Update

10 december, 2008

Ladda ner OTMoveIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Starta programmet

Kopiera alla dessa rader (använd markera kod):

:Files
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

Klistra in dem i rutan Paste Instructions for Items to be Moved

Det ska bara vara tre rader.

Tryck på MoveIt!

Om du blir tillfrågad om att starta om datorn så gör det.

Gå till mappen c:\_OTMoveIt\MovedFiles och öppna loggfilen som skapades med dagens datum och klockslag. Kopiera innehållet och klistra in här liksom en ny OTViewIt-logg.

Står det fortfarande rätt i routern?

Hur är det med de andra datorerna i nätverket?

De kanske är infekterade

[inlägget ändrat 2008-12-10 22:49:38 av Cecilia]

10 december, 2008

====== FILES ==========

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_230401

Files moved on Reboot...

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

10 december, 2008

[log]====== FILES ==========

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_230401

Files moved on Reboot...

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

[/log]

10 december, 2008

[log]OTViewIt logfile created on: 2008-12-10 23:24:43 - Run 9

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\pappa\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

501,44 Mb Total Physical Memory | 147,48 Mb Available Physical Memory | 29,41% Memory free

1,46 Gb Paging File | 0,56 Gb Available in Paging File | 38,35% Paging File free

Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 34,67 Gb Total Space | 17,32 Gb Free Space | 49,96% Space Free | Partition Type: NTFS

Drive D: | 30,09 Gb Total Space | 30,00 Gb Free Space | 99,70% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PAPPA-DATOR

Current User Name: pappa

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 90 Days

========== Processes ==========

[2008-01-18 22:33:38 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe

[2008-01-18 22:33:16 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe

[2008-01-18 22:33:24 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe

[2008-11-26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program\Alwil Software\Avast4\aswUpdSv.exe

[2008-11-26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program\Alwil Software\Avast4\ashServ.exe

[2008-01-18 22:33:34 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2008-01-18 22:33:10 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe

[2007-03-14 10:52:30 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

[2007-03-24 04:04:54 | 04,423,680 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2006-10-23 20:00:36 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPEnh.exe

[2007-04-17 19:36:34 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

[2007-01-17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program\Common Files\LightScribe\LSSrvc.exe

[2006-11-24 12:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

[2007-04-03 07:07:38 | 00,272,024 | ---- | M] () -- C:\Program\CyberLink\Shared Files\RichVideo.exe

[2008-05-27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe

[2006-11-29 01:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

[2007-02-13 06:26:50 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

[2007-04-24 17:40:54 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

[2007-04-24 15:48:22 | 00,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

[2008-01-18 22:33:40 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe

[2008-01-18 22:33:34 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe

[2008-11-26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program\Alwil Software\Avast4\ashMaiSv.exe

[2008-01-18 22:33:34 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2008-11-26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program\Alwil Software\Avast4\ashWebSv.exe

[2008-01-18 22:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnscfg.exe

[2008-01-18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe

[2008-01-18 22:33:36 | 00,019,456 | ---- | M] (Microsoft Corporation) -- c:\Windows\System32\inetsrv\w3wp.exe

[2007-05-22 23:37:04 | 00,850,704 | ---- | M] (Dritek System Inc.) -- C:\Program\Launch Manager\LManager.exe

[2008-02-11 19:13:12 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe

[2008-02-11 19:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe

[2008-02-11 19:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe

[2008-11-26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program\Alwil Software\Avast4\ashDisp.exe

[2007-03-14 21:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program\CyberLink\PowerDVD\PDVDServ.exe

[2008-12-05 19:02:30 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jusched.exe

[2008-08-06 19:18:52 | 00,722,464 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe

[2008-05-06 20:06:26 | 02,162,688 | ---- | M] (CNET TechTracker) -- C:\Program\TechTracker\VersionTracker Pro\VersionTrackerPro.exe

[2008-02-11 19:13:06 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe

[2008-02-11 19:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe

[2008-12-05 17:36:32 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\pappa\AppData\Local\Temp\RtkBtMnt.exe

[2007-04-17 19:36:36 | 00,749,568 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

[2007-04-26 16:00:02 | 00,507,904 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

[2007-02-09 06:35:54 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

[2008-01-18 22:33:14 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\ieuser.exe

[2008-01-18 22:33:14 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe

[2008-07-19 06:10:40 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe

[2008-01-18 22:33:20 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe

[2008-01-18 22:33:20 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe

[2008-01-18 22:33:34 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2008-12-06 19:40:37 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\pappa\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008-11-26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

[2008-11-26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

[2008-11-26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

[2008-11-26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

File not found -- -- (CertPropSvc [unknown | Stopped])

[2008-01-05 02:26:42 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

File not found -- -- (CLTNetCnService [Auto | Stopped])

File not found -- -- (DcomLaunch [unknown | Running])

[2008-01-18 22:33:08 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])

[2008-01-18 22:34:08 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [unknown | Running])

[2007-03-14 10:52:30 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService [Auto | Running])

[2007-04-17 19:36:34 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service [Auto | Running])

[2007-02-13 06:26:50 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Running])

[2007-04-24 17:40:54 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService [Auto | Running])

[2008-01-05 02:21:54 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2008-01-18 22:34:26 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [unknown | Running])

[2008-08-07 16:35:20 | 00,138,168 | ---- | M] (Google) -- C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2007-01-17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

[2006-11-24 12:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])

[2006-11-02 14:01:50 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [unknown | Stopped])

[2008-01-05 02:21:40 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2007-04-03 07:07:38 | 00,272,024 | ---- | M] () -- C:\Program\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])

[2008-01-18 22:36:18 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [unknown | Running])

[2008-01-18 22:36:20 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [unknown | Running])

File not found -- -- (Schedule [unknown | Running])

File not found -- -- (SCPolicySvc [unknown | Stopped])

[2008-01-18 22:33:24 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])

[2006-11-02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])

[2006-04-14 09:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])

[2008-01-18 22:33:34 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])

[2008-01-18 22:33:34 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])

File not found -- -- (WdiServiceHost [unknown | Stopped])

File not found -- -- (WdiSystemHost [unknown | Running])

[2007-04-24 15:48:22 | 00,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService [Auto | Running])

[2008-01-18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

[2008-05-27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

[2006-11-29 01:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

========== Driver Services ==========

[2006-11-02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])

[2006-11-02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])

[2006-11-02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

[2006-11-20 06:57:00 | 00,283,776 | ---- | M] (AfaTech ) -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA [On_Demand | Stopped])

[2006-11-02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])

[2006-11-02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])

[2006-11-02 10:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])

[2006-11-02 10:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])

[2006-11-02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])

[2006-11-02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])

[2006-11-02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])

[2008-11-26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

[2008-11-26 18:17:15 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt [Auto | Running])

[2008-11-26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [system | Running])

[2008-11-26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [system | Running])

[2008-11-26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

[2007-02-08 14:03:20 | 00,179,712 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x [On_Demand | Running])

[2006-12-19 21:18:28 | 00,534,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV [On_Demand | Stopped])

[2006-12-19 21:18:28 | 00,534,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX [On_Demand | Running])

[2008-01-18 20:28:28 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])

[2006-11-02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])

[2006-11-02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])

[2006-11-02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])

[2006-11-02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])

[2006-11-02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])

[2006-11-02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

[2006-11-02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])

[2006-11-02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])

[2008-01-18 22:43:00 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [unknown | Running])

[2006-11-02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])

[2006-11-02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [boot | Running])

[2006-11-02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])

[2008-01-18 20:28:22 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [system | Running])

[2006-11-03 06:29:38 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr [On_Demand | Running])

[2008-08-02 02:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])

[2006-11-02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])

[2008-01-18 22:42:12 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [boot | Running])

[2006-11-02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])

[2008-01-18 20:28:02 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])

[2008-01-18 22:42:32 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [boot | Running])

[2008-01-18 20:30:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])

[2006-11-02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])

[2006-11-02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])

[2008-01-18 19:30:50 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006-11-02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])

[2006-11-02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])

[2006-11-02 08:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])

[2006-12-22 20:50:24 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])

[2006-12-22 20:49:04 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])

[2008-02-11 18:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])

[2007-03-21 12:58:56 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [boot | Running])

[2006-11-02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])

[2008-02-11 18:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx [On_Demand | Running])

[2006-11-02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])

[2006-12-07 18:12:02 | 00,076,584 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15 [Auto | Running])

[2007-03-27 04:18:18 | 01,761,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])

[2006-11-02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])

[2008-01-18 22:42:36 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])

[2006-11-02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])

[2006-11-02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])

[2006-11-02 09:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])

[2008-01-18 20:55:04 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])

[2006-11-02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])

[2006-11-02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])

[2008-01-18 20:30:38 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])

[2006-06-19 23:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2006-11-02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])

[2008-01-18 20:52:20 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])

[2006-11-02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])

[2008-01-18 20:54:48 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])

[2006-11-02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])

[2008-05-08 20:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])

[2008-01-18 20:28:38 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])

[2006-11-02 10:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])

[2006-11-02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])

[2008-01-18 22:41:16 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [boot | Running])

[2008-01-18 22:42:30 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])

[2008-05-20 03:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])

[2006-11-02 08:30:54 | 01,781,760 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32 [On_Demand | Stopped])

[2006-11-02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])

[2008-01-18 20:55:52 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [system | Running])

[2007-04-23 10:36:34 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])

[2006-11-02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])

[2006-11-02 08:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD [On_Demand | Stopped])

[2006-11-02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])

[2006-11-02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])

[2006-11-02 10:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])

[2006-11-02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])

[2008-04-05 02:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [system | Running])

[2006-11-02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])

[2008-01-18 20:56:08 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])

[2008-01-18 20:56:44 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])

[2008-01-18 21:01:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [system | Running])

[2008-01-18 20:55:04 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])

[2006-11-02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])

[2008-01-18 20:32:58 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])

[2006-11-02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

[2008-01-18 20:49:18 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])

[2006-11-02 09:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])

[2006-11-02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])

[2006-11-02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])

[2006-11-02 10:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])

[2006-11-02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])

[2006-11-02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])

[2008-01-18 20:55:28 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [system | Running])

[2008-01-18 22:41:32 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [boot | Running])

[2008-01-18 20:29:16 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])

[2008-01-18 20:29:14 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])

[2006-11-02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])

[2006-11-02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])

[2006-11-02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])

[2006-10-23 20:17:32 | 00,179,896 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])

[2008-01-18 20:56:08 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])

[2007-10-30 07:45:20 | 00,024,064 | ---- | M] (Todos Data System AB) -- C:\Windows\System32\drivers\nordecr.sys -- (TdsNordecr [On_Demand | Stopped])

[2008-01-18 20:56:00 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [system | Running])

[2007-01-24 23:44:06 | 00,290,304 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])

[2008-01-18 21:01:16 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])

[2008-01-18 20:55:42 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])

[2008-01-18 20:55:52 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])

[2006-11-02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])

[2006-11-02 10:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])

[2006-11-02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])

[2006-11-02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])

[2008-01-18 20:53:42 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])

[2006-11-02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])

[2006-11-02 09:55:20 | 00,132,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])

[2006-11-02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])

[2006-11-02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])

[2006-11-02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])

[2008-01-18 22:42:20 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [boot | Running])

[2008-01-18 22:43:04 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [boot | Running])

[2006-11-02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

[2006-11-02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])

[2006-11-02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])

[2008-01-18 22:43:28 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [boot | Running])

[2006-12-22 20:48:54 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])

[2008-01-18 20:32:48 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])

[2008-01-18 20:56:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

[2006-11-29 01:44:52 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])

[2008-08-22 13:44:26 | 00,083,200 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\zebrbus.sys -- (zebrbus [On_Demand | Stopped])

[2008-08-22 13:44:26 | 00,109,568 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\zebrmdm.sys -- (zebrmdm [On_Demand | Stopped])

[2006-11-02 16:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.) -- C:\Program\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B} [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://sv.intl.acer.yahoo.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchMigratedDefaultName"=Yahoo! Search

"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

"Start Page"=http://user.tninet.se/~rmd498m/

"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Secondary Start Pages"=

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Secondary Start Pages"=

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchMigratedDefaultName"=Yahoo! Search

"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

"Start Page"=http://user.tninet.se/~rmd498m/

"StartPageCache"=

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\Software\Microsoft\Internet Explorer\SearchURL]

""=http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program\Google\GoogleToolbar2.dll (Google Inc.)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{AD6E6555-FB2C-47D4-8339-3E2965509877}" (HKLM) -- C:\Program\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe (Acer Inc.)

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe (Intel Corporation)

"IgfxTray"=C:\Windows\system32\igfxtray.exe (Intel Corporation)

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()

"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)

"Persistence"=C:\Windows\system32\igfxpers.exe (Intel Corporation)

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)

"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)

"Skytel"=Skytel.exe (Realtek Semiconductor Corp.)

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe (Acer Inc.)

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe (Acer Inc.)

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"ConsentPromptBehaviorAdmin"=2

"ConsentPromptBehaviorUser"=1

"EnableInstallerDetection"=1

"EnableLUA"=1

"EnableSecureUIAPaths"=1

"EnableVirtualization"=1

"PromptOnSecureDesktop"=1

"ValidateAdminCodeSignatures"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"scforceoption"=0

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=0

"EnableUIADesktopToggle"=0

"DisableRegistryTools"=0

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

"HideStartupScripts"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]

"CF_TEXT"=1

"CF_BITMAP"=2

"CF_OEMTEXT"=7

"CF_DIB"=8

"CF_PALETTE"=9

"CF_UNICODETEXT"=13

"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"HideStartupScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"HideStartupScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Value does not exist or could not be read. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{C2A80015-C447-4dc4-82DD-AED83D6ED57E}: Button: Ladbrokes Poker -- %SystemDrive%\Microgaming\Poker\ladbrokesMPP\MPPoker.exe [2008-05-08 09:52:56 | 00,018,432 | ---- | M] (Microgaming)

{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97}: Button: Unibet Poker -- %SystemDrive%\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe [2008-08-28 20:28:05 | 00,013,312 | ---- | M] (Microgaming)

{E6073F93-9541-4be4-9800-109D378EB99B}: Button: NordicBet Poker -- %SystemDrive%\Microgaming\Poker\nordicbetMPP\MPPoker.exe [2008-08-22 21:53:14 | 00,013,312 | ---- | M] (Microgaming)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

26 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-943041516-4001286664-2263957336-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

26 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control

{3860DD98-0549-4D50-AA72-5D17D200EE10}: http://cdn.scan.onecare.live.com/resource/download/scanner/sv-se/wlscctrl2.cab -- Windows Live OneCare safety scanner control

{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/OnlineScanner.cab -- OnlineScanner Control

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{755D45CE-A02C-4C3A-83F0-6269B4A58376} (Servers: | Description: Broadcom 802.11g Nätverksadapter)

{B0D43B3F-9712-486C-B086-8ACCB691CEA6} (Servers: | Description: Broadcom NetLink Gigabit Ethernet)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=eNetHook.dll

>[2007-04-17 19:36:34 | 00,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]

"SecurityProviders"=credssp.dll

>[2008-01-18 22:34:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,

>[2008-01-18 22:36:44 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]

[2006-09-18 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== Files/Folders - Created Within 90 Days ==========

[2008-12-10 23:01:05 | 00,000,000 | ---D | C] -- C:\_OTMoveIt

[2008-12-10 22:53:43 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Users\pappa\Desktop\OTMoveIt3.exe

[2008-12-08 16:00:22 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe

[2008-12-08 16:00:21 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe

[2008-12-08 16:00:21 | 00,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe

[2008-12-08 16:00:21 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe

[2008-12-08 16:00:21 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe

[2008-12-08 16:00:21 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe

[2008-12-08 16:00:21 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe

[2008-12-08 16:00:21 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe

[2008-12-08 16:00:21 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe

[2008-12-08 16:00:21 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe

[2008-12-08 16:00:21 | 00,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe

[2008-12-08 16:00:21 | 00,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe

[2008-12-08 16:00:21 | 00,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe

[2008-12-08 10:13:34 | 00,000,000 | ---D | C] -- C:\Users\pappa\Desktop\dg834_v2_10_22

[2008-12-08 09:47:44 | 02,876,379 | -H-- | C] () -- C:\Users\pappa\AppData\Local\IconCache.db

[2008-12-07 01:24:55 | 00,002,788 | ---- | C] () -- C:\Windows\System32\tmp.reg

[2008-12-07 01:20:14 | 01,582,800 | ---- | C] () -- C:\Users\pappa\Desktop\SmitfraudFix.exe

[2008-12-06 19:40:28 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Users\pappa\Desktop\OTViewIt.exe

[2008-12-06 14:12:11 | 52,657,3568 | -HS- | C] () -- C:\hiberfil.sys

[2008-12-05 21:40:29 | 00,000,000 | ---D | C] -- C:\inetpub

[2008-12-05 17:15:23 | 00,000,000 | ---D | C] -- C:\Windows\temp

[2008-12-05 17:09:01 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT

[2008-12-04 19:08:48 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner

[2008-12-04 19:00:04 | 00,000,680 | ---- | C] () -- C:\Users\pappa\AppData\Local\d3d9caps.dat

[2008-12-04 08:14:00 | 00,000,000 | ---D | C] -- C:\Windows\pss

[2008-12-03 19:22:55 | 00,000,000 | ---D | C] -- C:\Users\pappa\AppData\Roaming\Malwarebytes

[2008-12-03 19:22:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2008-12-03 19:22:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2008-12-03 19:22:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2008-12-03 19:22:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008-12-03 19:19:10 | 00,000,000 | ---D | C] -- C:\Users\pappa\AppData\Roaming\VersionTracker Pro

[2008-12-03 19:16:08 | 00,001,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VersionTrackerPro.lnk

[2008-12-03 19:16:04 | 00,000,000 | ---D | C] -- C:\Program Files\TechTracker

[2008-12-03 17:58:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files

[2008-12-03 17:34:00 | 00,001,878 | ---- | C] () -- C:\Users\pappa\Desktop\HijackThis.lnk

[2008-12-03 17:33:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2008-12-01 08:46:33 | 00,000,144 | ---- | C] () -- C:\Users\pappa\Desktop\Klicka för att öppna filen eller höger-klicka, välj 'Spara som' för att spara filen.url

[2008-11-21 10:41:28 | 00,000,113 | ---- | C] () -- C:\Users\pappa\Desktop\.url

[2008-11-20 22:47:56 | 00,000,110 | ---- | C] () -- C:\Users\pappa\Desktop\Kitco.com.url

[2008-11-13 19:59:12 | 00,000,231 | ---- | C] () -- C:\Users\pappa\Desktop\chart.url

[2008-11-08 19:19:02 | 00,000,000 | ---D | C] -- C:\Users\pappa\Desktop\POKER

[2008-11-07 17:16:11 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

[2008-11-07 15:59:41 | 00,000,156 | ---- | C] () -- C:\Users\pappa\Desktop\Markets.url

[2008-10-31 09:45:42 | 00,000,175 | ---- | C] () -- C:\Users\pappa\Desktop\VCW Nordnet Börsforum i DagensPs.url

[2008-10-30 20:26:26 | 00,000,129 | ---- | C] () -- C:\Users\pappa\Desktop\Tänkvärda citat och dikter.url

[2008-10-30 16:43:21 | 00,000,144 | ---- | C] () -- C:\Users\pappa\Desktop\fraagor_och_svar.htm#strength.url

[2008-10-30 08:29:07 | 00,000,191 | ---- | C] () -- C:\Users\pappa\Desktop\www.e24.se.url

[2008-10-29 21:55:48 | 00,000,114 | ---- | C] () -- C:\Users\pappa\Desktop\finance.yahoo.com.url

[2008-10-29 17:42:56 | 00,000,116 | ---- | C] () -- C:\Users\pappa\Desktop\www.slopedcurve.com.url

[2008-10-29 09:00:35 | 00,000,000 | ---D | C] -- C:\Windows\APPLICATION DATA

[2008-10-26 13:24:22 | 00,000,000 | ---D | C] -- C:\Users\pappa\Desktop\FINANS

[2008-10-24 04:28:18 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll

[2008-10-16 06:26:50 | 02,032,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2008-10-16 06:26:41 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2008-10-16 06:26:30 | 03,601,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2008-10-16 06:26:29 | 03,549,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2008-10-16 06:26:17 | 03,578,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2008-10-16 06:26:14 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll

[2008-10-16 06:26:12 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll

[2008-10-16 06:26:11 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll

[2008-10-16 06:26:10 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll

[2008-10-16 06:26:06 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2008-10-16 06:26:02 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2008-10-16 06:25:59 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2008-10-08 08:26:05 | 00,000,000 | ---D | C] -- C:\Windows\System32\Adobe

[2008-10-06 07:27:15 | 00,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker

[2008-09-24 17:44:39 | 00,000,000 | ---D | C] -- C:\Program Files\Betsson

========== Files - Modified Within 90 Days ==========

[2008-12-10 23:12:22 | 01,471,898 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2008-12-10 23:12:22 | 00,628,782 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2008-12-10 23:12:22 | 00,615,238 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2008-12-10 23:12:22 | 00,126,500 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2008-12-10 23:12:22 | 00,108,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2008-12-10 23:11:39 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2008-12-10 23:11:38 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2008-12-10 23:08:26 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2008-12-10 23:07:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2008-12-10 23:06:57 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2008-12-10 23:06:52 | 52,657,3568 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-10 23:04:46 | 02,876,379 | -H-- | M] () -- C:\Users\pappa\AppData\Local\IconCache.db

[2008-12-10 22:54:01 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Users\pappa\Desktop\OTMoveIt3.exe

[2008-12-08 16:00:36 | 00,002,788 | ---- | M] () -- C:\Windows\System32\tmp.reg

[2008-12-07 01:20:28 | 01,582,800 | ---- | M] () -- C:\Users\pappa\Desktop\SmitfraudFix.exe

[2008-12-06 19:40:37 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\pappa\Desktop\OTViewIt.exe

[2008-12-06 14:12:53 | 00,366,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2008-12-06 11:24:19 | 00,000,680 | ---- | M] () -- C:\Users\pappa\AppData\Local\d3d9caps.dat

[2008-12-05 17:13:52 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini

[2008-12-03 19:16:08 | 00,001,900 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VersionTrackerPro.lnk

[2008-12-03 17:34:00 | 00,001,878 | ---- | M] () -- C:\Users\pappa\Desktop\HijackThis.lnk

[2008-12-01 08:46:33 | 00,000,144 | ---- | M] () -- C:\Users\pappa\Desktop\Klicka för att öppna filen eller höger-klicka, välj 'Spara som' för att spara filen.url

[2008-11-29 17:58:21 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe

[2008-11-29 17:58:21 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe

[2008-11-26 18:21:30 | 01,236,208 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe

[2008-11-26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys

[2008-11-26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2008-11-26 18:17:15 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2008-11-26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2008-11-26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2008-11-26 18:15:10 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr

[2008-11-25 18:20:59 | 00,000,191 | ---- | M] () -- C:\Users\pappa\Desktop\www.e24.se.url

[2008-11-21 10:41:28 | 00,000,113 | ---- | M] () -- C:\Users\pappa\Desktop\.url

[2008-11-20 22:47:56 | 00,000,110 | ---- | M] () -- C:\Users\pappa\Desktop\Kitco.com.url

[2008-11-13 19:59:12 | 00,000,231 | ---- | M] () -- C:\Users\pappa\Desktop\chart.url

[2008-11-07 15:59:41 | 00,000,156 | ---- | M] () -- C:\Users\pappa\Desktop\Markets.url

[2008-10-31 09:45:42 | 00,000,175 | ---- | M] () -- C:\Users\pappa\Desktop\VCW Nordnet Börsforum i DagensPs.url

[2008-10-30 20:26:26 | 00,000,129 | ---- | M] () -- C:\Users\pappa\Desktop\Tänkvärda citat och dikter.url

[2008-10-30 16:43:21 | 00,000,144 | ---- | M] () -- C:\Users\pappa\Desktop\fraagor_och_svar.htm#strength.url

[2008-10-29 21:55:48 | 00,000,114 | ---- | M] () -- C:\Users\pappa\Desktop\finance.yahoo.com.url

[2008-10-29 17:42:56 | 00,000,116 | ---- | M] () -- C:\Users\pappa\Desktop\www.slopedcurve.com.url

[2008-10-22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2008-10-22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2008-10-16 05:47:33 | 00,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll

[2008-10-07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

[2008-10-02 04:49:19 | 01,166,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll

[2008-10-02 04:49:19 | 00,827,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll

[2008-10-02 04:49:16 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2008-10-02 04:49:15 | 03,578,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2008-10-02 04:49:14 | 06,068,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll

[2008-10-02 04:49:14 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll

[2008-10-02 04:49:14 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2008-10-02 02:32:38 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2008-10-01 14:51:40 | 00,087,552 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe

[2008-09-18 06:09:10 | 03,601,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2008-09-18 06:09:09 | 03,549,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2008-09-18 03:16:28 | 02,032,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< End of report >

[/log]

10 december, 2008

Står det fortfarande rätt i routern?

Hur är det med de andra datorerna i nätverket?

De kanske är infekterade

De andra 2 är bara inkopplade via rotern/modemet, vi delar inte på nåt sätt annars utöver det.

men vad ska jag köra igenom dom med till att börja med annars?

Det står automatiskt på DNS server

11 december, 2008

Det här fick jag nu från Microsoft suport, han vill göra en session med mina datorer, ska jag gå med på det?

Hej Kjell,

Anledningen till att det fortfarande inte går att uppdatera är för att det är ett dns virus ( de ukrainska servrarna ) som inte är så enkelt att få bort. Den fixen funkade förr i tiden,men de har blivit smartare.

11 december, 2008

Ja, gör det. Det är nog enklare för honom att undersöka och åtgärda än för mig att göra det via forumet. Han är ju inne på samma orsak som vi i den här tråden.

Tala om för honom att den här tråden finns så får han lite bakgrundsinformation och kan komma fram fortare.

[inlägget ändrat 2008-12-11 10:29:34 av Cecilia]

11 december, 2008

Ok, jag hör av mig senare om det händer nåt positivt

Hit kan man få gratis suport med detta:

Microsoft Product Support Services

11 december, 2008

Hör av dig oavsett hur det går. :thumbsup:

Om det går bra så är det alltid roligt att veta det och går det dåligt så får vi försöka fortsätta.

11 december, 2008

Tja

De problem kopparn har med ukrainska dns servrar är ett dns virus, som jag har sätt komma oftare och oftare tillsammans med monder.gen ( också känt som vundo )

knepig att bli av med, men ingen match, krävs mkt tålamod dock

Aron

11 december, 2008

Japp, tack för vänligheten:thumbsup:

11 december, 2008

De problem kopparn har med ukrainska dns servrar är ett dns virus, som jag har sätt komma oftare och oftare tillsammans med monder.gen ( också känt som vundo )

MBAM hittade en Zlob-infektion 3 december.

11 december, 2008

ah va trevligt

11 december, 2008

[log]

SmitFraudFix v2.381

Scan done at 18:53:51,43, 2008-12-11

Run from C:\Users\Gunnar\Desktop\Virus\SmitfraudFix

OS: Microsoft Windows [Version 6.0.6001] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\Program Files\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\conime.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\FirstClass\fcc32.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gunnar

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gunnar\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gunnar\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gunnar\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, following keys are not inevitably infected!!!

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® 82566DC Gigabit Platform LAN Connect

DNS Server Search Order: 195.67.199.15

DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{10DCC83D-D725-44CF-9931-E322BE8E1A91}: DhcpNameServer=195.67.199.15 192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{10DCC83D-D725-44CF-9931-E322BE8E1A91}: DhcpNameServer=195.67.199.15 192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{10DCC83D-D725-44CF-9931-E322BE8E1A91}: DhcpNameServer=195.67.199.15 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.15 192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.15 192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.15 192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

[/log]

här kommer loggen från MBAM. Provar det andra du skrev också och återkommer med den loggen snart

LOG-taggar inlagt av moderator.

[inlägget ändrat 2008-12-11 19:01:49 av Maratonmannen]

11 december, 2008