Desktop\yyyyy.php

[2010-10-19 09:11:22 | 000,014,503 | ---- | M] () -- C:\Users\Hanna\Desktop\disimage.php

[2010-10-19 09:10:26 | 000,066,898 | ---- | M] () -- C:\Users\Hanna\Desktop\hot_pink_main_003.jpg

[2010-10-18 22:20:50 | 000,053,845 | ---- | M] () -- C:\Users\Hanna\Desktop\remodellering-av-anatomin.jpg

[2010-10-18 22:13:02 | 000,026,070 | ---- | M] () -- C:\Users\Hanna\Desktop\Mobiluppladdningar-Dotty.jpg

[2010-10-18 13:52:29 | 000,171,214 | ---- | M] () -- C:\Users\Hanna\HUJEDAMEJ.docx

[2010-10-17 18:04:45 | 000,060,101 | ---- | M] () -- C:\Users\Hanna\RECEPT.docx

[2010-10-16 15:56:42 | 000,140,383 | ---- | M] () -- C:\Users\Hanna\Desktop\bakverk.JPG

[2010-10-15 10:04:22 | 000,002,596 | ---- | M] () -- C:\Users\Hanna\Desktop\url.htm

[2010-10-11 14:56:19 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101024-005201.backup

[2010-10-11 14:52:28 | 000,001,985 | ---- | M] () -- C:\Users\Hanna\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk

[2010-10-10 01:48:44 | 000,010,459 | ---- | M] () -- C:\Users\Hanna\S L.docx

[2010-10-09 14:33:10 | 000,691,470 | ---- | M] () -- C:\Users\Hanna\Desktop\betty boop.jpg

[2010-10-08 15:42:42 | 000,019,968 | ---- | M] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-10-08 10:47:00 | 020,280,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2010-10-08 10:47:00 | 018,597,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2010-10-08 10:47:00 | 014,899,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2010-10-08 10:47:00 | 013,019,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2010-10-08 10:47:00 | 012,787,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2010-10-08 10:47:00 | 010,021,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2010-10-08 10:47:00 | 007,428,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2010-10-08 10:47:00 | 006,470,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2010-10-08 10:47:00 | 005,399,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2010-10-08 10:47:00 | 004,836,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2010-10-08 10:47:00 | 003,112,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2010-10-08 10:47:00 | 002,934,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2010-10-08 10:47:00 | 002,911,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2010-10-08 10:47:00 | 002,666,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2010-10-08 10:47:00 | 002,159,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll

[2010-10-08 10:47:00 | 001,718,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2010-10-08 10:47:00 | 001,500,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll

[2010-10-08 10:47:00 | 001,308,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll

[2010-10-08 10:47:00 | 000,386,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll

[2010-10-08 10:47:00 | 000,318,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll

[2010-10-08 10:47:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010-10-08 10:47:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010-10-08 10:47:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[2010-10-08 10:47:00 | 000,007,261 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2010-10-08 02:22:00 | 005,891,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2010-10-08 02:21:18 | 002,590,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2010-10-08 02:20:30 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2010-10-08 02:20:26 | 001,881,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2010-10-04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hanna\Desktop\TDSSKiller.exe

[2010-10-02 09:31:58 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010-10-01 10:01:12 | 000,010,453 | ---- | M] () -- C:\Users\Hanna\Documents\lexa2.docx

[2010-09-29 19:59:53 | 000,011,955 | ---- | M] () -- C:\Users\Hanna\Documents\lambdamätning.docx

[2010-09-27 21:06:08 | 000,180,554 | ---- | M] () -- C:\Users\Hanna\Desktop\Duvebo.docx

[2010-09-27 20:44:27 | 000,675,170 | ---- | M] () -- C:\Users\Hanna\Desktop\Dok2.docx

[2010-09-26 21:50:48 | 000,047,853 | ---- | M] () -- C:\Users\Hanna\Desktop\40053_142113612487312_100000660215529_260547_5423566_n.jpg

[2010-09-26 20:18:23 | 000,000,035 | ---- | M] () -- C:\Windows\A5W.INI

[2010-09-26 20:12:23 | 000,008,801 | ---- | M] () -- C:\Windows\Run32A50.mch

 

========== Files Created - No Company Name ==========

 

[2010-10-24 18:04:17 | 000,080,384 | ---- | C] () -- C:\Users\Hanna\Desktop\MBRCheck.exe

[2010-10-24 15:20:23 | 000,000,020 | ---- | C] () -- C:\Users\Hanna\defogger_reenable

[2010-10-24 13:32:53 | 000,000,162 | -H-- | C] () -- C:\Users\Hanna\Desktop\~$kument VIKTIGT.rtf

[2010-10-24 13:01:58 | 000,003,863 | ---- | C] () -- C:\Users\Hanna\Desktop\Dokument VIKTIGT.rtf

[2010-10-24 12:56:09 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010-10-24 12:38:30 | 000,003,863 | ---- | C] () -- C:\Users\Hanna\Desktop\Dokument.rtf

[2010-10-24 12:18:24 | 000,133,632 | ---- | C] () -- C:\Users\Hanna\Desktop\RKUnhookerLE.EXE

[2010-10-24 12:17:59 | 000,294,912 | ---- | C] () -- C:\Users\Hanna\Desktop\t3n9ryn7.exe

[2010-10-23 11:12:05 | 000,000,583 | ---- | C] () -- C:\Windows\wininit.ini

[2010-10-22 18:45:27 | 000,010,745 | ---- | C] () -- C:\Users\Hanna\Documents\Ella smilla.docx

[2010-10-21 19:11:02 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss

[2010-10-21 19:10:26 | 000,672,800 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll

[2010-10-21 16:33:33 | 000,000,000 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010-10-21 16:16:18 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2010-10-21 16:16:16 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2010-10-21 16:16:16 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2010-10-19 09:11:48 | 000,014,503 | ---- | C] () -- C:\Users\Hanna\Desktop\yyyyy.php

[2010-10-19 09:10:55 | 000,014,503 | ---- | C] () -- C:\Users\Hanna\Desktop\disimage.php

[2010-10-19 09:10:19 | 000,066,898 | ---- | C] () -- C:\Users\Hanna\Desktop\hot_pink_main_003.jpg

[2010-10-18 22:20:50 | 000,053,845 | ---- | C] () -- C:\Users\Hanna\Desktop\remodellering-av-anatomin.jpg

[2010-10-18 22:12:59 | 000,026,070 | ---- | C] () -- C:\Users\Hanna\Desktop\Mobiluppladdningar-Dotty.jpg

[2010-10-18 13:52:28 | 000,171,214 | ---- | C] () -- C:\Users\Hanna\HUJEDAMEJ.docx

[2010-10-17 18:04:42 | 000,060,101 | ---- | C] () -- C:\Users\Hanna\RECEPT.docx

[2010-10-16 15:56:41 | 000,140,383 | ---- | C] () -- C:\Users\Hanna\Desktop\bakverk.JPG

[2010-10-15 10:04:20 | 000,002,596 | ---- | C] () -- C:\Users\Hanna\Desktop\url.htm

[2010-10-10 01:48:42 | 000,010,459 | ---- | C] () -- C:\Users\Hanna\S L.docx

[2010-10-09 14:33:08 | 000,691,470 | ---- | C] () -- C:\Users\Hanna\Desktop\betty boop.jpg

[2010-10-02 09:31:58 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010-10-01 10:01:11 | 000,010,453 | ---- | C] () -- C:\Users\Hanna\Documents\lexa2.docx

[2010-09-29 19:45:37 | 000,011,955 | ---- | C] () -- C:\Users\Hanna\Documents\lambdamätning.docx

[2010-09-27 20:58:53 | 000,180,554 | ---- | C] () -- C:\Users\Hanna\Desktop\Duvebo.docx

[2010-09-27 20:44:26 | 000,675,170 | ---- | C] () -- C:\Users\Hanna\Desktop\Dok2.docx

[2010-09-26 21:50:46 | 000,047,853 | ---- | C] () -- C:\Users\Hanna\Desktop\40053_142113612487312_100000660215529_260547_5423566_n.jpg

[2010-09-26 19:25:33 | 000,017,055 | ---- | C] () -- C:\Users\Hanna\Desktop\Banta.xlsx

[2010-09-25 08:55:41 | 000,001,985 | ---- | C] () -- C:\Users\Hanna\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk

[2010-08-31 16:47:12 | 007,261,130 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Katy Perry - Teenage Dream.zip

[2010-08-21 12:43:24 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI

[2010-05-02 11:07:16 | 000,019,968 | ---- | C] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-22 19:00:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010-04-22 19:00:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010-04-22 18:59:56 | 003,297,280 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2010-04-22 18:59:50 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010-04-22 18:59:50 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010-04-22 18:59:46 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2010-04-22 18:59:33 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010-02-04 20:41:33 | 000,022,025 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Kommaavgränsade värden (DOS).ADR

[2010-02-03 17:50:46 | 000,022,029 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Kommaavgränsade värden (Windows).ADR

[2010-02-02 12:28:41 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll

[2010-02-02 12:16:15 | 000,000,048 | ---- | C] () -- C:\Windows\iltwain.ini

[2010-01-31 02:02:37 | 001,467,514 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010-01-30 17:30:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2004-02-27 17:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

 

========== LOP Check ==========

 

[2010-10-23 09:28:28 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA

[2010-05-13 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Agency9

[2010-01-30 21:53:07 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\DAEMON Tools Lite

[2010-08-22 12:05:59 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\EVEMon

[2010-02-11 18:40:18 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\ImgBurn

[2010-05-25 10:40:23 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\IMVU

[2010-05-20 19:25:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\IMVUClient

[2010-02-01 22:05:04 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Leadertech

[2010-01-31 11:39:16 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Personal

[2010-02-12 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Sony

[2010-02-12 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Sony Setup

[2010-10-21 16:19:46 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\uTorrent

[2010-05-20 19:26:32 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Vivox

[2009-07-14 07:08:49 | 000,024,174 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010-10-24 23:14:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys

[2010-10-22 17:27:30 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2010-10-24 23:14:09 | 2146,689,024 | -HS- | M] () -- C:\pagefile.sys

[2010-10-23 17:22:05 | 000,000,341 | ---- | M] () -- C:\rkill.log

[2010-10-24 12:48:55 | 000,063,554 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_24.10.2010_12.41.25_log.txt

 

 

< MD5 for: AGP440.SYS >

[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009-07-14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 

< MD5 for: IASTORV.SYS >

[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009-07-14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009-07-14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >

[/log]

 

Jag tycker inte det ser ut som jag fått av teatimer och avira så får göra ett försök till senare, kanske i dag.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Ja, försök med att stänga av programmen en gång till och så kör på samma sätt igen (inlägg 12). Starta om datorn två gånger i stället för en gång efter att OTL har fixat.

Länk till kommentar
Dela på andra webbplatser
Sabelström

Sabelström

Postad
  • Trådskapare
Postad

Ok, fick aldrig upp spybot fönstret så avinstallerade det. Gjorde även det samma med Avira.

 

Prövade efter scannarna att installera om dom när jag ska installera Avira får jag samma meddela som när jag skulle installera combofix och dom något med internet säkerhet.

 

Spybot kan jag installera med inte starta.

 

Fick ingen extra denna gång heller, men skickar med en bild så du ser vilka inställningar som är inställda.

 

Fix

[log]All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.

File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.

File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.

Folder move failed. C:\32788R22FWJFW\License scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW\EN-US scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW scheduled to be moved on reboot.

Folder move failed. C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA scheduled to be moved on reboot.

File C:\Windows\SysWow64\0.6849983715577207.exe not found.

Folder move failed. C:\Users\Public\Documents\Server scheduled to be moved on reboot.

File C:\Users\Hanna\AppData\Roaming\Windowz.exe not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Hanna

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 763553 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 52576405 bytes

->Flash cache emptied: 434 bytes

 

User: Leon

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Smilla

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 21742 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 1750461 bytes

 

Total Files Cleaned = 53,00 mb

 

 

OTL by OldTimer - Version 3.2.17.0 log created on 10262010_182907

 

Files\Folders moved on Reboot...

Folder move failed. C:\32788R22FWJFW\License scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW\EN-US scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW\License scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW\EN-US scheduled to be moved on reboot.

Folder move failed. C:\32788R22FWJFW scheduled to be moved on reboot.

Folder move failed. C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA scheduled to be moved on reboot.

Folder move failed. C:\Users\Public\Documents\Server scheduled to be moved on reboot.

C:\Users\Hanna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

Registry entries deleted on Reboot...

[/log]

 

Scan

[log]OTL logfile created on: 2010-10-26 18:38:35 - Run 3

OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Hanna\Desktop\OTL

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 48,73 Gb Total Space | 17,43 Gb Free Space | 35,77% Space Free | Partition Type: NTFS

Drive D: | 137,47 Gb Total Space | 4,87 Gb Free Space | 3,54% Space Free | Partition Type: NTFS

 

Computer Name: HANNAS | User Name: Hanna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Hanna\Desktop\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

PRC - C:\Windows\vsnpstd3.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Hanna\Desktop\OTL\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (getPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (addiphelper) -- C:\Program Files (x86)\PortWise\Access Client\AddIpHelper.exe (PortWise)

SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys File not found

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (waclient) -- C:\Windows\SysNative\drivers\waclient.sys (PortWise)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1029unic.sys (MCCI Corporation)

DRV:64bit: - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1029mgmt.sys (MCCI Corporation)

DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\drivers\s1029obex.sys (MCCI Corporation)

DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\drivers\s1029mdm.sys (MCCI Corporation)

DRV:64bit: - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1029nd5.sys (MCCI Corporation)

DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\drivers\s1029mdfl.sys (MCCI Corporation)

DRV:64bit: - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\SysNative\drivers\s1029bus.sys (MCCI Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Tdsshbecr) -- C:\Windows\SysNative\drivers\shbecr.sys (Todos Data System AB)

DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()

DRV - (waclient) -- C:\Windows\SysWOW64\drivers\waclient.sys (PortWise)

DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 C5 7A 4D BD 72 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.se"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: {258735dc-6743-4805-95fc-f95941fffdad}:1.3.6

FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-21 16:57:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-21 16:57:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

[2010-05-20 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions

[2010-01-30 20:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010-05-20 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com

[2010-10-24 14:59:11 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] (Flash Game Maximizer) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{258735dc-6743-4805-95fc-f95941fffdad}

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

[2010-02-01 19:22:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\staged-xpis

[2010-01-30 20:54:07 | 000,002,055 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Mozilla\FireFox\Profiles\jrx9sbih.default\searchplugins\daemon-search.xml

[2010-09-21 23:38:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010-10-21 16:57:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010-02-02 00:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010-10-21 16:57:05 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll

[2010-10-21 16:57:05 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll

[2010-02-02 00:32:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll

[2010-10-21 16:57:08 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll

[2006-10-26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL

[2010-08-13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[2010-04-16 20:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll

[2010-10-02 09:29:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll

[2010-10-02 09:29:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll

[2010-04-16 20:00:00 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll

[2010-01-25 11:02:20 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll

[2010-04-03 21:17:08 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2010-04-03 21:17:08 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

[2010-04-03 21:17:08 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2010-04-03 21:17:08 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2010-04-03 21:17:08 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2010-04-03 21:17:08 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2010-04-03 21:17:08 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2010-10-24 00:54:15 | 000,421,699 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14539 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [fssui] C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{85570d65-0dd8-11df-96a5-002354c169a5}\Shell - "" = AutoRun

O33 - MountPoints2\{85570d65-0dd8-11df-96a5-002354c169a5}\Shell\AutoRun\command - "" = G:\Installer.exe -- File not found

O33 - MountPoints2\{e376d1f0-16b3-11df-9221-002354c169a5}\Shell - "" = AutoRun

O33 - MountPoints2\{e376d1f0-16b3-11df-9221-002354c169a5}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-10-26 18:29:07 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-10-26 18:14:02 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\OTL

[2010-10-24 12:17:45 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hanna\Desktop\TDSSKiller.exe

[2010-10-23 18:12:51 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010-10-23 17:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010-10-23 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro

[2010-10-21 19:10:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2010-10-21 19:10:29 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2010-10-21 19:10:27 | 001,833,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe

[2010-10-21 19:10:27 | 001,371,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd64.exe

[2010-10-21 19:10:27 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2010-10-21 19:10:27 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2010-10-21 19:10:27 | 000,368,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2010-10-21 19:10:27 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2010-10-21 19:10:27 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2010-10-21 19:10:27 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2010-10-21 19:10:26 | 000,882,208 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2010-10-21 19:10:26 | 000,605,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2010-10-21 19:10:26 | 000,049,184 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll

[2010-10-21 19:10:25 | 006,455,840 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe

[2010-10-21 19:10:25 | 000,245,248 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2010-10-21 19:10:24 | 000,160,768 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll

[2010-10-21 19:10:17 | 000,528,384 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2010-10-21 17:38:13 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2010-10-21 17:04:53 | 020,280,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2010-10-21 17:04:53 | 005,399,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2010-10-21 17:04:53 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010-10-21 17:04:53 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010-10-21 17:04:52 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2010-10-21 17:04:52 | 010,021,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2010-10-21 17:04:52 | 006,470,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2010-10-21 17:04:52 | 004,836,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2010-10-21 17:04:52 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2010-10-21 17:04:52 | 002,934,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2010-10-21 17:04:52 | 002,911,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2010-10-21 17:04:52 | 002,666,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2010-10-21 17:04:52 | 001,500,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll

[2010-10-21 17:04:52 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll

[2010-10-21 17:04:51 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2010-10-21 17:04:51 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2010-10-21 17:04:51 | 001,718,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2010-10-21 17:04:51 | 000,386,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll

[2010-10-21 17:04:51 | 000,318,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll

[2010-10-21 17:04:51 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[2010-10-21 16:32:37 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Apps

[2010-10-21 16:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Deployment

[2010-10-21 16:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS

[2010-10-21 15:49:47 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys

[2010-10-21 15:49:42 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Roaming\Download Manager

[2010-10-21 15:48:20 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Program Files (x86)

[2010-10-21 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Windows Live

[2010-10-21 15:40:54 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2010-10-21 15:40:54 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2010-10-21 15:40:54 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2010-10-21 15:40:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll

[2010-10-21 15:40:54 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2010-10-21 15:40:53 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll

[2010-10-21 15:40:53 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2010-10-21 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2010-10-14 15:28:29 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2010-10-14 15:28:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2010-10-14 15:28:28 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2010-10-14 15:28:28 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2010-10-14 15:28:27 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2010-10-14 15:28:26 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2010-10-14 15:28:23 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2010-10-14 15:28:20 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2010-10-14 15:28:20 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2010-10-14 15:28:13 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010-10-14 15:28:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010-10-14 15:28:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2010-10-14 15:28:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2010-10-14 15:28:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2010-10-14 15:28:11 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2010-10-14 15:28:11 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2010-10-14 15:28:11 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010-10-14 15:28:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010-10-14 15:28:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010-10-14 15:28:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010-10-14 15:28:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010-10-14 15:28:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010-10-14 15:28:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2010-10-14 15:28:07 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2010-10-14 15:28:06 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2010-10-14 15:28:04 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2010-10-14 15:28:04 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2010-10-14 15:28:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2010-10-10 20:41:37 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2010-10-10 20:41:37 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2010-10-10 20:41:37 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2010-10-10 20:41:37 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2010-10-10 20:41:36 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2010-10-10 20:41:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2010-10-10 20:07:01 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Diagnostics

[2010-10-10 10:15:39 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\My Games

[2010-10-08 02:22:00 | 005,891,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2010-10-08 02:21:18 | 002,590,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2010-10-08 02:20:30 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2010-10-08 02:20:26 | 001,881,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2010-10-04 11:49:34 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\dark crystal

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010-10-02 09:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010-10-02 09:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010-10-02 09:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010-09-27 09:40:37 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Documents\simpsons

[2010-07-13 20:29:11 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeDC68.dll

[2007-03-12 12:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

 

========== Files - Modified Within 30 Days ==========

 

[2010-10-26 18:35:32 | 000,000,628 | RHS- | M] () -- C:\Users\Hanna\ntuser.pol

[2010-10-26 18:35:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-10-26 18:35:06 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys

[2010-10-26 18:34:29 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-10-26 18:34:29 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-10-26 18:09:15 | 000,017,068 | ---- | M] () -- C:\Users\Hanna\Desktop\Banta.xlsx

[2010-10-26 17:45:00 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3006390198-432352663-4072585696-1004UA.job

[2010-10-26 04:45:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3006390198-432352663-4072585696-1004Core.job

[2010-10-24 18:02:31 | 000,080,384 | ---- | M] () -- C:\Users\Hanna\Desktop\MBRCheck.exe

[2010-10-24 16:41:06 | 001,474,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-10-24 16:41:06 | 000,628,634 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2010-10-24 16:41:06 | 000,619,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-10-24 16:41:06 | 000,125,288 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2010-10-24 16:41:06 | 000,107,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-10-24 16:23:33 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010-10-24 15:20:24 | 000,000,020 | ---- | M] () -- C:\Users\Hanna\defogger_reenable

[2010-10-24 13:32:53 | 000,000,162 | -H-- | M] () -- C:\Users\Hanna\Desktop\~$kument VIKTIGT.rtf

[2010-10-24 13:01:58 | 000,003,863 | ---- | M] () -- C:\Users\Hanna\Desktop\Dokument VIKTIGT.rtf

[2010-10-24 13:01:46 | 000,003,863 | ---- | M] () -- C:\Users\Hanna\Desktop\Dokument.rtf

[2010-10-24 12:18:24 | 000,133,632 | ---- | M] () -- C:\Users\Hanna\Desktop\RKUnhookerLE.EXE

[2010-10-24 12:18:00 | 000,294,912 | ---- | M] () -- C:\Users\Hanna\Desktop\t3n9ryn7.exe

[2010-10-24 00:54:15 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010-10-24 00:52:01 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101024-005415.backup

[2010-10-23 18:41:25 | 000,000,583 | ---- | M] () -- C:\Windows\wininit.ini

[2010-10-22 18:49:17 | 003,775,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010-10-22 18:45:29 | 000,010,745 | ---- | M] () -- C:\Users\Hanna\Documents\Ella smilla.docx

[2010-10-22 17:27:30 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2010-10-21 19:10:29 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2010-10-21 18:09:46 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2010-10-21 17:08:57 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2010-10-21 16:33:33 | 000,000,000 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010-10-19 09:11:48 | 000,014,503 | ---- | M] () -- C:\Users\Hanna\Desktop\yyyyy.php

[2010-10-19 09:11:22 | 000,014,503 | ---- | M] () -- C:\Users\Hanna\Desktop\disimage.php

[2010-10-19 09:10:26 | 000,066,898 | ---- | M] () -- C:\Users\Hanna\Desktop\hot_pink_main_003.jpg

[2010-10-18 22:20:50 | 000,053,845 | ---- | M] () -- C:\Users\Hanna\Desktop\remodellering-av-anatomin.jpg

[2010-10-18 22:13:02 | 000,026,070 | ---- | M] () -- C:\Users\Hanna\Desktop\Mobiluppladdningar-Dotty.jpg

[2010-10-18 13:52:29 | 000,171,214 | ---- | M] () -- C:\Users\Hanna\HUJEDAMEJ.docx

[2010-10-17 18:04:45 | 000,060,101 | ---- | M] () -- C:\Users\Hanna\RECEPT.docx

[2010-10-16 15:56:42 | 000,140,383 | ---- | M] () -- C:\Users\Hanna\Desktop\bakverk.JPG

[2010-10-15 10:04:22 | 000,002,596 | ---- | M] () -- C:\Users\Hanna\Desktop\url.htm

[2010-10-11 14:56:19 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101024-005201.backup

[2010-10-11 14:52:28 | 000,001,985 | ---- | M] () -- C:\Users\Hanna\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk

[2010-10-10 01:48:44 | 000,010,459 | ---- | M] () -- C:\Users\Hanna\S L.docx

[2010-10-09 14:33:10 | 000,691,470 | ---- | M] () -- C:\Users\Hanna\Desktop\betty boop.jpg

[2010-10-08 15:42:42 | 000,019,968 | ---- | M] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-10-08 10:47:00 | 020,280,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2010-10-08 10:47:00 | 018,597,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2010-10-08 10:47:00 | 014,899,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2010-10-08 10:47:00 | 013,019,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2010-10-08 10:47:00 | 012,787,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2010-10-08 10:47:00 | 010,021,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2010-10-08 10:47:00 | 007,428,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2010-10-08 10:47:00 | 006,470,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2010-10-08 10:47:00 | 005,399,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2010-10-08 10:47:00 | 004,836,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2010-10-08 10:47:00 | 003,112,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2010-10-08 10:47:00 | 002,934,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2010-10-08 10:47:00 | 002,911,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2010-10-08 10:47:00 | 002,666,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2010-10-08 10:47:00 | 002,159,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll

[2010-10-08 10:47:00 | 001,718,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2010-10-08 10:47:00 | 001,500,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll

[2010-10-08 10:47:00 | 001,308,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll

[2010-10-08 10:47:00 | 000,386,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll

[2010-10-08 10:47:00 | 000,318,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll

[2010-10-08 10:47:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010-10-08 10:47:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010-10-08 10:47:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[2010-10-08 10:47:00 | 000,007,261 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2010-10-08 02:22:00 | 005,891,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2010-10-08 02:21:18 | 002,590,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2010-10-08 02:20:30 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2010-10-08 02:20:26 | 001,881,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2010-10-04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hanna\Desktop\TDSSKiller.exe

[2010-10-02 09:31:58 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010-10-01 10:01:12 | 000,010,453 | ---- | M] () -- C:\Users\Hanna\Documents\lexa2.docx

[2010-09-29 19:59:53 | 000,011,955 | ---- | M] () -- C:\Users\Hanna\Documents\lambdamätning.docx

[2010-09-27 21:06:08 | 000,180,554 | ---- | M] () -- C:\Users\Hanna\Desktop\Duvebo.docx

[2010-09-27 20:44:27 | 000,675,170 | ---- | M] () -- C:\Users\Hanna\Desktop\Dok2.docx

[2010-09-26 21:50:48 | 000,047,853 | ---- | M] () -- C:\Users\Hanna\Desktop\40053_142113612487312_100000660215529_260547_5423566_n.jpg

[2010-09-26 20:18:23 | 000,000,035 | ---- | M] () -- C:\Windows\A5W.INI

[2010-09-26 20:12:23 | 000,008,801 | ---- | M] () -- C:\Windows\Run32A50.mch

 

========== Files Created - No Company Name ==========

 

[2010-10-24 18:04:17 | 000,080,384 | ---- | C] () -- C:\Users\Hanna\Desktop\MBRCheck.exe

[2010-10-24 15:20:23 | 000,000,020 | ---- | C] () -- C:\Users\Hanna\defogger_reenable

[2010-10-24 13:32:53 | 000,000,162 | -H-- | C] () -- C:\Users\Hanna\Desktop\~$kument VIKTIGT.rtf

[2010-10-24 13:01:58 | 000,003,863 | ---- | C] () -- C:\Users\Hanna\Desktop\Dokument VIKTIGT.rtf

[2010-10-24 12:56:09 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010-10-24 12:38:30 | 000,003,863 | ---- | C] () -- C:\Users\Hanna\Desktop\Dokument.rtf

[2010-10-24 12:18:24 | 000,133,632 | ---- | C] () -- C:\Users\Hanna\Desktop\RKUnhookerLE.EXE

[2010-10-24 12:17:59 | 000,294,912 | ---- | C] () -- C:\Users\Hanna\Desktop\t3n9ryn7.exe

[2010-10-23 11:12:05 | 000,000,583 | ---- | C] () -- C:\Windows\wininit.ini

[2010-10-22 18:45:27 | 000,010,745 | ---- | C] () -- C:\Users\Hanna\Documents\Ella smilla.docx

[2010-10-21 19:11:02 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss

[2010-10-21 19:10:26 | 000,672,800 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll

[2010-10-21 16:33:33 | 000,000,000 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010-10-21 16:16:18 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2010-10-21 16:16:16 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2010-10-21 16:16:16 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2010-10-19 09:11:48 | 000,014,503 | ---- | C] () -- C:\Users\Hanna\Desktop\yyyyy.php

[2010-10-19 09:10:55 | 000,014,503 | ---- | C] () -- C:\Users\Hanna\Desktop\disimage.php

[2010-10-19 09:10:19 | 000,066,898 | ---- | C] () -- C:\Users\Hanna\Desktop\hot_pink_main_003.jpg

[2010-10-18 22:20:50 | 000,053,845 | ---- | C] () -- C:\Users\Hanna\Desktop\remodellering-av-anatomin.jpg

[2010-10-18 22:12:59 | 000,026,070 | ---- | C] () -- C:\Users\Hanna\Desktop\Mobiluppladdningar-Dotty.jpg

[2010-10-18 13:52:28 | 000,171,214 | ---- | C] () -- C:\Users\Hanna\HUJEDAMEJ.docx

[2010-10-17 18:04:42 | 000,060,101 | ---- | C] () -- C:\Users\Hanna\RECEPT.docx

[2010-10-16 15:56:41 | 000,140,383 | ---- | C] () -- C:\Users\Hanna\Desktop\bakverk.JPG

[2010-10-15 10:04:20 | 000,002,596 | ---- | C] () -- C:\Users\Hanna\Desktop\url.htm

[2010-10-10 01:48:42 | 000,010,459 | ---- | C] () -- C:\Users\Hanna\S L.docx

[2010-10-09 14:33:08 | 000,691,470 | ---- | C] () -- C:\Users\Hanna\Desktop\betty boop.jpg

[2010-10-02 09:31:58 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010-10-01 10:01:11 | 000,010,453 | ---- | C] () -- C:\Users\Hanna\Documents\lexa2.docx

[2010-09-29 19:45:37 | 000,011,955 | ---- | C] () -- C:\Users\Hanna\Documents\lambdamätning.docx

[2010-09-27 20:58:53 | 000,180,554 | ---- | C] () -- C:\Users\Hanna\Desktop\Duvebo.docx

[2010-09-27 20:44:26 | 000,675,170 | ---- | C] () -- C:\Users\Hanna\Desktop\Dok2.docx

[2010-09-26 21:50:46 | 000,047,853 | ---- | C] () -- C:\Users\Hanna\Desktop\40053_142113612487312_100000660215529_260547_5423566_n.jpg

[2010-09-26 19:25:33 | 000,017,068 | ---- | C] () -- C:\Users\Hanna\Desktop\Banta.xlsx

[2010-08-31 16:47:12 | 007,261,130 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Katy Perry - Teenage Dream.zip

[2010-08-21 12:43:24 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI

[2010-05-02 11:07:16 | 000,019,968 | ---- | C] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-22 19:00:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010-04-22 19:00:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010-04-22 18:59:56 | 003,297,280 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2010-04-22 18:59:50 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010-04-22 18:59:50 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010-04-22 18:59:46 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2010-04-22 18:59:33 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010-02-04 20:41:33 | 000,022,025 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Kommaavgränsade värden (DOS).ADR

[2010-02-03 17:50:46 | 000,022,029 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Kommaavgränsade värden (Windows).ADR

[2010-02-02 12:28:41 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll

[2010-02-02 12:16:15 | 000,000,048 | ---- | C] () -- C:\Windows\iltwain.ini

[2010-01-31 02:02:37 | 001,467,514 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010-01-30 17:30:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2004-02-27 17:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

 

========== LOP Check ==========

 

[2010-05-13 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Agency9

[2010-01-30 21:53:07 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\DAEMON Tools Lite

[2010-08-22 12:05:59 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\EVEMon

[2010-02-11 18:40:18 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\ImgBurn

[2010-05-25 10:40:23 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\IMVU

[2010-05-20 19:25:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\IMVUClient

[2010-02-01 22:05:04 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Leadertech

[2010-01-31 11:39:16 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Personal

[2010-02-12 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Sony

[2010-02-12 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Sony Setup

[2010-10-21 16:19:46 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\uTorrent

[2010-05-20 19:26:32 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Vivox

[2009-07-14 07:08:49 | 000,024,918 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010-10-26 18:35:06 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys

[2010-10-22 17:27:30 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2010-10-26 18:35:13 | 2146,689,024 | -HS- | M] () -- C:\pagefile.sys

 

 

< MD5 for: AGP440.SYS >

[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009-07-14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 

< MD5 for: IASTORV.SYS >

[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009-07-14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009-07-14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >

[/log]

post-54944-1288115847,86_thumb.jpg

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

När det gäller felmeddelandet om internetsäkerhet så hittade jag ett tips om att återställa inställningarna för Internet Explorer:

Kontrollpanelen - Internetalternativ - Avancerat

knappen Återställ (för alla inställningar)

 

Det är helt normalt att Extras-loggen inte skapas mer än första gången man kör OTL.

 

Kan du starta datorn i felsäkert läge och se om dessa två mappar går att ta bort:

C:\Users\Hanna\AppData\Roaming\1ADB2EB154AA64B97983E8E58DB8EFEA

C:\Users\Public\Documents\Server

Länk till kommentar
Dela på andra webbplatser
Sabelström

Sabelström

Postad
  • Trådskapare
Postad

Mapparna finns inte kvar, de kanske har försvunnit när jag körde en online virus scan igår.

 

Hjälpte inte att ändra i internetalternativ, hade prövat det innan och nu prövat igen.

 

Har oxå försökt googla efter problemet men hittar inget, är något viruset gjorde för det var inga problem innan.

 

En variant är ju att formatera c disken, men vet inte hur jag ska lyckas spara allt, brukar alltid försvinna viktiga mail o viktiga kontakter.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Vilken online-skanning körde du? Har du någon logg från den?

Kan du klistra in en ny OTL-logg?

Länk till kommentar
Dela på andra webbplatser
Sabelström

Sabelström

Postad
  • Trådskapare
Postad

Körde esets online scan. Har letat efter någon log, men hittar inget som verkar vara det när jag söker på senast ändrade dokument.

 

OTL Log

[log]OTL logfile created on: 2010-10-27 17:53:56 - Run 4

OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Hanna\Desktop\OTL

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 48,73 Gb Total Space | 16,63 Gb Free Space | 34,13% Space Free | Partition Type: NTFS

Drive D: | 137,47 Gb Total Space | 5,17 Gb Free Space | 3,76% Space Free | Partition Type: NTFS

 

Computer Name: HANNAS | User Name: Hanna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Hanna\Desktop\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

PRC - C:\Windows\vsnpstd3.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Hanna\Desktop\OTL\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (getPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (addiphelper) -- C:\Program Files (x86)\PortWise\Access Client\AddIpHelper.exe (PortWise)

SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys File not found

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (waclient) -- C:\Windows\SysNative\drivers\waclient.sys (PortWise)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1029unic.sys (MCCI Corporation)

DRV:64bit: - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1029mgmt.sys (MCCI Corporation)

DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\drivers\s1029obex.sys (MCCI Corporation)

DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\drivers\s1029mdm.sys (MCCI Corporation)

DRV:64bit: - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1029nd5.sys (MCCI Corporation)

DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\drivers\s1029mdfl.sys (MCCI Corporation)

DRV:64bit: - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\SysNative\drivers\s1029bus.sys (MCCI Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Tdsshbecr) -- C:\Windows\SysNative\drivers\shbecr.sys (Todos Data System AB)

DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()

DRV - (waclient) -- C:\Windows\SysWOW64\drivers\waclient.sys (PortWise)

DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.se"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: {258735dc-6743-4805-95fc-f95941fffdad}:1.3.6

FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-21 16:57:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-21 16:57:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

[2010-05-20 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions

[2010-01-30 20:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010-05-20 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com

[2010-10-27 16:07:29 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] (Flash Game Maximizer) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{258735dc-6743-4805-95fc-f95941fffdad}

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

[2010-02-01 19:22:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010-03-24 08:50:21 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\jrx9sbih.default\extensions\staged-xpis

[2010-01-30 20:54:07 | 000,002,055 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Mozilla\FireFox\Profiles\jrx9sbih.default\searchplugins\daemon-search.xml

[2010-09-21 23:38:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010-10-21 16:57:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010-02-02 00:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010-10-21 16:57:05 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll

[2010-10-21 16:57:05 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll

[2010-02-02 00:32:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll

[2010-10-21 16:57:08 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll

[2006-10-26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL

[2010-08-13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[2010-04-16 20:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll

[2010-10-02 09:29:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll

[2010-10-02 09:29:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll

[2010-10-02 09:29:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll

[2010-04-16 20:00:00 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll

[2010-01-25 11:02:20 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll

[2010-04-03 21:17:08 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2010-04-03 21:17:08 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

[2010-04-03 21:17:08 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2010-04-03 21:17:08 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2010-04-03 21:17:08 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2010-04-03 21:17:08 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2010-04-03 21:17:08 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2010-10-24 00:54:15 | 000,421,699 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14539 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [fssui] C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{85570d65-0dd8-11df-96a5-002354c169a5}\Shell - "" = AutoRun

O33 - MountPoints2\{85570d65-0dd8-11df-96a5-002354c169a5}\Shell\AutoRun\command - "" = G:\Installer.exe -- File not found

O33 - MountPoints2\{e376d1f0-16b3-11df-9221-002354c169a5}\Shell - "" = AutoRun

O33 - MountPoints2\{e376d1f0-16b3-11df-9221-002354c169a5}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-10-26 21:01:47 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010-10-26 21:01:47 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010-10-26 21:01:47 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010-10-26 21:01:47 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010-10-26 21:01:47 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010-10-26 21:01:47 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010-10-26 21:01:47 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010-10-26 21:01:39 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2010-10-26 20:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2010-10-26 20:08:13 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys

[2010-10-26 19:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010-10-26 18:29:07 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-10-26 18:14:02 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\OTL

[2010-10-24 12:17:45 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hanna\Desktop\TDSSKiller.exe

[2010-10-23 18:12:51 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010-10-23 17:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010-10-23 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro

[2010-10-21 19:10:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2010-10-21 19:10:29 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2010-10-21 19:10:27 | 001,833,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe

[2010-10-21 19:10:27 | 001,371,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd64.exe

[2010-10-21 19:10:27 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2010-10-21 19:10:27 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2010-10-21 19:10:27 | 000,368,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2010-10-21 19:10:27 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2010-10-21 19:10:27 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2010-10-21 19:10:27 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2010-10-21 19:10:26 | 000,882,208 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2010-10-21 19:10:26 | 000,605,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2010-10-21 19:10:26 | 000,049,184 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll

[2010-10-21 19:10:25 | 006,455,840 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe

[2010-10-21 19:10:25 | 000,245,248 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2010-10-21 19:10:24 | 000,160,768 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll

[2010-10-21 19:10:17 | 000,528,384 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2010-10-21 17:38:13 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2010-10-21 17:04:53 | 020,280,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2010-10-21 17:04:53 | 005,399,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2010-10-21 17:04:53 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010-10-21 17:04:53 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010-10-21 17:04:52 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2010-10-21 17:04:52 | 010,021,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2010-10-21 17:04:52 | 006,470,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2010-10-21 17:04:52 | 004,836,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2010-10-21 17:04:52 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2010-10-21 17:04:52 | 002,934,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2010-10-21 17:04:52 | 002,911,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2010-10-21 17:04:52 | 002,666,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2010-10-21 17:04:52 | 001,500,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll

[2010-10-21 17:04:52 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll

[2010-10-21 17:04:51 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2010-10-21 17:04:51 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2010-10-21 17:04:51 | 001,718,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2010-10-21 17:04:51 | 000,386,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll

[2010-10-21 17:04:51 | 000,318,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll

[2010-10-21 17:04:51 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[2010-10-21 16:32:37 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Apps

[2010-10-21 16:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Deployment

[2010-10-21 16:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS

[2010-10-21 15:49:47 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys

[2010-10-21 15:49:42 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Roaming\Download Manager

[2010-10-21 15:48:20 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Program Files (x86)

[2010-10-21 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Windows Live

[2010-10-21 15:40:54 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2010-10-21 15:40:54 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2010-10-21 15:40:54 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2010-10-21 15:40:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll

[2010-10-21 15:40:54 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2010-10-21 15:40:53 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll

[2010-10-21 15:40:53 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2010-10-21 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2010-10-14 15:28:29 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2010-10-14 15:28:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2010-10-14 15:28:28 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2010-10-14 15:28:28 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2010-10-14 15:28:27 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2010-10-14 15:28:26 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2010-10-14 15:28:23 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2010-10-14 15:28:20 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2010-10-14 15:28:20 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2010-10-14 15:28:13 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010-10-14 15:28:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010-10-14 15:28:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2010-10-14 15:28:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2010-10-14 15:28:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2010-10-14 15:28:11 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2010-10-14 15:28:11 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2010-10-14 15:28:11 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010-10-14 15:28:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010-10-14 15:28:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010-10-14 15:28:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010-10-14 15:28:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010-10-14 15:28:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010-10-14 15:28:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2010-10-14 15:28:07 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2010-10-14 15:28:06 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2010-10-14 15:28:04 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2010-10-14 15:28:04 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2010-10-14 15:28:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2010-10-10 20:41:37 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2010-10-10 20:41:37 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2010-10-10 20:41:37 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2010-10-10 20:41:37 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2010-10-10 20:41:36 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2010-10-10 20:41:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2010-10-10 20:07:01 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\Diagnostics

[2010-10-10 10:15:39 | 000,000,000 | ---D | C] -- C:\Users\Hanna\AppData\Local\My Games

[2010-10-08 02:22:00 | 005,891,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2010-10-08 02:21:18 | 002,590,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2010-10-08 02:20:30 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2010-10-08 02:20:26 | 001,881,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2010-10-04 11:49:34 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\dark crystal

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010-10-02 09:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010-10-02 09:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010-10-02 09:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010-10-02 09:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010-07-13 20:29:11 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeDC68.dll

[2007-03-12 12:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

 

========== Files - Modified Within 30 Days ==========

 

[2010-10-27 17:45:00 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3006390198-432352663-4072585696-1004UA.job

[2010-10-27 15:55:35 | 000,000,628 | RHS- | M] () -- C:\Users\Hanna\ntuser.pol

[2010-10-27 15:44:04 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-10-27 15:44:04 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-10-27 15:36:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-10-27 15:36:31 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys

[2010-10-27 04:45:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3006390198-432352663-4072585696-1004Core.job

[2010-10-26 20:07:46 | 000,000,036 | ---- | M] () -- C:\Users\Hanna\AppData\Local\housecall.guid.cache

[2010-10-26 19:49:00 | 000,001,282 | ---- | M] () -- C:\Users\Hanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-10-26 18:09:15 | 000,017,068 | ---- | M] () -- C:\Users\Hanna\Desktop\Banta.xlsx

[2010-10-24 18:02:31 | 000,080,384 | ---- | M] () -- C:\Users\Hanna\Desktop\MBRCheck.exe

[2010-10-24 16:41:06 | 001,474,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-10-24 16:41:06 | 000,628,634 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2010-10-24 16:41:06 | 000,619,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-10-24 16:41:06 | 000,125,288 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2010-10-24 16:41:06 | 000,107,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-10-24 16:23:33 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010-10-24 15:20:24 | 000,000,020 | ---- | M] () -- C:\Users\Hanna\defogger_reenable

[2010-10-24 13:32:53 | 000,000,162 | -H-- | M] () -- C:\Users\Hanna\Desktop\~$kument VIKTIGT.rtf

[2010-10-24 13:01:58 | 000,003,863 | ---- | M] () -- C:\Users\Hanna\Desktop\Dokument VIKTIGT.rtf

[2010-10-24 13:01:46 | 000,003,863 | ---- | M] () -- C:\Users\Hanna\Desktop\Dokument.rtf

[2010-10-24 12:18:24 | 000,133,632 | ---- | M] () -- C:\Users\Hanna\Desktop\RKUnhookerLE.EXE

[2010-10-24 12:18:00 | 000,294,912 | ---- | M] () -- C:\Users\Hanna\Desktop\t3n9ryn7.exe

[2010-10-24 00:54:15 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010-10-24 00:52:01 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101024-005415.backup

[2010-10-23 18:41:25 | 000,000,583 | ---- | M] () -- C:\Windows\wininit.ini

[2010-10-22 18:49:17 | 003,775,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010-10-22 18:45:29 | 000,010,745 | ---- | M] () -- C:\Users\Hanna\Documents\Ella smilla.docx

[2010-10-22 17:27:30 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2010-10-21 19:10:29 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2010-10-21 18:09:46 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe

[2010-10-21 17:08:57 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2010-10-21 16:33:33 | 000,000,000 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010-10-19 09:11:48 | 000,014,503 | ---- | M] () -- C:\Users\Hanna\Desktop\yyyyy.php

[2010-10-19 09:11:22 | 000,014,503 | ---- | M] () -- C:\Users\Hanna\Desktop\disimage.php

[2010-10-19 09:10:26 | 000,066,898 | ---- | M] () -- C:\Users\Hanna\Desktop\hot_pink_main_003.jpg

[2010-10-18 22:20:50 | 000,053,845 | ---- | M] () -- C:\Users\Hanna\Desktop\remodellering-av-anatomin.jpg

[2010-10-18 22:13:02 | 000,026,070 | ---- | M] () -- C:\Users\Hanna\Desktop\Mobiluppladdningar-Dotty.jpg

[2010-10-18 13:52:29 | 000,171,214 | ---- | M] () -- C:\Users\Hanna\HUJEDAMEJ.docx

[2010-10-17 18:04:45 | 000,060,101 | ---- | M] () -- C:\Users\Hanna\RECEPT.docx

[2010-10-16 15:56:42 | 000,140,383 | ---- | M] () -- C:\Users\Hanna\Desktop\bakverk.JPG

[2010-10-15 10:04:22 | 000,002,596 | ---- | M] () -- C:\Users\Hanna\Desktop\url.htm

[2010-10-11 14:56:19 | 000,421,699 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101024-005201.backup

[2010-10-11 14:52:28 | 000,001,985 | ---- | M] () -- C:\Users\Hanna\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk

[2010-10-10 01:48:44 | 000,010,459 | ---- | M] () -- C:\Users\Hanna\S L.docx

[2010-10-09 14:33:10 | 000,691,470 | ---- | M] () -- C:\Users\Hanna\Desktop\betty boop.jpg

[2010-10-08 15:42:42 | 000,019,968 | ---- | M] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-10-08 10:47:00 | 020,280,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2010-10-08 10:47:00 | 018,597,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2010-10-08 10:47:00 | 014,899,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2010-10-08 10:47:00 | 013,019,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2010-10-08 10:47:00 | 012,787,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2010-10-08 10:47:00 | 010,021,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2010-10-08 10:47:00 | 007,428,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2010-10-08 10:47:00 | 006,470,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2010-10-08 10:47:00 | 005,399,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2010-10-08 10:47:00 | 004,836,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2010-10-08 10:47:00 | 003,112,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2010-10-08 10:47:00 | 002,934,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2010-10-08 10:47:00 | 002,911,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2010-10-08 10:47:00 | 002,666,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2010-10-08 10:47:00 | 002,159,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll

[2010-10-08 10:47:00 | 001,718,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2010-10-08 10:47:00 | 001,500,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll

[2010-10-08 10:47:00 | 001,308,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll

[2010-10-08 10:47:00 | 000,386,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll

[2010-10-08 10:47:00 | 000,318,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll

[2010-10-08 10:47:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010-10-08 10:47:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010-10-08 10:47:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[2010-10-08 10:47:00 | 000,007,261 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2010-10-08 02:22:00 | 005,891,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2010-10-08 02:21:18 | 002,590,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2010-10-08 02:20:30 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2010-10-08 02:20:26 | 001,881,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2010-10-04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hanna\Desktop\TDSSKiller.exe

[2010-10-02 09:31:58 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010-10-01 10:01:12 | 000,010,453 | ---- | M] () -- C:\Users\Hanna\Documents\lexa2.docx

[2010-09-29 19:59:53 | 000,011,955 | ---- | M] () -- C:\Users\Hanna\Documents\lambdamätning.docx

[2010-09-27 21:06:08 | 000,180,554 | ---- | M] () -- C:\Users\Hanna\Desktop\Duvebo.docx

[2010-09-27 20:44:27 | 000,675,170 | ---- | M] () -- C:\Users\Hanna\Desktop\Dok2.docx

 

========== Files Created - No Company Name ==========

 

[2010-10-26 20:07:46 | 000,000,036 | ---- | C] () -- C:\Users\Hanna\AppData\Local\housecall.guid.cache

[2010-10-26 19:49:00 | 000,001,282 | ---- | C] () -- C:\Users\Hanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-10-24 18:04:17 | 000,080,384 | ---- | C] () -- C:\Users\Hanna\Desktop\MBRCheck.exe

[2010-10-24 15:20:23 | 000,000,020 | ---- | C] () -- C:\Users\Hanna\defogger_reenable

[2010-10-24 13:32:53 | 000,000,162 | -H-- | C] () -- C:\Users\Hanna\Desktop\~$kument VIKTIGT.rtf

[2010-10-24 13:01:58 | 000,003,863 | ---- | C] () -- C:\Users\Hanna\Desktop\Dokument VIKTIGT.rtf

[2010-10-24 12:56:09 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010-10-24 12:38:30 | 000,003,863 | ---- | C] () -- C:\Users\Hanna\Desktop\Dokument.rtf

[2010-10-24 12:18:24 | 000,133,632 | ---- | C] () -- C:\Users\Hanna\Desktop\RKUnhookerLE.EXE

[2010-10-24 12:17:59 | 000,294,912 | ---- | C] () -- C:\Users\Hanna\Desktop\t3n9ryn7.exe

[2010-10-23 11:12:05 | 000,000,583 | ---- | C] () -- C:\Windows\wininit.ini

[2010-10-22 18:45:27 | 000,010,745 | ---- | C] () -- C:\Users\Hanna\Documents\Ella smilla.docx

[2010-10-21 19:11:02 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss

[2010-10-21 19:10:26 | 000,672,800 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll

[2010-10-21 16:33:33 | 000,000,000 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010-10-21 16:16:18 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2010-10-21 16:16:16 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2010-10-21 16:16:16 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2010-10-19 09:11:48 | 000,014,503 | ---- | C] () -- C:\Users\Hanna\Desktop\yyyyy.php

[2010-10-19 09:10:55 | 000,014,503 | ---- | C] () -- C:\Users\Hanna\Desktop\disimage.php

[2010-10-19 09:10:19 | 000,066,898 | ---- | C] () -- C:\Users\Hanna\Desktop\hot_pink_main_003.jpg

[2010-10-18 22:20:50 | 000,053,845 | ---- | C] () -- C:\Users\Hanna\Desktop\remodellering-av-anatomin.jpg

[2010-10-18 22:12:59 | 000,026,070 | ---- | C] () -- C:\Users\Hanna\Desktop\Mobiluppladdningar-Dotty.jpg

[2010-10-18 13:52:28 | 000,171,214 | ---- | C] () -- C:\Users\Hanna\HUJEDAMEJ.docx

[2010-10-17 18:04:42 | 000,060,101 | ---- | C] () -- C:\Users\Hanna\RECEPT.docx

[2010-10-16 15:56:41 | 000,140,383 | ---- | C] () -- C:\Users\Hanna\Desktop\bakverk.JPG

[2010-10-15 10:04:20 | 000,002,596 | ---- | C] () -- C:\Users\Hanna\Desktop\url.htm

[2010-10-10 01:48:42 | 000,010,459 | ---- | C] () -- C:\Users\Hanna\S L.docx

[2010-10-09 14:33:08 | 000,691,470 | ---- | C] () -- C:\Users\Hanna\Desktop\betty boop.jpg

[2010-10-02 09:31:58 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010-10-01 10:01:11 | 000,010,453 | ---- | C] () -- C:\Users\Hanna\Documents\lexa2.docx

[2010-09-29 19:45:37 | 000,011,955 | ---- | C] () -- C:\Users\Hanna\Documents\lambdamätning.docx

[2010-09-27 20:58:53 | 000,180,554 | ---- | C] () -- C:\Users\Hanna\Desktop\Duvebo.docx

[2010-09-27 20:44:26 | 000,675,170 | ---- | C] () -- C:\Users\Hanna\Desktop\Dok2.docx

[2010-08-31 16:47:12 | 007,261,130 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Katy Perry - Teenage Dream.zip

[2010-08-21 12:43:24 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI

[2010-05-02 11:07:16 | 000,019,968 | ---- | C] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-22 19:00:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010-04-22 19:00:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010-04-22 18:59:56 | 003,297,280 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2010-04-22 18:59:50 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010-04-22 18:59:50 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010-04-22 18:59:46 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2010-04-22 18:59:33 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010-02-04 20:41:33 | 000,022,025 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Kommaavgränsade värden (DOS).ADR

[2010-02-03 17:50:46 | 000,022,029 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\Kommaavgränsade värden (Windows).ADR

[2010-02-02 12:28:41 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll

[2010-02-02 12:16:15 | 000,000,048 | ---- | C] () -- C:\Windows\iltwain.ini

[2010-01-31 02:02:37 | 001,467,514 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010-01-30 17:30:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2004-02-27 17:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

 

========== LOP Check ==========

 

[2010-05-13 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Agency9

[2010-01-30 21:53:07 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\DAEMON Tools Lite

[2010-08-22 12:05:59 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\EVEMon

[2010-02-11 18:40:18 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\ImgBurn

[2010-05-25 10:40:23 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\IMVU

[2010-05-20 19:25:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\IMVUClient

[2010-02-01 22:05:04 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Leadertech

[2010-01-31 11:39:16 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Personal

[2010-02-12 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Sony

[2010-02-12 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Sony Setup

[2010-10-21 16:19:46 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\uTorrent

[2010-05-20 19:26:32 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Vivox

[2009-07-14 07:08:49 | 000,025,910 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010-10-27 15:36:31 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys

[2010-10-22 17:27:30 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2010-10-27 15:45:16 | 2146,689,024 | -HS- | M] () -- C:\pagefile.sys

 

 

< MD5 for: AGP440.SYS >

[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009-07-14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 

< MD5 for: IASTORV.SYS >

[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009-07-14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009-07-14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >

[/log]

Länk till kommentar
Dela på andra webbplatser
Sabelström

Sabelström

Postad
  • Trådskapare
Postad

Eset online scan

 

[log]ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=b94afa5625d1664d84ae42c7f9cd1bcf

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-10-26 10:58:45

# local_time=2010-10-27 12:58:45 (+0100, Västeuropa, sommartid)

# country="Sweden"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 269476 269476 0 0

# compatibility_mode=5893 16776574 100 94 12171092 39746561 0 0

# compatibility_mode=8192 67108863 100 0 99 99 0 0

# scanned=171666

# found=13

# cleaned=13

# scan_time=17224

C:\Program Files (x86)\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\setupbsdin.exe\setupbsdin.exe a variant of Win32/Injector.DHM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Hanna\Desktop\NERLADDAT\SmitfraudFix.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Hanna\Desktop\NERLADDAT\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Hanna\Desktop\NERLADDAT\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\10262010_182907\C_Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\10262010_182907\C_Users\Public\Documents\Server\sphlp.dll Win32/Bamital.DZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\HANNAS\Backup Set 2010-09-26 230001\Backup Files 2010-10-17 230006\Backup files 1.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

D:\HANNAS\Backup Set 2010-09-26 230001\Backup Files 2010-10-24 230002\Backup files 2.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

[/log]

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Såg du att Eset tog bort några av dina backupfiler? Är det viktiga filer i dem så är det väl bäst att återställa dem.

 

Det är inte Eset som tog bort mapparna i alla fall, men OTL kanske lyckades med det i alla fall fast det inte såg ut så i loggen.

 

Uppdatera och kör MBAM igen. Om något hittas så klistra in loggen.

 

Eftersom det finns flera användarkonton så är det nog bäst att du kör DDS på de andra också och klistrar in loggarna, inte Attach-loggarna.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Eventuellt hjälper följande registerfix mot felmeddelandet:

 

Spara Shell.reg på Skrivbordet.

Dubbelklicka på den och när en fråga kommer upp om det ska tillåtas att den integreras i registret svara Ja/Ok.

 

Starta om datorn och se om den fungerar bättre.

Länk till kommentar
Dela på andra webbplatser
Sabelström

Sabelström

Postad
  • Trådskapare
Postad

Såg du att Eset tog bort några av dina backupfiler? Är det viktiga filer i dem så är det väl bäst att återställa dem.

 

Det är inte Eset som tog bort mapparna i alla fall, men OTL kanske lyckades med det i alla fall fast det inte såg ut så i loggen.

 

Uppdatera och kör MBAM igen. Om något hittas så klistra in loggen.

 

Eftersom det finns flera användarkonton så är det nog bäst att du kör DDS på de andra också och klistrar in loggarna, inte Attach-loggarna.

 

Ok, menar du TDSSKiller? Förmodar jag gör rätt med logarna annars hade du nog sagt till tidigare, är nog bra ett urklipp från något annat.

 

Finns inga viktiga filer i någon backupp så det är lugnt.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...