Just nu i M3-nätverket
Jump to content

Jag har fått virus W32.Myzor.FK@yf, kan någon hjälpa mig?


KAR1NS

Recommended Posts

Hej! Jag har fått virus W32.Myzor.FK@yf på min dator.

Jag vet inte hur jag ska göra för att få bort det, är det någon som vet hur man gör och skulle kunna hjälpa mig?!

det vore guld värt!

tack Mvh Karin

 

Link to comment
Share on other sites

  • Replies 82
  • Created
  • Last Reply

Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

Hej och tack! här kommer loggen jag fick upp:

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:20:32, on 2008-12-03

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [recinfo630] c:\RecInfo\RecInfo.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [recinfo] RecInfo.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20081201

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe

O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php'>http://www.expresstoolie.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222875395496&h=55db7142213222cf2c1a62926115f3d3/&filename=jinstall-6u7-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

 

--

End of file - 8571 bytes[/log]

 

Link to comment
Share on other sites

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites

Först kommer MBAM-loggen, sen HiJackThis-loggen. Gjorde en ny scan och därmed ny logg på HiJackThis efter att jag kört MBAM och startat om datorn.

 

[log]Malwarebytes' Anti-Malware 1.30

Databasversion: 1454

Windows 6.0.6000

 

2008-12-03 19:57:25

mbam-log-2008-12-03 (19-57-25).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 45995

Förfluten tid: 4 minute(s), 1 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 3

Infekterade registernycklar: 11

Infekterade registervärden: 7

Infekterade registerdataposter: 0

Infekterade mappar: 1

Infekterade filer: 21

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

C:\Windows\System32\6EB156CCD506E37A\6EB156CCD506E37A.x86 (Rootkit.Zlob) -> Delete on reboot.

C:\Program Files\WebMediaViewer\browseul.dll (Trojan.Zlob) -> Delete on reboot.

C:\Program Files\WebMediaViewer\hpmun.dll (Trojan.Zlob) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\CLSID\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vmware hptray (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\quicktime task (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Delete on reboot.

 

Infekterade filer:

C:\Windows\System32\6EB156CCD506E37A\6EB156CCD506E37A.x86 (Rootkit.Zlob) -> Delete on reboot.

C:\Program Files\WebMediaViewer\browseul.dll (Trojan.Zlob) -> Delete on reboot.

C:\Program Files\WebMediaViewer\hpmun.dll (Trojan.Zlob) -> Delete on reboot.

C:\Users\Karin\AppData\Local\Temp\qpgiqmsi2.exe (Rootkit.Zlob) -> Quarantined and deleted successfully.

C:\Users\Karin\AppData\Local\Temp\qpgiqmsi3.exe (Zlob.Agent) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\browseu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\hpmon.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\hpmun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\qttask.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\qttasku.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Users\Public\Desktop\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Users\Public\Desktop\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Users\Karin\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.[/log]

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:20:32, on 2008-12-03

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [recinfo630] c:\RecInfo\RecInfo.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [recinfo] RecInfo.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20081201

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe

O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php'>http://www.expresstoolie.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222875395496&h=55db7142213222cf2c1a62926115f3d3/&filename=jinstall-6u7-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

 

--

End of file - 8571 bytes[/log]

 

Link to comment
Share on other sites

Ser inte riktigt bra ut än. Om datorn inte är omstartad sedan MBAM körde så gör det. Skanna datorn igen med MBAM och klistra in nya loggar om något hittades. Om inget hittas så berätta det.

 

Link to comment
Share on other sites

Jag har startat om datorn två gånger och skannat med MBAM efteråt båda gångerna, men programmet säger att inga skadliga filer hittats och inget har registreras. Vad gör jag då?

 

Link to comment
Share on other sites

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix.

 

Link to comment
Share on other sites

ett problem: jag laddade hem SmitfraudFix precis som du skrev, startade upp det precis som du skrev men i samma stund som jag trycker på "1" och "enter" så kommer det upp en ruta med blå bakgrund är det står "åtkomst nekad" ungefär 7 gånger i rad. hur gör jag nu?

verkligen tack för att du tar dig tid! det uppskattas!

 

Link to comment
Share on other sites

hela felmeddelandet lyder: C:\Users\Karin\desktop\SmithfraudFix\GetPaths.vbs (80, 1) WshShell.RegRead: Det går inte att öppna registreringsnyckeln "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Favorites" för läsning.

 

C:\Users\Karin\Desktop\SmithfraudFix\GetPaths.vbs

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

Åtkomst nekad

 

Link to comment
Share on other sites

Förlåt, jag glömde att det är en Vista-dator.

Starta SmitfraudFix genom att högerklicka på filen och välj Kör som administratör.

 

Link to comment
Share on other sites

tack, nu fungerade det! =)

 

[log]SmitFraudFix v2.380

 

Scan done at 22:15:59,52, 2008-12-03

Run from C:\Users\Karin\Desktop\SmitfraudFix

OS: Microsoft Windows [Version 6.0.6000] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Karin

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Karin\AppData\Local\Temp

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Karin\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Karin\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, following keys are not inevitably infected!!!

 

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="avgrsstx.dll"

"LoadAppInit_DLLs"=dword:00000001

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\Windows\\system32\\userinit.exe,"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Atheros AR5007EG Wireless Network Adapter

DNS Server Search Order: 83.255.249.10

DNS Server Search Order: 192.168.0.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A0167B27-407D-4468-A8D6-9AC52D50C0E2}: DhcpNameServer=195.54.122.199 81.26.227.3 195.54.122.204 81.26.228.3

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCE38CED-9B9D-420F-BDFB-ECE774217468}: DhcpNameServer=83.255.249.10 192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{A0167B27-407D-4468-A8D6-9AC52D50C0E2}: DhcpNameServer=195.54.122.199 81.26.227.3 195.54.122.204 81.26.228.3

HKLM\SYSTEM\CS1\Services\Tcpip\..\{BCE38CED-9B9D-420F-BDFB-ECE774217468}: DhcpNameServer=83.255.249.10 192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{A0167B27-407D-4468-A8D6-9AC52D50C0E2}: DhcpNameServer=195.54.122.199 81.26.227.3 195.54.122.204 81.26.228.3

HKLM\SYSTEM\CS2\Services\Tcpip\..\{BCE38CED-9B9D-420F-BDFB-ECE774217468}: DhcpNameServer=83.255.249.10 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=83.255.249.10 192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=83.255.249.10 192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=83.255.249.10 192.168.0.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

Link to comment
Share on other sites

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt.

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar.

 

Link to comment
Share on other sites

jag måste tyvärr sova nu, ska upp 05, men jag fortsätter imorgon morgon,tack för all hjälp! här e loggarna:

 

[log]OTViewIt Extras logfile created on: 2008-12-03 22:40:43 - Run 2

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PZJVY7N

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16757)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,87 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 61,43% Memory free

3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,62% Paging File free

Paging file location(s): ?:\pagefile.sys;

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 92,21 Gb Total Space | 18,00 Gb Free Space | 19,53% Space Free | Partition Type: NTFS

Drive D: | 45,12 Gb Total Space | 32,67 Gb Free Space | 72,40% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KARINS-DATOR

Current User Name: Karin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program\Internet Explorer\iexplore.exe File not found

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride"=1

"AntiSpywareOverride"=0

"FirewallOverride"=0

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"DisableNotifications"=0

"EnableFirewall"=1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

 

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols

ldap -- 4 = Restricted sites (Not a Default Protocol)

news -- 4 = Restricted sites (Not a Default Protocol)

nntp -- 4 = Restricted sites (Not a Default Protocol)

oecmd -- 4 = Restricted sites (Not a Default Protocol)

snews -- 4 = Restricted sites (Not a Default Protocol)

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

@ivt -- @ivt protocol not assigned

file -- file protocol not assigned

ftp -- ftp protocol not assigned

http -- http protocol not assigned

https -- https protocol not assigned

shell -- shell protocol not assigned

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

@ivt -- @ivt protocol not assigned

file -- file protocol not assigned

ftp -- ftp protocol not assigned

http -- http protocol not assigned

https -- https protocol not assigned

shell -- shell protocol not assigned

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

File not found C:\Program\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

File not found C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

File not found C:\Program\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

File not found c:\Program\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

File not found C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

File not found C:\Program\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{028741EB-70F5-BF63-EB23-480A7C48F096}"=CCC Help German

"{0343FEB6-43EA-0608-CF1F-6B4D20784AA8}"=Catalyst Control Center Localization Italian

"{03B5882D-D9DB-B950-CBE1-D03DDBFFF458}"=CCC Help Chinese Traditional

"{1B3A67B0-F54D-2F98-763C-B8E309135C38}"=Catalyst Control Center Localization Swedish

"{1F9B00FC-AD74-A45C-3E73-83CF895E9CD0}"=Catalyst Control Center Localization Spanish

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{29F482A1-9828-5830-1F96-798E75CB90EB}"=CCC Help French

"{2B541619-4920-A88A-AEB6-C4E76672B726}"=ccc-utility

"{2C1B58D5-6549-472C-86B7-17BE57186628}"=Microsoft Works

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}"=Sony Ericsson PC Suite 3.209.00

"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{32AFDE70-6890-478B-BC92-8F3C76B8A77B}"=Branding

"{37AF3415-B43F-FB0B-124B-4B207657DF66}"=Catalyst Control Center Localization Japanese

"{3E5D1BD1-3451-15A7-D5EB-FB4C1C713C33}"=Catalyst Control Center Localization Chinese Standard

"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}"=Tele2 Mobile Connect

"{3FB83D9B-35B3-44E2-639B-6839332BBB29}"=Catalyst Control Center Localization Portuguese

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}"=ATI Catalyst Install Manager

"{45EA1531-5226-4FC4-9341-8D0C8CEC502F}"=Windows Live Toolbar

"{48FD4CEC-7ED7-5220-2032-E780075764E4}"=CCC Help Japanese

"{587601F9-A917-AE27-263A-0854BE106BE9}"=Catalyst Control Center Localization German

"{625309B9-9853-B259-CA17-DA4838E2D7C6}"=Catalyst Control Center Localization Dutch

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites

"{66E98E51-BFF9-5922-1316-7AF58170CA54}"=Catalyst Control Center Graphics Light

"{71C97813-ADFC-AA48-D24F-17E6CD41B413}"=Skins

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{74EF2D1D-D3A6-3A56-1DD7-56A338BADD29}"=CCC Help Chinese Standard

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}"=Avanquest update

"{787AD427-7FEB-A87C-4C2E-C95610EF345B}"=Catalyst Control Center Core Implementation

"{81CD6232-10F5-4832-B3DA-1B88B1571053}"=Nero 7 Essentials

"{8535028B-D4EE-B929-97A0-354013AE5D94}"=Catalyst Control Center Localization Korean

"{8DE292EC-FA26-4526-BFEB-3EE820E97005}"=OpenOffice.org Installer 1.0

"{90120000-0016-041D-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Swedish) 2007

"{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Swedish) 2007

"{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-041D-0000-0000000FF1CE}"=Microsoft Office Word MUI (Swedish) 2007

"{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040B-0000-0000000FF1CE}"=Microsoft Office Proof (Finnish) 2007

"{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-041D-0000-0000000FF1CE}"=Microsoft Office Proof (Swedish) 2007

"{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-041D-0000-0000000FF1CE}"=Compatibility Pack för Office 2007-systemet

"{90120000-002C-041D-0000-0000000FF1CE}"=Microsoft Office Proofing (Swedish) 2007

"{90120000-006E-041D-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Swedish) 2007

"{90120000-006E-041D-0000-0000000FF1CE}_HOMESTUDENTR_{C41B2E34-C30E-4989-8A9D-6B0805B33EC1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-041D-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Swedish) 2007

"{90120000-00A1-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{9279B0F3-C831-7C50-9F07-73B1219322B6}"=Catalyst Control Center Localization Chinese Traditional

"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}"=FirstSteps Diagnostics

"{94E89EFD-5841-17EA-4F69-37A5DA58A735}"=CCC Help Spanish

"{95120000-00AF-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (Swedish)

"{9A983135-BB9F-6E62-F282-AD76BB9551FE}"=CCC Help English

"{9AE73DF3-2349-A626-AE42-7959D7583E2B}"=Catalyst Control Center Graphics Full Existing

"{A603BB91-F08F-025F-4158-E897DC29D037}"=Catalyst Control Center Localization French

"{AA27D595-32F0-97EB-BC94-1ED22E7444A8}"=CCC Help Portuguese

"{AC76BA86-7AD7-1053-7B44-A81200000003}"=Adobe Reader 8.1.2 - Svenska

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{BAA6BD76-9B5A-4ED3-98BE-0127E8F14541}"=Windows Live Photo Gallery

"{C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57}"=ccc-core-static

"{CCC67B82-CD80-9C07-4C4A-D5B9C7137399}"=CCC Help Italian

"{D2B49278-3321-FFBA-0F7C-127878A9CB5D}"=CCC Help Dutch

"{D723FE60-F9EC-D688-0274-7BF2FF96E80A}"=Catalyst Control Center Graphics Full New

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E1FA2D24-5633-83B3-3C72-FB3749DAF724}"=CCC Help Swedish

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver

"{F5E23357-CDCE-0246-677C-8097DAA6F8C5}"=CCC Help Korean

"{FA2B72B1-B29E-57FB-5AFB-74734AC3442E}"=Catalyst Control Center Graphics Previews Vista

"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites

"ActiveScan 2.0"=Panda ActiveScan 2.0

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin

"ATI Uninstaller"=ATI Uninstaller

"AVG8Uninstall"=AVG Free 8.0

"DJ Music Mixer"=DJ Music Mixer

"eMusic Promotion"=eMusic - 50 Free MP3 offer

"Free RAR Extract Frog 1.00"=Free RAR Extract Frog 1.00

"HijackThis"=HijackThis 2.0.2

"HOMESTUDENTR"=Microsoft Office Home and Student 2007

"LastFM_is1"=Last.fm 1.5.2.38918

"LimeWire"=LimeWire 4.18.3

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)

"SMSERIAL"=Motorola SM56 Data Fax Modem

"Winamp"=Winamp

"Winamp Toolbar"=Winamp Toolbar for Internet Explorer

"Winamp Toolbar for Firefox"=Winamp Toolbar for Firefox

"Windows Live Toolbar"=Windows Live Toolbar

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VideoLAN VLC media player 0.8.6h

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-12-02 16:28:57 | Computer Name = Karins-dator | Source = VSS | ID = 8194

Description =

 

Error - 2008-12-02 16:35:17 | Computer Name = Karins-dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet iexplore.exe, version 7.0.6000.16757, tidsstämpel

0x48e4238e, felet uppstod i modulen unknown, version 0.0.0.0, tidsstämpel 0x00000000,

undantagskod 0xc0000005, felförskjutning 0x20004a92, process-ID 0x1638, programmets

starttid 0x01c954bc50631b82.

 

Error - 2008-12-02 16:46:31 | Computer Name = Karins-dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet iexplore.exe, version 7.0.6000.16757, tidsstämpel

0x48e4238e, felet uppstod i modulen unknown, version 0.0.0.0, tidsstämpel 0x00000000,

undantagskod 0xc0000005, felförskjutning 0x00000001, process-ID 0x16ac, programmets

starttid 0x01c954bdd6d73922.

 

Error - 2008-12-02 17:52:05 | Computer Name = Karins-dator | Source = EventSystem | ID = 4621

Description =

 

Error - 2008-12-03 11:57:08 | Computer Name = Karins-dator | Source = WerSvc | ID = 5007

Description =

 

Error - 2008-12-03 12:00:29 | Computer Name = Karins-dator | Source = VSS | ID = 8194

Description =

 

Error - 2008-12-03 14:59:40 | Computer Name = Karins-dator | Source = WerSvc | ID = 5007

Description =

 

Error - 2008-12-03 15:43:37 | Computer Name = Karins-dator | Source = WerSvc | ID = 5007

Description =

 

Error - 2008-12-03 16:34:44 | Computer Name = Karins-dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet winamp.exe, version 5.5.3.1938, tidsstämpel

0x47f283f8, felet uppstod i modulen ntdll.dll, version 6.0.6000.16386, tidsstämpel

0x4549bdc9, undantagskod 0xc0000005, felförskjutning 0x0002294f, process-ID 0x1520,

programmets starttid 0x01c95586852624a9.

 

Error - 2008-12-03 17:15:40 | Computer Name = Karins-dator | Source = WerSvc | ID = 5007

Description =

 

[ System Events ]

Error - 2008-12-03 14:59:03 | Computer Name = Karins-dator | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 7, funktion

0. Kontakta återförsäljaren för teknisk support.

 

Error - 2008-12-03 14:59:04 | Computer Name = Karins-dator | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 6, funktion

0. Kontakta återförsäljaren för teknisk support.

 

Error - 2008-12-03 15:35:34 | Computer Name = Karins-dator | Source = DCOM | ID = 10010

Description =

 

Error - 2008-12-03 15:36:48 | Computer Name = Karins-dator | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 4, funktion

0. Kontakta återförsäljaren för teknisk support.

 

Error - 2008-12-03 15:36:48 | Computer Name = Karins-dator | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 7, funktion

0. Kontakta återförsäljaren för teknisk support.

 

Error - 2008-12-03 15:36:49 | Computer Name = Karins-dator | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 6, funktion

0. Kontakta återförsäljaren för teknisk support.

 

Error - 2008-12-03 16:56:55 | Computer Name = Karins-dator | Source = DCOM | ID = 10010

Description =

 

Error - 2008-12-03 17:12:01 | Computer Name = Karins-dator | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 4, funktion

0. Kontakta återförsäljaren för teknisk support.

 

Error - 2008-12-03 17:12:01 | Computer Name = Karins-dator | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 7, funktion

0. Kontakta återförsäljaren för teknisk support.

 

Error - 2008-12-03 17:12:01 | Computer Name = Karins-dator | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 6, funktion

0. Kontakta återförsäljaren för teknisk support.

 

 

< End of report >[/log]

 

[log]OTViewIt logfile created on: 2008-12-03 22:40:43 - Run 2

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PZJVY7N

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16757)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,87 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 61,43% Memory free

3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,62% Paging File free

Paging file location(s): ?:\pagefile.sys;

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 92,21 Gb Total Space | 18,00 Gb Free Space | 19,53% Space Free | Partition Type: NTFS

Drive D: | 45,12 Gb Total Space | 32,67 Gb Free Space | 72,40% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KARINS-DATOR

Current User Name: Karin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2007-11-03 15:11:38 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe

[2006-11-02 10:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe

[2007-02-02 14:59:54 | 00,565,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe

[2007-11-03 14:51:03 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe

[2007-02-02 14:59:54 | 00,565,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe

[2008-08-31 10:49:46 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

[2006-12-08 19:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe

[2006-11-02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe

[2006-11-02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2008-07-29 20:11:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgrsx.exe

[2008-08-31 10:49:45 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgemc.exe

[2006-11-02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2007-11-03 14:53:16 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe

[2007-11-03 14:03:10 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

[2007-04-10 15:01:32 | 04,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2006-11-22 17:31:26 | 00,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[2008-04-01 19:49:42 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

[2008-11-27 10:37:24 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

[2008-06-30 18:30:35 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe

[2006-09-29 18:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

[2006-11-02 10:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe

[2006-11-02 13:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[2008-06-30 19:23:49 | 00,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[2008-02-20 17:19:46 | 00,356,352 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[2006-11-02 10:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe

[2006-11-02 13:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe

[2006-09-29 18:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[2006-11-02 10:44:59 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

[2008-10-02 04:48:32 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe

[2008-12-03 22:40:13 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PZJVY7N\OTViewIt[1].exe

 

========== (O23) Win32 Services ==========

 

[2007-02-02 14:59:54 | 00,565,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])

File not found -- -- (avg8emc [Auto | Running])

File not found -- -- (avg8wd [Auto | Running])

File not found -- -- (CertPropSvc [unknown | Stopped])

[2006-11-02 07:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

File not found -- -- (DcomLaunch [unknown | Running])

[2006-11-02 13:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])

[2007-11-03 15:27:25 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [unknown | Running])

[2007-11-03 15:32:21 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])

[2006-11-02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

[2006-11-02 13:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2007-11-03 15:05:52 | 00,568,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [unknown | Running])

File not found -- -- (gusvc [On_Demand | Stopped])

[2006-11-02 14:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [unknown | Stopped])

[2006-11-02 13:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

File not found -- -- (NMIndexingService [On_Demand | Stopped])

File not found -- -- (odserv [On_Demand | Stopped])

File not found -- -- (ose [On_Demand | Stopped])

[2007-11-03 15:12:27 | 00,546,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [unknown | Running])

[2006-11-02 10:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [unknown | Stopped])

File not found -- -- (Schedule [unknown | Running])

File not found -- -- (SCPolicySvc [unknown | Stopped])

[2007-11-03 14:51:03 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])

[2006-11-02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])

[2006-12-08 19:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler [Auto | Running])

[2006-11-02 10:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])

File not found -- -- (usnjsvc [On_Demand | Stopped])

[2006-11-02 10:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])

File not found -- -- (WdiServiceHost [unknown | Stopped])

File not found -- -- (WdiSystemHost [unknown | Running])

File not found -- -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

 

========== Driver Services ==========

 

[2008-12-03 19:59:11 | 00,000,000 | -HSD | M] -- C:\Windows\System32\6EB156CCD506E37A -- (6EB156CCD506E37A [Auto | Running])

[2006-11-02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])

[2006-11-02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])

[2006-11-02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

[2006-11-02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])

[2007-11-03 15:51:55 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])

[2007-11-03 15:21:31 | 00,057,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])

[2007-11-03 15:51:56 | 00,018,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])

[2006-11-02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])

[2006-11-02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])

[2006-11-02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])

[2007-02-01 10:55:10 | 00,690,176 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr [On_Demand | Running])

[2008-08-31 10:49:45 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

[2008-07-29 20:11:20 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

[2008-07-29 20:11:28 | 00,069,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys -- (AvgWfpX [On_Demand | Running])

[2006-11-02 09:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])

[2006-11-02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])

[2006-11-02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])

[2006-11-02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])

[2006-11-02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])

[2006-11-02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])

[2006-11-02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

[2006-11-02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])

[2006-11-02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])

[2008-06-30 18:34:10 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [unknown | Running])

[2007-11-03 15:51:55 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])

[2006-11-02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [boot | Running])

[2006-11-02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])

[2006-11-02 09:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [system | Running])

[2007-11-03 15:42:07 | 00,621,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])

[2006-11-02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])

[2007-11-03 15:47:20 | 00,135,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [boot | Running])

[2006-11-02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])

[2006-11-02 10:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [boot | Running])

[2006-11-02 09:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])

[2006-11-02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])

[2006-11-02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])

[2007-11-03 15:18:24 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006-11-02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])

[2006-11-02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])

[2007-08-08 11:07:42 | 00,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])

[2007-07-12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Disabled | Stopped])

[2006-11-02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])

[2006-11-02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])

[2007-04-10 18:05:38 | 01,764,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])

[2006-11-02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])

[2006-11-02 10:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])

[2006-11-02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])

[2006-11-02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])

[2007-06-13 22:47:12 | 00,048,256 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\System32\drivers\jraid.sys -- (JRAID [Disabled | Stopped])

[2007-11-03 15:48:41 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])

[2006-11-02 09:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])

[2006-11-02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])

[2006-11-02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])

[2006-11-02 09:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])

[2006-11-02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])

[2008-06-30 18:39:02 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])

[2006-11-02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])

[2007-11-03 15:12:01 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])

[2006-11-02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])

[2008-08-27 01:48:36 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])

[2008-06-30 18:24:14 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])

[2007-11-03 15:51:55 | 00,028,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])

[2006-11-02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])

[2007-11-03 15:21:30 | 00,016,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [boot | Running])

[2006-11-02 10:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])

[2007-11-03 15:09:01 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])

[2006-11-02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])

[2006-11-02 09:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [system | Running])

[2006-11-02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])

[2006-11-02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [boot | Running])

[2007-07-02 16:37:10 | 00,131,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32 [Disabled | Stopped])

[2006-11-02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])

[2007-07-02 16:37:08 | 00,110,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32 [Disabled | Stopped])

[2007-11-03 15:21:30 | 00,109,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])

[2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot [boot | Running])

[2006-11-02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])

[2007-11-03 15:27:27 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [system | Running])

[2006-11-02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])

[2006-11-02 13:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])

[2007-02-02 15:09:42 | 02,385,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Running])

[2006-11-02 10:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [system | Running])

[2006-11-02 09:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])

[2007-01-15 22:28:20 | 00,070,144 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Running])

[2007-12-10 14:22:14 | 00,083,880 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus [On_Demand | Stopped])

[2007-12-10 14:22:18 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl [On_Demand | Stopped])

[2007-12-10 14:22:18 | 00,110,632 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm [On_Demand | Stopped])

[2007-12-10 14:22:20 | 00,104,616 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt [On_Demand | Stopped])

[2007-12-10 14:22:20 | 00,025,512 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5 [On_Demand | Stopped])

[2007-12-10 14:22:22 | 00,100,648 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex [On_Demand | Stopped])

[2007-12-10 14:22:22 | 00,110,120 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic [On_Demand | Stopped])

[2006-11-02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])

[2006-11-02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

[2008-06-30 18:34:08 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])

[2007-11-03 15:40:43 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])

[2007-11-03 15:40:43 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])

[2007-11-03 15:40:43 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])

[2007-11-03 15:21:29 | 00,055,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])

[2006-11-02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])

[2006-11-02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])

[2007-11-03 14:14:47 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [system | Running])

[2006-11-22 17:35:00 | 00,982,272 | ---- | M] (Motorola Inc.) -- C:\Windows\System32\drivers\smserial.sys -- (smserial [On_Demand | Running])

[2006-11-02 10:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [boot | Running])

[2008-06-30 18:24:14 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])

[2008-06-30 18:24:14 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])

[2006-11-02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])

[2006-11-02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])

[2006-11-02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])

[2006-11-02 09:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])

[2007-11-03 15:20:50 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [system | Running])

[2006-11-02 10:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])

[2007-11-03 15:11:59 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])

[2007-11-03 15:12:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])

[2006-11-02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])

[2007-11-03 15:21:30 | 00,061,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])

[2006-11-02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])

[2006-11-02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])

[2007-11-03 15:09:22 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])

[2006-11-02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])

[2006-11-02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])

[2006-11-02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])

[2007-11-03 15:51:56 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])

[2006-11-08 14:23:52 | 00,102,912 | ---- | M] (VIA Technologies inc,.ltd) -- C:\Windows\System32\drivers\viamraid.sys -- (viamraid [Disabled | Stopped])

[2007-11-03 15:21:30 | 00,052,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [boot | Running])

[2006-11-02 10:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [boot | Running])

[2006-11-02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [boot | Running])

[2006-11-02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])

[2006-11-02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])

[2008-06-30 18:34:08 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [boot | Running])

[2007-11-03 15:50:56 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])

[2006-11-02 09:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Search Page"=http://www.google.com

"Start Page"=about:blank

"StartPageCache"=

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Search Page"=http://www.google.com

"Start Page"=about:blank

"StartPageCache"=

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

::1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found

{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program\AVG\AVG8\avgssie.dll File not found

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre1.6.0_07\bin\ssv.dll File not found

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File not found

"recinfo"=RecInfo.exe File not found

"recinfo630"=c:\RecInfo\RecInfo.exe ()

"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)

"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe File not found

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" File not found

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" File not found

"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

""= File not found

"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

"fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe 20081201 (Fujitsu Siemens Computers)

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

""= File not found

"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

"fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe 20081201 (Fujitsu Siemens Computers)

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"ConsentPromptBehaviorAdmin"=2

"ConsentPromptBehaviorUser"=1

"EnableInstallerDetection"=1

"EnableLUA"=1

"EnableSecureUIAPaths"=1

"EnableVirtualization"=1

"PromptOnSecureDesktop"=1

"ValidateAdminCodeSignatures"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"scforceoption"=0

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]

"CF_TEXT"=1

"CF_BITMAP"=2

"CF_OEMTEXT"=7

"CF_DIB"=8

"CF_PALETTE"=9

"CF_UNICODETEXT"=13

"CF_DIBV5"=17

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&Winamp Search: C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [2008-03-19 23:21:40 | 00,000,748 | ---- | M] ()

&Windows Live Search: C:\Program\Windows Live Toolbar\msntb.dll File not found

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\MenuExt\]

&Winamp Search: C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [2008-03-19 23:21:40 | 00,000,748 | ---- | M] ()

&Windows Live Search: C:\Program\Windows Live Toolbar\msntb.dll File not found

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE File not found

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %SystemDrive%\Program\Java\jre1.6.0_07\bin\npjpi160_07.dll File not found

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Skicka till OneNote -- %SystemDrive%\Program\Microsoft Office\Office12\ONBttnIE.dll File not found

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: Ski&cka till OneNote -- %SystemDrive%\Program\Microsoft Office\Office12\ONBttnIE.dll File not found

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\Program\Microsoft Office\Office12\REFIEBAR.DLL File not found

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

2 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

2 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222875395496&h=55db7142213222cf2c1a62926115f3d3/&filename=jinstall-6u7-windows-i586-jc.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab -- Java Plug-in 1.6.0_06

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

 

========== (O17) DNS Name Servers ==========

 

{51779A28-0EAB-4735-A9B8-D8B696FE7AF4} (Servers: | Description: Sony Ericsson Device 3017 USB Ethernet Emulation (NDIS 5))

{A0167B27-407D-4468-A8D6-9AC52D50C0E2} (Servers: | Description: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0))

{BCE38CED-9B9D-420F-BDFB-ECE774217468} (Servers: | Description: Atheros AR5007EG Wireless Network Adapter)

 

========== (O20) AppInit_DLLs ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=avgrsstx.dll

>[2008-07-29 20:11:31 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

 

========== HKLM *SecurityProviders* ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]

"SecurityProviders"=credssp.dll

>[2006-11-02 10:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

 

========== LSA *Security Packages* ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,

>[2006-11-02 10:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

autoexec.bat [REM Dummy file for NTVDM | ]

[2006-09-18 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67a65da9-6892-11dd-9432-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67a65da9-6892-11dd-9432-00030d815e4c}\Shell\AutoRun\command]

""=G:\LaunchU3.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f81-5d9d-11dd-9a25-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f81-5d9d-11dd-9a25-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f83-5d9d-11dd-9a25-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f83-5d9d-11dd-9a25-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e010-58d4-11dd-a7a4-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e010-58d4-11dd-a7a4-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e028-58d4-11dd-a7a4-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e028-58d4-11dd-a7a4-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2008-12-03 22:16:09 | 00,003,132 | ---- | C] () -- C:\Windows\System32\tmp.reg

[2008-12-03 22:15:49 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe

[2008-12-03 22:15:49 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe

[2008-12-03 22:15:49 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe

[2008-12-03 22:15:49 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe

[2008-12-03 22:15:46 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe

[2008-12-03 22:15:46 | 00,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe

[2008-12-03 22:15:45 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe

[2008-12-03 22:15:42 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe

[2008-12-03 22:15:40 | 00,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe

[2008-12-03 22:15:40 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe

[2008-12-03 22:15:40 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe

[2008-12-03 22:15:40 | 00,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe

[2008-12-03 22:15:40 | 00,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe

[2008-12-03 21:04:45 | 01,582,379 | ---- | C] () -- C:\Users\Karin\Desktop\SmitfraudFix.exe

[2008-12-03 20:59:42 | 00,000,000 | ---D | C] -- C:\Users\Karin\Desktop\SmitfraudFix

[2008-12-03 20:34:30 | 00,000,139 | ---- | C] () -- C:\Users\Karin\Desktop\eforum.url

[2008-12-03 19:36:36 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes

[2008-12-03 19:36:34 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2008-12-03 19:36:34 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-03 19:36:32 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2008-12-03 19:36:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2008-12-03 19:36:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008-12-03 18:20:05 | 00,001,880 | ---- | C] () -- C:\Users\Karin\Desktop\HijackThis.lnk

[2008-12-03 18:20:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2008-12-03 17:03:15 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys

[2008-12-03 17:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008-12-02 21:58:29 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Mozilla

[2008-12-02 21:58:29 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Mozilla

[2008-12-02 21:57:10 | 00,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2008-12-02 21:57:02 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2008-12-02 21:27:05 | 00,000,136 | ---- | C] () -- C:\Users\Karin\Documents\My Documents.url

[2008-12-02 21:26:42 | 00,000,000 | -HSD | C] -- C:\Windows\System32\6EB156CCD506E37A

[2008-11-26 15:03:32 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2008-11-26 15:03:32 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll

[2008-11-26 15:03:32 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll

[2008-11-26 15:03:29 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll

[2008-11-26 15:03:29 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2008-11-26 15:03:29 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2008-11-26 15:03:26 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll

[2008-11-21 18:20:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Last.fm

[2008-11-21 18:19:25 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Last.fm

[2008-11-21 18:19:24 | 00,000,739 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk

[2008-11-21 18:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\Last.fm

[2008-11-21 17:24:28 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll

[2008-11-21 17:24:28 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2008-11-21 17:24:28 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe

[2008-11-21 17:24:28 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2008-11-21 17:23:59 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2008-11-21 17:23:59 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2008-11-21 17:23:59 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2008-11-21 17:23:46 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2008-11-21 17:23:46 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2008-11-13 17:34:40 | 00,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys

[2008-11-13 17:34:36 | 01,194,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll

[2008-11-13 17:34:36 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2008-11-13 17:34:31 | 01,341,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll

[2008-11-13 17:34:31 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll

[2008-11-08 17:05:06 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Sony Ericsson

[2008-11-08 17:03:46 | 00,000,000 | ---D | C] -- C:\Program Files\Avanquest update

[2008-11-08 16:25:33 | 00,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 3.2.lnk

[2008-11-08 16:25:26 | 00,110,120 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017unic.sys

[2008-11-08 16:25:26 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017whnt.sys

[2008-11-08 16:25:26 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017wh.sys

[2008-11-08 16:25:25 | 00,110,632 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mdm.sys

[2008-11-08 16:25:25 | 00,104,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mgmt.sys

[2008-11-08 16:25:25 | 00,100,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017obex.sys

[2008-11-08 16:25:25 | 00,083,880 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017bus.sys

[2008-11-08 16:25:25 | 00,025,512 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017nd5.sys

[2008-11-08 16:25:25 | 00,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mdfl.sys

[2008-11-08 16:25:25 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017cmnt.sys

[2008-11-08 16:25:25 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017cm.sys

[2008-11-08 16:25:25 | 00,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017cr.sys

[2008-11-08 16:24:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson

[2008-11-08 16:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

[2008-11-08 16:24:24 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\InstallShield

 

========== Files - Modified Within 30 Days ==========

 

[2008-12-03 22:17:35 | 01,258,162 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2008-12-03 22:17:35 | 00,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2008-12-03 22:17:35 | 00,472,414 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2008-12-03 22:17:35 | 00,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2008-12-03 22:17:35 | 00,081,514 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2008-12-03 22:16:09 | 00,003,132 | ---- | M] () -- C:\Windows\System32\tmp.reg

[2008-12-03 22:12:49 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2008-12-03 22:12:49 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2008-12-03 22:12:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2008-12-03 22:12:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2008-12-03 22:12:19 | 20,112,83456 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-03 21:56:48 | 01,836,585 | -H-- | M] () -- C:\Users\Karin\AppData\Local\IconCache.db

[2008-12-03 21:32:12 | 00,000,536 | ---- | M] () -- C:\Users\Karin\Documents\Mina delade mappar.lnk

[2008-12-03 21:04:59 | 01,582,379 | ---- | M] () -- C:\Users\Karin\Desktop\SmitfraudFix.exe

[2008-12-03 20:59:00 | 00,000,254 | ---- | M] () -- C:\Windows\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

[2008-12-03 20:39:03 | 30,533,510 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2008-12-03 20:34:43 | 00,000,139 | ---- | M] () -- C:\Users\Karin\Desktop\eforum.url

[2008-12-03 19:36:34 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-03 18:20:05 | 00,001,880 | ---- | M] () -- C:\Users\Karin\Desktop\HijackThis.lnk

[2008-12-03 16:58:53 | 00,077,431 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg

[2008-12-02 21:57:10 | 00,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2008-12-02 21:27:05 | 00,000,136 | ---- | M] () -- C:\Users\Karin\Documents\My Documents.url

[2008-12-02 20:27:24 | 00,051,712 | ---- | M] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-11-29 17:58:21 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe

[2008-11-29 17:58:21 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe

[2008-11-21 18:19:24 | 00,000,739 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk

[2008-11-15 14:27:38 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 3.2.lnk

[2008-11-08 18:52:01 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2008-11-07 20:19:57 | 00,334,743 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg

[2008-11-04 01:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

< End of report >

[/log]

 

Link to comment
Share on other sites

Om jag skulle upp fem så skulle jag redan ha gått och lagt mig för länge sen. ;)

 

Avinstallera Java™ 6 Update 6 för den innehåller säkerhetshål.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Vad finns i mappen C:\Windows\System32\6EB156CCD506E37A ?

 

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

1.C7483456-A289-439d-8115-601632D005A0

C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

 

Link to comment
Share on other sites

Hej! =) jag har gjort allt du skrev om, MEN: mappen C:\Windows\System32\6EB156CCD506E37A går inte att öppna. Jag misstänker att det är den som är boven i dramat. Den är skuggad i Utforskaren. Jag gjorde en scan på virustotal på filnamnet C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

1.C7483456-A289-439d-8115-601632D005A0, men det står att jag använder filen när jag försöker browsa in den i virustotal, om jag klistrar in den enligt din anvisning står det att filen inte kan hittas.

Filnamnet C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini fungerade dock och här är loggen:

 

[log]Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.12.4.0 2008.12.03 -

AntiVir 7.9.0.36 2008.12.03 -

Authentium 5.1.0.4 2008.12.04 -

Avast 4.8.1281.0 2008.12.03 -

AVG 8.0.0.199 2008.12.03 -

BitDefender 7.2 2008.12.04 -

CAT-QuickHeal 10.00 2008.12.04 -

ClamAV 0.94.1 2008.12.04 -

DrWeb 4.44.0.09170 2008.12.04 -

eSafe 7.0.17.0 2008.12.03 -

eTrust-Vet 31.6.6242 2008.12.04 -

Ewido 4.0 2008.12.03 -

F-Prot 4.4.4.56 2008.12.03 -

F-Secure 8.0.14332.0 2008.12.04 -

Fortinet 3.117.0.0 2008.12.04 -

GData 19 2008.12.04 -

Ikarus T3.1.1.45.0 2008.12.04 -

K7AntiVirus 7.10.541 2008.12.03 -

Kaspersky 7.0.0.125 2008.12.04 -

McAfee 5453 2008.12.03 -

McAfee+Artemis 5453 2008.12.03 -

Microsoft 1.4205 2008.12.04 -

NOD32 3662 2008.12.03 -

Norman 5.80.02 2008.12.03 -

Panda 9.0.0.4 2008.12.03 -

PCTools 4.4.2.0 2008.12.03 -

Prevx1 V2 2008.12.04 -

Rising 21.06.30.00 2008.12.04 -

SecureWeb-Gateway 6.7.6 2008.12.03 -

Sophos 4.36.0 2008.12.04 -

Sunbelt 3.1.1832.2 2008.12.01 -

Symantec 10 2008.12.04 -

TheHacker 6.3.1.2.174 2008.12.04 -

TrendMicro 8.700.0.1004 2008.12.04 -

VBA32 3.12.8.10 2008.12.03 -

ViRobot 2008.12.4.1499 2008.12.04 -

VirusBuster 4.5.11.0 2008.12.03 -

[/log]

 

Vad gör jag nu?

 

Link to comment
Share on other sites

Kolla att det inte blir något mellanrum mellan 2P- och 1. när du klistrar in det, radbrytningen här i forumet kan ställa till det.

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

 

Ladda ner DirLook från en av dessa länkar:

http://jpshortstuff.247fixes.com/DirLook.exe

http://images.malwareremoval.com/jpshortstuff/DirLook.exe

 

Högerklicka på filen och välj Kör som administratör för att köra den.

Kontrollera att det är bockar för Show Hidden Files/Folders och BBCode Ouput.

 

Kopiera raden i rutan (använd markera kod)

C:\Windows\System32\6EB156CCD506E37A

och klistra in i det stora textfältet i DirLook.

Tryck på knappen DirLook för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som C:\dl_log.txt.

 

 

[inlägget ändrat 2008-12-04 09:24:38 av Cecilia]

Link to comment
Share on other sites

jag testade igen med filnamet på virustotal, men det blev samma igen, den kan inte hitta filen. En helt vit ruta kommer upp med texten: 0 bytes size received.

 

Loggen på Dirlook verkar göra samma sak:

 

[log]DirLook.exe v2.0 by jpshortstuff

Log created at 11:03 on 04/12/2008

==================================

Contents of "C:\Windows\System32\6EB156CCD506E37A"

No files/folders found.

 

==================================

=EOF=[/log]

 

 

Link to comment
Share on other sites

Jag antar att det betyder att mappen och filen kan betraktas som skadliga. Men för säkerhets skull så bränn den här reparationsskivan varifrån det går att göra en systemåterställning om något går snett.

http://neosmart.net/blog/2008/download-windows-vista-x64-recovery-disc/

Den är inte till för att göra en total återställning av datorn utan det är en skiva med olika reparationsverktyg, t ex systemåterställning.

 

Link to comment
Share on other sites

tack för all din hjälp! =) det är verkligen guld värt! dator fungerar iallafall mycket bättre nu!

en sista fråga: bör jag göra en systemåterställning med skivan du gav mig redan nu? eller ska jag vänta tills det börjar hända konstiga saker? =)

 

 

Link to comment
Share on other sites

Inte nu, utan om det händer något när en fil tas bort så att Windows inte startar. Eftersom det inte går att undersöka dessa konstiga filer något närmare så vet jag ju inget om vad de kan orsaka.

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Link to comment
Share on other sites

hej!=) ursäkta mitt långsamma svar!

Jo, jag har ju mobilt bredband som jag använder mig ibland, och jag vill ju gärna kunna fortsätta göra det, så frågan är, ska jag köra ComboFix ändå?

Ett alternativ kanske kan vara att köra ComboFix i felsäkert läge för att se om den hittar något, och sedan avinstallera det när jag skannat färdigt?

Jag märker ju inte av några problem med datorn längre, men det garanterar ju tyvärr inte att den är helt "frisk". what to do?

 

Link to comment
Share on other sites

Ta den här skanningen i så fall.

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

Link to comment
Share on other sites

körde OTViewIt som du sa. Den första loggen kommer här:

[log]OTViewIt logfile created on: 2008-12-07 15:16:07 - Run 3

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNXXIH2E

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16757)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,87 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 64,61% Memory free

3,98 Gb Paging File | 3,18 Gb Available in Paging File | 79,89% Paging File free

Paging file location(s): ?:\pagefile.sys;

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 92,21 Gb Total Space | 14,88 Gb Free Space | 16,13% Space Free | Partition Type: NTFS

Drive D: | 45,12 Gb Total Space | 31,99 Gb Free Space | 70,89% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KARINS-DATOR

Current User Name: Karin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2007-11-03 15:11:38 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe

[2006-11-02 10:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe

[2007-02-02 14:59:54 | 00,565,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe

[2007-11-03 14:51:03 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe

[2007-02-02 14:59:54 | 00,565,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe

[2008-08-31 10:49:46 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

[2006-12-08 19:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe

[2006-11-02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe

[2008-07-29 20:11:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgrsx.exe

[2006-11-02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2008-08-31 10:49:45 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgemc.exe

[2007-11-03 14:53:16 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe

[2006-11-02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2007-11-03 14:03:10 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

[2007-04-10 15:01:32 | 04,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2006-11-22 17:31:26 | 00,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[2008-04-01 19:49:42 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

[2008-11-27 10:37:24 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[2006-09-29 18:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

[2006-11-02 13:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe

[2008-06-30 19:23:49 | 00,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[2006-11-02 13:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe

[2006-11-02 10:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe

[2006-11-02 10:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe

[2006-09-29 18:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[2007-10-18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe

[2008-10-02 04:48:32 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe

[2006-11-02 10:44:59 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

[2008-12-07 15:14:25 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNXXIH2E\OTViewIt[1].exe

 

========== (O23) Win32 Services ==========

 

[2007-02-02 14:59:54 | 00,565,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])

File not found -- -- (avg8emc [Auto | Running])

File not found -- -- (avg8wd [Auto | Running])

File not found -- -- (CertPropSvc [unknown | Stopped])

[2006-11-02 07:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

File not found -- -- (DcomLaunch [unknown | Running])

[2006-11-02 13:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])

[2007-11-03 15:27:25 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [unknown | Running])

[2007-11-03 15:32:21 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])

[2006-11-02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

[2006-11-02 13:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2007-11-03 15:05:52 | 00,568,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [unknown | Running])

File not found -- -- (gusvc [On_Demand | Stopped])

[2006-11-02 14:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [unknown | Stopped])

[2006-11-02 13:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

File not found -- -- (NMIndexingService [On_Demand | Stopped])

File not found -- -- (odserv [On_Demand | Stopped])

File not found -- -- (ose [On_Demand | Stopped])

[2006-11-02 10:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [unknown | Stopped])

File not found -- -- (Schedule [unknown | Running])

File not found -- -- (SCPolicySvc [unknown | Stopped])

[2007-11-03 14:51:03 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])

[2006-11-02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])

[2006-12-08 19:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler [Auto | Running])

[2006-11-02 10:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])

File not found -- -- (usnjsvc [On_Demand | Running])

[2006-11-02 10:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])

File not found -- -- (WdiServiceHost [unknown | Stopped])

File not found -- -- (WdiSystemHost [unknown | Running])

File not found -- -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

 

========== Driver Services ==========

 

[2008-12-03 19:59:11 | 00,000,000 | -HSD | M] -- C:\Windows\System32\6EB156CCD506E37A -- (6EB156CCD506E37A [Auto | Running])

[2006-11-02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])

[2006-11-02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])

[2006-11-02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

[2006-11-02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])

[2007-11-03 15:51:55 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])

[2007-11-03 15:21:31 | 00,057,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])

[2007-11-03 15:51:56 | 00,018,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])

[2006-11-02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])

[2006-11-02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])

[2006-11-02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])

[2007-02-01 10:55:10 | 00,690,176 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr [On_Demand | Running])

[2008-08-31 10:49:45 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

[2008-07-29 20:11:20 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

[2008-07-29 20:11:28 | 00,069,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys -- (AvgWfpX [On_Demand | Running])

[2006-11-02 09:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])

[2006-11-02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])

[2006-11-02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])

[2006-11-02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])

[2006-11-02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])

[2006-11-02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])

[2006-11-02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

[2006-11-02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])

[2006-11-02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])

[2008-06-30 18:34:10 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [unknown | Running])

[2007-11-03 15:51:55 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])

[2006-11-02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [boot | Running])

[2006-11-02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])

[2006-11-02 09:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [system | Running])

[2007-11-03 15:42:07 | 00,621,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])

[2006-11-02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])

[2007-11-03 15:47:20 | 00,135,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [boot | Running])

[2006-11-02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])

[2006-11-02 10:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [boot | Running])

[2006-11-02 09:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])

[2006-11-02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])

[2006-11-02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])

[2007-11-03 15:18:24 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006-11-02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])

[2006-11-02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])

[2007-08-08 11:07:42 | 00,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])

[2007-07-12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Disabled | Stopped])

[2006-11-02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])

[2006-11-02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])

[2007-04-10 18:05:38 | 01,764,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])

[2006-11-02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])

[2006-11-02 10:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])

[2006-11-02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])

[2006-11-02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])

[2007-06-13 22:47:12 | 00,048,256 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\System32\drivers\jraid.sys -- (JRAID [Disabled | Stopped])

[2007-11-03 15:48:41 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])

[2006-11-02 09:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])

[2006-11-02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])

[2006-11-02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])

[2006-11-02 09:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])

[2006-11-02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])

[2008-06-30 18:39:02 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])

[2006-11-02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])

[2007-11-03 15:12:01 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])

[2006-11-02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])

[2008-08-27 01:48:36 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])

[2008-06-30 18:24:14 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])

[2007-11-03 15:51:55 | 00,028,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])

[2006-11-02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])

[2007-11-03 15:21:30 | 00,016,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [boot | Running])

[2006-11-02 10:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])

[2007-11-03 15:09:01 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])

[2006-11-02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])

[2006-11-02 09:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [system | Running])

[2006-11-02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])

[2006-11-02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [boot | Running])

[2007-07-02 16:37:10 | 00,131,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32 [Disabled | Stopped])

[2006-11-02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])

[2007-07-02 16:37:08 | 00,110,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32 [Disabled | Stopped])

[2007-11-03 15:21:30 | 00,109,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])

[2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot [boot | Running])

[2006-11-02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])

[2007-11-03 15:27:27 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [system | Running])

[2006-11-02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])

[2006-11-02 13:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])

[2007-02-02 15:09:42 | 02,385,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Running])

[2006-11-02 10:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [system | Running])

[2006-11-02 09:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])

[2007-01-15 22:28:20 | 00,070,144 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Running])

[2007-12-10 14:22:14 | 00,083,880 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus [On_Demand | Stopped])

[2007-12-10 14:22:18 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl [On_Demand | Stopped])

[2007-12-10 14:22:18 | 00,110,632 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm [On_Demand | Stopped])

[2007-12-10 14:22:20 | 00,104,616 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt [On_Demand | Stopped])

[2007-12-10 14:22:20 | 00,025,512 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5 [On_Demand | Stopped])

[2007-12-10 14:22:22 | 00,100,648 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex [On_Demand | Stopped])

[2007-12-10 14:22:22 | 00,110,120 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic [On_Demand | Stopped])

[2006-11-02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])

[2006-11-02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

[2008-06-30 18:34:08 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])

[2007-11-03 15:40:43 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])

[2007-11-03 15:40:43 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])

[2007-11-03 15:40:43 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])

[2007-11-03 15:21:29 | 00,055,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])

[2006-11-02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])

[2006-11-02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])

[2007-11-03 14:14:47 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [system | Running])

[2006-11-22 17:35:00 | 00,982,272 | ---- | M] (Motorola Inc.) -- C:\Windows\System32\drivers\smserial.sys -- (smserial [On_Demand | Running])

[2006-11-02 10:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [boot | Running])

[2008-06-30 18:24:14 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])

[2008-06-30 18:24:14 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])

[2006-11-02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])

[2006-11-02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])

[2006-11-02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])

[2006-11-02 09:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])

[2007-11-03 15:20:50 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [system | Running])

[2006-11-02 10:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])

[2007-11-03 15:11:59 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])

[2007-11-03 15:12:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])

[2006-11-02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])

[2007-11-03 15:21:30 | 00,061,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])

[2006-11-02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])

[2006-11-02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])

[2007-11-03 15:09:22 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])

[2006-11-02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])

[2006-11-02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])

[2006-11-02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])

[2007-11-03 15:51:56 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])

[2006-11-08 14:23:52 | 00,102,912 | ---- | M] (VIA Technologies inc,.ltd) -- C:\Windows\System32\drivers\viamraid.sys -- (viamraid [Disabled | Stopped])

[2007-11-03 15:21:30 | 00,052,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [boot | Running])

[2006-11-02 10:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [boot | Running])

[2006-11-02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [boot | Running])

[2006-11-02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])

[2006-11-02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])

[2008-06-30 18:34:08 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [boot | Running])

[2007-11-03 15:50:56 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])

[2006-11-02 09:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Search Page"=http://www.google.com

"Start Page"=about:blank

"StartPageCache"=

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Search Page"=http://www.google.com

"Start Page"=about:blank

"StartPageCache"=

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

::1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found

{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program\AVG\AVG8\avgssie.dll File not found

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre1.6.0_07\bin\ssv.dll File not found

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File not found

"recinfo"=RecInfo.exe File not found

"recinfo630"=c:\RecInfo\RecInfo.exe ()

"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)

"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe File not found

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" File not found

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" File not found

"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

""= File not found

"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

"fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe 20081201 (Fujitsu Siemens Computers)

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

""= File not found

"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

"fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe 20081201 (Fujitsu Siemens Computers)

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"ConsentPromptBehaviorAdmin"=2

"ConsentPromptBehaviorUser"=1

"EnableInstallerDetection"=1

"EnableLUA"=1

"EnableSecureUIAPaths"=1

"EnableVirtualization"=1

"PromptOnSecureDesktop"=1

"ValidateAdminCodeSignatures"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"scforceoption"=0

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]

"CF_TEXT"=1

"CF_BITMAP"=2

"CF_OEMTEXT"=7

"CF_DIB"=8

"CF_PALETTE"=9

"CF_UNICODETEXT"=13

"CF_DIBV5"=17

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&Winamp Search: C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [2008-03-19 23:21:40 | 00,000,748 | ---- | M] ()

&Windows Live Search: C:\Program\Windows Live Toolbar\msntb.dll File not found

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\MenuExt\]

&Winamp Search: C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [2008-03-19 23:21:40 | 00,000,748 | ---- | M] ()

&Windows Live Search: C:\Program\Windows Live Toolbar\msntb.dll File not found

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE File not found

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %SystemDrive%\Program\Java\jre1.6.0_07\bin\npjpi160_07.dll File not found

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Skicka till OneNote -- %SystemDrive%\Program\Microsoft Office\Office12\ONBttnIE.dll File not found

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: Ski&cka till OneNote -- %SystemDrive%\Program\Microsoft Office\Office12\ONBttnIE.dll File not found

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\Program\Microsoft Office\Office12\REFIEBAR.DLL File not found

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

2 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

2 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

 

========== (O17) DNS Name Servers ==========

 

{51779A28-0EAB-4735-A9B8-D8B696FE7AF4} (Servers: | Description: Sony Ericsson Device 3017 USB Ethernet Emulation (NDIS 5))

{A0167B27-407D-4468-A8D6-9AC52D50C0E2} (Servers: | Description: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0))

{BCE38CED-9B9D-420F-BDFB-ECE774217468} (Servers: | Description: Atheros AR5007EG Wireless Network Adapter)

 

========== (O20) AppInit_DLLs ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=avgrsstx.dll

>[2008-07-29 20:11:31 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

 

========== HKLM *SecurityProviders* ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]

"SecurityProviders"=credssp.dll

>[2006-11-02 10:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

 

========== LSA *Security Packages* ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,

>[2006-11-02 10:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

autoexec.bat [REM Dummy file for NTVDM | ]

[2006-09-18 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67a65da9-6892-11dd-9432-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67a65da9-6892-11dd-9432-00030d815e4c}\Shell\AutoRun\command]

""=G:\LaunchU3.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f81-5d9d-11dd-9a25-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f81-5d9d-11dd-9a25-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f83-5d9d-11dd-9a25-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f83-5d9d-11dd-9a25-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e010-58d4-11dd-a7a4-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e010-58d4-11dd-a7a4-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e028-58d4-11dd-a7a4-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e028-58d4-11dd-a7a4-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2008-12-07 15:09:55 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTViewIt.exe.part

[2008-12-07 13:34:43 | 20,112,83456 | -HS- | C] () -- C:\hiberfil.sys

[2008-12-07 12:54:01 | 03,061,078 | ---- | C] () -- C:\Users\Karin\Desktop\ComboFix.exe

[2008-12-07 12:48:03 | 00,001,399 | ---- | C] () -- C:\Users\Karin\Desktop\chkdsk.exe - genväg.lnk

[2008-12-07 12:21:49 | 00,001,763 | ---- | C] () -- C:\Users\Karin\Desktop\DVD Decrypter.lnk

[2008-12-07 12:21:49 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter

[2008-12-04 11:01:21 | 00,199,680 | ---- | C] () -- C:\Users\Karin\Desktop\DirLook.exe

[2008-12-03 22:16:09 | 00,003,132 | ---- | C] () -- C:\Windows\System32\tmp.reg

[2008-12-03 22:15:49 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe

[2008-12-03 22:15:49 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe

[2008-12-03 22:15:49 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe

[2008-12-03 22:15:49 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe

[2008-12-03 22:15:46 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe

[2008-12-03 22:15:46 | 00,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe

[2008-12-03 22:15:45 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe

[2008-12-03 22:15:42 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe

[2008-12-03 22:15:40 | 00,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe

[2008-12-03 22:15:40 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe

[2008-12-03 22:15:40 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe

[2008-12-03 22:15:40 | 00,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe

[2008-12-03 22:15:40 | 00,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe

[2008-12-03 21:04:45 | 01,582,379 | ---- | C] () -- C:\Users\Karin\Desktop\SmitfraudFix.exe

[2008-12-03 20:59:42 | 00,000,000 | ---D | C] -- C:\Users\Karin\Desktop\SmitfraudFix

[2008-12-03 20:34:30 | 00,000,139 | ---- | C] () -- C:\Users\Karin\Desktop\eforum.url

[2008-12-03 19:36:36 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes

[2008-12-03 19:36:34 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2008-12-03 19:36:34 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-03 19:36:32 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2008-12-03 19:36:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2008-12-03 19:36:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008-12-03 18:20:05 | 00,001,880 | ---- | C] () -- C:\Users\Karin\Desktop\HijackThis.lnk

[2008-12-03 18:20:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2008-12-03 17:03:15 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys

[2008-12-03 17:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008-12-02 21:58:29 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Mozilla

[2008-12-02 21:58:29 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Mozilla

[2008-12-02 21:57:10 | 00,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2008-12-02 21:57:02 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2008-12-02 21:27:05 | 00,000,136 | ---- | C] () -- C:\Users\Karin\Documents\My Documents.url

[2008-12-02 21:26:42 | 00,000,000 | -HSD | C] -- C:\Windows\System32\6EB156CCD506E37A

[2008-11-26 15:03:32 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2008-11-26 15:03:32 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll

[2008-11-26 15:03:32 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll

[2008-11-26 15:03:29 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll

[2008-11-26 15:03:29 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2008-11-26 15:03:29 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2008-11-26 15:03:26 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll

[2008-11-21 18:20:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Last.fm

[2008-11-21 18:19:25 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Last.fm

[2008-11-21 18:19:24 | 00,000,739 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk

[2008-11-21 18:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\Last.fm

[2008-11-21 17:24:28 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll

[2008-11-21 17:24:28 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2008-11-21 17:24:28 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe

[2008-11-21 17:24:28 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2008-11-21 17:23:59 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2008-11-21 17:23:59 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2008-11-21 17:23:59 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2008-11-21 17:23:46 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2008-11-21 17:23:46 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2008-11-13 17:34:40 | 00,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys

[2008-11-13 17:34:36 | 01,194,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll

[2008-11-13 17:34:36 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2008-11-13 17:34:31 | 01,341,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll

[2008-11-13 17:34:31 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll

[2008-11-08 17:05:06 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Sony Ericsson

[2008-11-08 17:03:46 | 00,000,000 | ---D | C] -- C:\Program Files\Avanquest update

[2008-11-08 16:25:33 | 00,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 3.2.lnk

[2008-11-08 16:25:26 | 00,110,120 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017unic.sys

[2008-11-08 16:25:26 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017whnt.sys

[2008-11-08 16:25:26 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017wh.sys

[2008-11-08 16:25:25 | 00,110,632 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mdm.sys

[2008-11-08 16:25:25 | 00,104,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mgmt.sys

[2008-11-08 16:25:25 | 00,100,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017obex.sys

[2008-11-08 16:25:25 | 00,083,880 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017bus.sys

[2008-11-08 16:25:25 | 00,025,512 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017nd5.sys

[2008-11-08 16:25:25 | 00,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mdfl.sys

[2008-11-08 16:25:25 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017cmnt.sys

[2008-11-08 16:25:25 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017cm.sys

[2008-11-08 16:25:25 | 00,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017cr.sys

[2008-11-08 16:24:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson

[2008-11-08 16:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

[2008-11-08 16:24:24 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\InstallShield

 

========== Files - Modified Within 30 Days ==========

 

[2008-12-07 15:10:01 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTViewIt.exe.part

[2008-12-07 14:59:00 | 00,000,254 | ---- | M] () -- C:\Windows\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

[2008-12-07 14:38:48 | 00,055,296 | ---- | M] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-07 14:34:58 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2008-12-07 14:34:58 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2008-12-07 14:33:41 | 00,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2008-12-07 14:33:41 | 00,472,414 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2008-12-07 14:33:41 | 00,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2008-12-07 14:33:41 | 00,081,514 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2008-12-07 14:33:40 | 01,258,162 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2008-12-07 14:33:03 | 00,000,536 | ---- | M] () -- C:\Users\Karin\Documents\Mina delade mappar.lnk

[2008-12-07 14:32:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2008-12-07 13:34:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2008-12-07 13:34:43 | 20,112,83456 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-07 12:54:30 | 03,061,078 | ---- | M] () -- C:\Users\Karin\Desktop\ComboFix.exe

[2008-12-07 12:49:32 | 00,001,399 | ---- | M] () -- C:\Users\Karin\Desktop\chkdsk.exe - genväg.lnk

[2008-12-07 12:35:11 | 30,650,695 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2008-12-07 12:21:49 | 00,001,763 | ---- | M] () -- C:\Users\Karin\Desktop\DVD Decrypter.lnk

[2008-12-06 15:15:05 | 00,086,440 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg

[2008-12-04 11:01:22 | 00,199,680 | ---- | M] () -- C:\Users\Karin\Desktop\DirLook.exe

[2008-12-03 22:16:09 | 00,003,132 | ---- | M] () -- C:\Windows\System32\tmp.reg

[2008-12-03 21:04:59 | 01,582,379 | ---- | M] () -- C:\Users\Karin\Desktop\SmitfraudFix.exe

[2008-12-03 20:34:43 | 00,000,139 | ---- | M] () -- C:\Users\Karin\Desktop\eforum.url

[2008-12-03 19:36:34 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-03 18:20:05 | 00,001,880 | ---- | M] () -- C:\Users\Karin\Desktop\HijackThis.lnk

[2008-12-02 21:57:10 | 00,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2008-12-02 21:27:05 | 00,000,136 | ---- | M] () -- C:\Users\Karin\Documents\My Documents.url

[2008-11-29 17:58:21 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe

[2008-11-29 17:58:21 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe

[2008-11-21 18:19:24 | 00,000,739 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk

[2008-11-15 14:27:38 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 3.2.lnk

[2008-11-08 18:52:01 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2008-11-07 20:19:57 | 00,334,743 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg

< End of report >[/log]

 

Och Extras Loggen:

 

[log]OTViewIt Extras logfile created on: 2008-12-07 15:16:07 - Run 3

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNXXIH2E

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16757)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,87 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 64,61% Memory free

3,98 Gb Paging File | 3,18 Gb Available in Paging File | 79,89% Paging File free

Paging file location(s): ?:\pagefile.sys;

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 92,21 Gb Total Space | 14,88 Gb Free Space | 16,13% Space Free | Partition Type: NTFS

Drive D: | 45,12 Gb Total Space | 31,99 Gb Free Space | 70,89% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KARINS-DATOR

Current User Name: Karin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program\Internet Explorer\iexplore.exe File not found

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride"=1

"AntiSpywareOverride"=0

"FirewallOverride"=0

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"DisableNotifications"=0

"EnableFirewall"=1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

 

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols

ldap -- 4 = Restricted sites (Not a Default Protocol)

news -- 4 = Restricted sites (Not a Default Protocol)

nntp -- 4 = Restricted sites (Not a Default Protocol)

oecmd -- 4 = Restricted sites (Not a Default Protocol)

snews -- 4 = Restricted sites (Not a Default Protocol)

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

@ivt -- @ivt protocol not assigned

file -- file protocol not assigned

ftp -- ftp protocol not assigned

http -- http protocol not assigned

https -- https protocol not assigned

shell -- shell protocol not assigned

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

@ivt -- @ivt protocol not assigned

file -- file protocol not assigned

ftp -- ftp protocol not assigned

http -- http protocol not assigned

https -- https protocol not assigned

shell -- shell protocol not assigned

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

File not found C:\Program\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

File not found C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

File not found C:\Program\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

File not found c:\Program\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

File not found C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

File not found C:\Program\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{028741EB-70F5-BF63-EB23-480A7C48F096}"=CCC Help German

"{0343FEB6-43EA-0608-CF1F-6B4D20784AA8}"=Catalyst Control Center Localization Italian

"{03B5882D-D9DB-B950-CBE1-D03DDBFFF458}"=CCC Help Chinese Traditional

"{1B3A67B0-F54D-2F98-763C-B8E309135C38}"=Catalyst Control Center Localization Swedish

"{1F9B00FC-AD74-A45C-3E73-83CF895E9CD0}"=Catalyst Control Center Localization Spanish

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{29F482A1-9828-5830-1F96-798E75CB90EB}"=CCC Help French

"{2B541619-4920-A88A-AEB6-C4E76672B726}"=ccc-utility

"{2C1B58D5-6549-472C-86B7-17BE57186628}"=Microsoft Works

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}"=Sony Ericsson PC Suite 3.209.00

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{32AFDE70-6890-478B-BC92-8F3C76B8A77B}"=Branding

"{37AF3415-B43F-FB0B-124B-4B207657DF66}"=Catalyst Control Center Localization Japanese

"{3E5D1BD1-3451-15A7-D5EB-FB4C1C713C33}"=Catalyst Control Center Localization Chinese Standard

"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}"=Tele2 Mobile Connect

"{3FB83D9B-35B3-44E2-639B-6839332BBB29}"=Catalyst Control Center Localization Portuguese

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}"=ATI Catalyst Install Manager

"{45EA1531-5226-4FC4-9341-8D0C8CEC502F}"=Windows Live Toolbar

"{48FD4CEC-7ED7-5220-2032-E780075764E4}"=CCC Help Japanese

"{587601F9-A917-AE27-263A-0854BE106BE9}"=Catalyst Control Center Localization German

"{625309B9-9853-B259-CA17-DA4838E2D7C6}"=Catalyst Control Center Localization Dutch

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites

"{66E98E51-BFF9-5922-1316-7AF58170CA54}"=Catalyst Control Center Graphics Light

"{71C97813-ADFC-AA48-D24F-17E6CD41B413}"=Skins

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{74EF2D1D-D3A6-3A56-1DD7-56A338BADD29}"=CCC Help Chinese Standard

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}"=Avanquest update

"{787AD427-7FEB-A87C-4C2E-C95610EF345B}"=Catalyst Control Center Core Implementation

"{81CD6232-10F5-4832-B3DA-1B88B1571053}"=Nero 7 Essentials

"{8535028B-D4EE-B929-97A0-354013AE5D94}"=Catalyst Control Center Localization Korean

"{8DE292EC-FA26-4526-BFEB-3EE820E97005}"=OpenOffice.org Installer 1.0

"{90120000-0016-041D-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Swedish) 2007

"{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Swedish) 2007

"{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-041D-0000-0000000FF1CE}"=Microsoft Office Word MUI (Swedish) 2007

"{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040B-0000-0000000FF1CE}"=Microsoft Office Proof (Finnish) 2007

"{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-041D-0000-0000000FF1CE}"=Microsoft Office Proof (Swedish) 2007

"{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-041D-0000-0000000FF1CE}"=Compatibility Pack för Office 2007-systemet

"{90120000-002C-041D-0000-0000000FF1CE}"=Microsoft Office Proofing (Swedish) 2007

"{90120000-006E-041D-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Swedish) 2007

"{90120000-006E-041D-0000-0000000FF1CE}_HOMESTUDENTR_{C41B2E34-C30E-4989-8A9D-6B0805B33EC1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-041D-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Swedish) 2007

"{90120000-00A1-041D-0000-0000000FF1CE}_HOMESTUDENTR_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{9279B0F3-C831-7C50-9F07-73B1219322B6}"=Catalyst Control Center Localization Chinese Traditional

"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}"=FirstSteps Diagnostics

"{94E89EFD-5841-17EA-4F69-37A5DA58A735}"=CCC Help Spanish

"{95120000-00AF-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (Swedish)

"{9A983135-BB9F-6E62-F282-AD76BB9551FE}"=CCC Help English

"{9AE73DF3-2349-A626-AE42-7959D7583E2B}"=Catalyst Control Center Graphics Full Existing

"{A603BB91-F08F-025F-4158-E897DC29D037}"=Catalyst Control Center Localization French

"{AA27D595-32F0-97EB-BC94-1ED22E7444A8}"=CCC Help Portuguese

"{AC76BA86-7AD7-1053-7B44-A81200000003}"=Adobe Reader 8.1.2 - Svenska

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{BAA6BD76-9B5A-4ED3-98BE-0127E8F14541}"=Windows Live Photo Gallery

"{C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57}"=ccc-core-static

"{CCC67B82-CD80-9C07-4C4A-D5B9C7137399}"=CCC Help Italian

"{D2B49278-3321-FFBA-0F7C-127878A9CB5D}"=CCC Help Dutch

"{D723FE60-F9EC-D688-0274-7BF2FF96E80A}"=Catalyst Control Center Graphics Full New

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E1FA2D24-5633-83B3-3C72-FB3749DAF724}"=CCC Help Swedish

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver

"{F5E23357-CDCE-0246-677C-8097DAA6F8C5}"=CCC Help Korean

"{FA2B72B1-B29E-57FB-5AFB-74734AC3442E}"=Catalyst Control Center Graphics Previews Vista

"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites

"ActiveScan 2.0"=Panda ActiveScan 2.0

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin

"ATI Uninstaller"=ATI Uninstaller

"AVG8Uninstall"=AVG Free 8.0

"DJ Music Mixer"=DJ Music Mixer

"DVD Decrypter"=DVD Decrypter (Remove Only)

"eMusic Promotion"=eMusic - 50 Free MP3 offer

"Free RAR Extract Frog 1.00"=Free RAR Extract Frog 1.00

"HijackThis"=HijackThis 2.0.2

"HOMESTUDENTR"=Microsoft Office Home and Student 2007

"LastFM_is1"=Last.fm 1.5.2.38918

"LimeWire"=LimeWire 4.18.3

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)

"SMSERIAL"=Motorola SM56 Data Fax Modem

"Winamp"=Winamp

"Winamp Toolbar"=Winamp Toolbar for Internet Explorer

"Winamp Toolbar for Firefox"=Winamp Toolbar for Firefox

"Windows Live Toolbar"=Windows Live Toolbar

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VideoLAN VLC media player 0.8.6h

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-12-05 08:40:25 | Computer Name = Karins-dator | Source = WerSvc | ID = 5007

Description =

 

Error - 2008-12-05 09:36:26 | Computer Name = Karins-dator | Source = WerSvc | ID = 5007

Description =

 

Error - 2008-12-05 14:04:05 | Computer Name = Karins-dator | Source = WerSvc | ID = 5007

Description =

 

Error - 2008-12-05 16:36:15 | Computer Name = Karins-dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet nero.exe, version 7.5.13.2, tidsstämpel

0x45a7d219, felet uppstod i modulen unknown, version 0.0.0.0, tidsstämpel 0x00000000,

undantagskod 0xc0000005, felförskjutning 0xa1d482f7, process-ID 0x1294, programmets

starttid 0x01c957191af7b7f7.

 

Error - 2008-12-05 16:36:46 | Computer Name = Karins-dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet nero.exe, version 7.5.13.2, tidsstämpel

0x45a7d219, felet uppstod i modulen unknown, version 0.0.0.0, tidsstämpel 0x00000000,

undantagskod 0xc0000005, felförskjutning 0x2e5b0d78, process-ID 0x17b0, programmets

starttid 0x01c957192d490cb7.

 

Error - 2008-12-06 10:13:28 | Computer Name = Karins-dator | Source = WerSvc | ID = 5007

Description =

 

Error - 2008-12-07 07:06:09 | Computer Name = Karins-dator | Source = WerSvc | ID = 5007

Description =

 

Error - 2008-12-07 08:27:37 | Computer Name = Karins-dator | Source = EventSystem | ID = 4621

Description =

 

Error - 2008-12-07 08:29:39 | Computer Name = Karins-dator | Source = EventSystem | ID = 4609

Description =

 

Error - 2008-12-07 08:35:02 | Computer Name = Karins-dator | Source = WerSvc | ID = 5007

Description =

 

[ System Events ]

Error - 2008-12-07 08:30:18 | Computer Name = Karins-dator | Source = Service Control Manager | ID = 7001

Description =

 

Error - 2008-12-07 08:30:18 | Computer Name = Karins-dator | Source = Service Control Manager | ID = 7001

Description =

 

Error - 2008-12-07 08:30:18 | Computer Name = Karins-dator | Source = Service Control Manager | ID = 7001

Description =

 

Error - 2008-12-07 08:30:18 | Computer Name = Karins-dator | Source = Service Control Manager | ID = 7001

Description =

 

Error - 2008-12-07 08:30:18 | Computer Name = Karins-dator | Source = Service Control Manager | ID = 7001

Description =

 

Error - 2008-12-07 08:30:18 | Computer Name = Karins-dator | Source = Service Control Manager | ID = 7026

Description =

 

Error - 2008-12-07 08:30:18 | Computer Name = Karins-dator | Source = Service Control Manager | ID = 7001

Description =

 

Error - 2008-12-07 08:30:18 | Computer Name = Karins-dator | Source = Service Control Manager | ID = 7001

Description =

 

Error - 2008-12-07 08:30:18 | Computer Name = Karins-dator | Source = Service Control Manager | ID = 7001

Description =

 

Error - 2008-12-07 08:30:25 | Computer Name = Karins-dator | Source = Service Control Manager | ID = 7001

Description =

 

 

< End of report >[/log]

 

Link to comment
Share on other sites

Ladda ner OTMoveIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Starta programmet

Kopiera alla dessa rader (använd markera kod):

:Services
6EB156CCD506E37A

:Folders
C:\Windows\System32\6EB156CCD506E37A

:Files
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

Klistra in dem i rutan Paste Instructions for Items to be Moved

Se till att det efter raden :Files bara finns två rader så att det inte har kommit in några extra radbrytningar mitt i filnamnen när de är så långa.

Tryck på MoveIt!

Om du blir tillfrågad om att starta om datorn så gör det.

Gå till mappen c:\_OTMoveIt\MovedFiles och öppna loggfilen som skapades med dagens datum och klockslag. Kopiera innehållet och klistra in här liksom en ny OTViewIt-logg.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.




×
×
  • Create New...