Just nu i M3-nätverket
Jump to content

Trojan upptäckt, "winupd.exe"


Tomahawk203

Recommended Posts

Tomahawk203

Hej!

Det är så att jag har läst runt på nätet om det här så kallade trojanet winupd.exe

När jag trycker upp aktivitetshanteraren -> processer så ser jag att winupd.exe är igång. Den privata arbetsminnet brukar ligga på 250 000 - 800 000 kb. Varenda gång jag stänger av den via aktivitetshanteraren går den igång själv automatiskt. Jag har sökt runt på internet efter lösningar men eftersom min engelska inte är så duktig klarar jag inte detta själv. Jag har försökt ta bort lite saker på regedit som Nortons hemsida sade att man kunde göra men det var inte så hjälpsamt. Det finns vissa program man kan köpa för att kunna laga det här men jag vill inte slänga ut 25 euro på just ett problem. Jag trodde till en början att det var något med Windows update att göra så jag stängde av den men det var inte problemet. Så jag hoppas att med er kunskap kunna hjälpa mig få bort den här jobbiga "winupd.exe

Link to comment
Share on other sites

winupd.exe är ett filnamn som används av många olika sorters skadliga program så man kan inte bara utgå från det för att veta vad för åtgärder som behövs.

 

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

Jag har försökt ta bort lite saker på regedit som Nortons hemsida
Har du en länk till den sidan?

 

Det finns vissa program man kan köpa för att kunna laga det här men jag vill inte slänga ut 25 euro på just ett problem.
Det finns många falska program som man råkar på om man bara googlar.
Link to comment
Share on other sites

Om det nu skulle vara någon av de två skadliga programmen som Symantec listar så syns det i DDS-loggen.

Link to comment
Share on other sites

Tomahawk203

DDS (Ver_10-03-17.01) - NTFSx86

Run by anton at 11:30:20,22 on 2010-07-10

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2046.705 [GMT 2:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\System32\svchost.exe -k Cognizance

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program Files\Norton 360\Engine\3.5.0.15\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\anton\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Norton 360\Engine\3.5.0.15\ccSvcHst.exe

C:\Windows\System32\mobsync.exe

C:\Users\anton\AppData\Roaming\hwreg.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\anton\AppData\Roaming\Microsoft\Windows\Templates\winupd.exe

C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Users\anton\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.0.15\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.0.15\IPSBHO.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - c:\program files\easy gif animator extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll

TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - c:\program files\easy gif animator extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.0.15\coIEPlg.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Google Update] "c:\users\anton\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Windows Update] c:\users\anton\appdata\roaming\microsoft\windows\templates\winupd.exe

uRunOnce: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {E6073F93-9541-4be4-9800-109D378EB99B} - c:\microgaming\poker\nordicbetmpp\MPPoker.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: {E031D239-883B-4683-85F6-262CD7D4855A} = 148.160.16.66,148.160.16.67

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.0.15\CoIEPlg.dll

AppInit_DLLs: APSHook.dll

LSA: Notification Packages = scecli ASWLNPkg

uASetup: {b60e406s1i-57u71ltr0x-ts6w2q507t-e641mty1c9} - c:\users\anton\appdata\roaming\microsoft\windows\templates\winupd.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\anton\appdata\roaming\mozilla\firefox\profiles\dwn4gpks.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\users\anton\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\users\anton\appdata\roaming\mozilla\firefox\profiles\dwn4gpks.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305000.00f\SymEFA.sys [2010-5-29 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305000.00f\BHDrvx86.sys [2010-5-29 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305000.00f\cchpx86.sys [2010-5-29 482352]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100709.001\IDSvix86.sys [2010-7-10 344112]

R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-10-20 21504]

R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-10-20 21504]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-30 102448]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0305000.00f\symndisv.sys [2010-5-29 48688]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-20 21504]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

 

=============== Created Last 30 ================

 

2010-07-09 20:10:51 0 d-----w- c:\users\anton\appdata\roaming\Uniblue

2010-07-09 20:10:32 0 d-----w- c:\program files\Uniblue

2010-07-09 18:35:22 81920 ----a-w- c:\windows\eSellerateControl350.dll

2010-07-09 18:35:22 356352 ----a-w- c:\windows\eSellerateEngine.dll

2010-07-09 18:35:16 0 d-----w- c:\program files\RADO Removal Tool

2010-07-09 18:28:58 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-07-09 18:28:58 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-07-09 11:52:39 0 d-----w- c:\program files\Spyware Doctor

2010-07-09 11:52:39 0 d-----w- c:\program files\common files\PC Tools

2010-07-09 11:52:24 0 d---a-w- c:\programdata\TEMP

2010-07-09 11:29:07 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-07-09 10:42:37 0 d-----w- c:\users\anton\appdata\roaming\MAGIX

2010-07-09 10:42:26 111 ----a-w- c:\windows\installation.ini

2010-07-09 10:40:22 0 d-----w- c:\programdata\MAGIX

2010-07-09 10:40:09 0 d-----w- c:\program files\MAGIX

2010-07-09 10:40:08 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll

2010-07-09 10:38:35 0 d-----w- c:\program files\common files\MAGIX Services

2010-06-24 01:03:25 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-24 01:03:23 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-24 01:03:23 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-24 01:03:23 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-24 01:03:22 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 12:15:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-23 12:15:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-20 16:48:13 0 d-----w- c:\users\anton\P5JavaClientSettings

2010-06-19 18:13:52 0 d-----w- c:\program files\iPod

2010-06-19 18:13:47 0 d-----w- c:\program files\iTunes

2010-06-19 17:36:36 0 d-----r- c:\program files\Norton Support

2010-06-19 17:33:09 65536 --sha-w- c:\users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TM.blf

2010-06-19 17:33:09 524288 --sha-w- c:\users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000002.regtrans-ms

2010-06-19 17:33:09 524288 --sha-w- c:\users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

2010-06-19 11:15:44 0 d-----w- c:\program files\Windows Installer Clean Up

2010-06-19 01:19:15 0 d-----w- c:\program files\Bonjour

2010-06-18 10:11:26 0 d-----w- c:\users\anton\Office Genuine Advantage

2010-06-17 16:03:46 0 d-----w- c:\windows\system32\URTTEMP

2010-06-17 13:58:12 0 d-----w- c:\program files\SEGA

2010-06-16 21:29:25 0 d-----w- c:\programdata\Office Genuine Advantage

2010-06-16 07:40:44 0 d-----w- c:\windows\CheckSur

2010-06-11 19:58:55 834048 ----a-w- c:\windows\system32\wininet.dll

2010-06-11 19:58:48 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-11 19:57:54 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-06-11 19:48:43 67072 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-11 19:48:31 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-06-11 19:48:28 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-06-11 16:33:16 0 d-----w- c:\programdata\Birdstep Technology

 

==================== Find3M ====================

 

2010-07-09 11:11:19 164161 ----a-w- c:\users\anton\appdata\roaming\nvModes.dat

2010-07-08 16:23:16 51200 ----a-w- c:\windows\inf\infpub.dat

2010-07-07 10:11:56 5750110 ----a-w- c:\windows\system32\perfh01D.dat

2010-07-07 10:11:55 1965858 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 01:22:51 143360 ----a-w- c:\windows\inf\infstor.dat

2010-06-19 01:22:50 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-05-31 17:41:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-05-29 08:30:36 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-29 08:30:36 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-29 08:30:36 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-29 08:30:14 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2010-05-28 06:47:44 177152 ----a-w- c:\users\anton\appdata\roaming\hwreg.exe

2010-05-21 12:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-18 14:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 14:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-07 15:23:36 224190 --sha-r- c:\users\anton\appdata\roaming\winupd.exe

2010-04-29 10:14:59 75360 ----a-w- c:\windows\fonts\upcei.ttf

2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-19 18:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-12 15:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

2009-11-04 10:56:02 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-11-17 19:36:21 174 --sha-w- c:\program files\desktop.ini

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

 

============= FINISH: 11:36:19,87 ===============

Attach.txt

Link to comment
Share on other sites

Tomahawk203

http://www.virustotal.com/sv/analisis/33528081392194a1252e56dc5807a6deb8fd988c675c3140c09d75ae32fa9c61-1278755571'>http://www.virustotal.com/sv/analisis/33528081392194a1252e56dc5807a6deb8fd988c675c3140c09d75ae32fa9c61-1278755571

 

Här får jag fram resultat från http://www.virustotal.com

Link to comment
Share on other sites

Det är en annan winupd-fil än de som Symantec-länken handlar om.

 

TeaTimer-funktionen i Spybot S&D är väldigt bra, men just nu så kan den störa de nödvändiga förändringarna i registret så du behöver stänga av den. Kom ihåg att sätta på den när datorn är ren men inte förrän dess. Om det då kommer upp frågor om ändringar ska tillåtas så välj att tillåta dem.

 

Högerklicka på TeaTimer-ikonen, ett Windows-fönster med hänglås, vid klockan och välj "Reset lists".

 

Starta Spybot S&D

Välj Advanced i Mode-menyn

Till vänster välj Tools - Resident

Ta bort bocken för TeaTimer

Avsluta programmet.

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

c:\users\anton\appdata\roaming\microsoft\windows\templates\winupd.exe

c:\program files\mozilla firefox\plugins\npganymedenet.dll

 

Vad är det här för program och varifrån har du laddat ner det?

2010-07-09 18:35:16 0 d-----w- c:\program files\RADO Removal Tool

 

winupd-filen ser ut att ha kommit in i datorn för ca två månader sedan och så långt tillbaks i tiden kollar inte DDS så noga utan då behövs ett annat program. Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Ändra "days" från 30 till 90.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

Link to comment
Share on other sites

Tomahawk203

Så, nu har jag bockat av tea timer och stängt av spybot.

 

http://www.virustotal.com/sv/analisis/33528081392194a1252e56dc5807a6deb8fd988c675c3140c09d75ae32fa9c61-1278755571

 

det ovanstående är filen winupd.exe

 

jag hittar tyvärr inte hemsidan där jag laddade ner det här rado removal tool programmet. RADO som jag har läst lite om är en Trojan backdoor och när jag sökte igenom datorn med Rado removal tool fann den några problem däribland "rado trojan", för att fixa det var man tvungen att betala vilket jag inte gjorde.

 

http://www.virustotal.com/sv/analisis/8718a63c5effc98f230934a122cd706583ed0929526dcca4a1a884022c47f532-1236059028

 

det ovanstående är filen c:\program files\mozilla firefox\plugins\npganymedenet.dll

 

 

 

 

 

 

 

OTL logfile created on: 2010-07-10 13:12:32 - Run 1

OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\anton\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 26,00% Memory free

25,00 Gb Paging File | 23,00 Gb Available in Paging File | 91,00% Paging File free

Paging file location(s): c:\pagefile.sys 30000 30000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142,67 Gb Total Space | 26,72 Gb Free Space | 18,73% Space Free | Partition Type: NTFS

Drive D: | 6,38 Gb Total Space | 1,43 Gb Free Space | 22,43% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ANTONTRINH

Current User Name: anton

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 90 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\anton\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Users\anton\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program\Norton 360\Engine\3.5.0.15\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Users\anton\AppData\Roaming\hwreg.exe (Microsoft Corporation)

PRC - C:\Program\Uniblue\RegistryBooster\registrybooster.exe (Uniblue Systems Limited)

PRC - C:\Users\anton\AppData\Roaming\Microsoft\Windows\Templates\winupd.exe ()

PRC - C:\Program\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Program\HP\QuickPlay\Kernel\TV\CLSched.exe ()

PRC - C:\Program\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - c:\Program\Bioscrypt\VeriSoft\Bin\asghost.exe (Cognizance Corporation)

PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

PRC - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\anton\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File not found

SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe File not found

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.5.0.15\ccSvcHst.exe (Symantec Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (WinDefend) -- C:\Program\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

SRV - (ASBroker) -- c:\Program\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (Cognizance Corporation)

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

SRV - (MSCSPTISRV) -- C:\Program\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

SRV - (ASChannel) -- c:\Program\Bioscrypt\VeriSoft\Bin\ASChnl.dll (Cognizance Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)

SRV - (MSSQLServerADHelper) -- C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (GarenaPEngine) -- C:\Users\anton\AppData\Local\Temp\JKOEF20.tmp File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100709.040\NAVEX15.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100709.040\NAVENG.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0305000.00F\SRTSP.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMFW.SYS (Symantec Corporation)

DRV - (SYMNDISV) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMNDISV.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0305000.00F\SRTSPX.SYS (Symantec Corporation)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0305000.00F\ccHPx86.sys (Symantec Corporation)

DRV - (BHDrvx86) -- C:\Windows\system32\drivers\N360\0305000.00F\BHDrvx86.sys (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100709.001\IDSvix86.sys (Symantec Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (usbaudio) USB-ljuddrivrutiner (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-19 20:10:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-19 20:10:29 | 000,000,000 | ---D | M]

 

[2008-10-03 22:37:02 | 000,000,000 | ---D | M] -- C:\Users\anton\AppData\Roaming\mozilla\Extensions

[2010-06-09 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions

[2009-07-27 16:06:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009-10-24 19:46:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2008-12-17 23:24:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009-07-24 00:59:36 | 000,000,000 | ---D | M] -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\firefox@tvunetworks.com

[2010-07-09 11:21:44 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions

[2010-05-02 11:27:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll

[2009-02-03 17:35:38 | 000,120,296 | ---- | M] ( ) -- C:\Program\Mozilla Firefox\plugins\npganymedenet.dll

[2009-03-24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2009-05-24 23:55:16 | 000,001,470 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml

[2009-05-24 23:55:17 | 000,002,670 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml

[2009-05-24 23:55:17 | 000,000,948 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml

[2009-05-24 23:55:17 | 000,001,174 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml

[2009-05-24 23:55:17 | 000,000,647 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2008-09-27 18:04:32 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton 360\Engine\3.5.0.15\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll File not found

O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll File not found

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Windows Update] C:\Users\anton\AppData\Roaming\Microsoft\Windows\Templates\winupd.exe ()

O4 - HKCU..\Run: [WMPNSCFG] C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe File not found

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-04-11 23:05:06 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2005-09-11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O33 - MountPoints2\{16f91879-25ab-11de-a0ea-001b24767d28}\Shell\AutoRun\command - "" = E:\.\Vado\Vado.exe -- File not found

O33 - MountPoints2\{3e0c6c14-d51d-11dd-92d3-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{3e0c6c14-d51d-11dd-92d3-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{3e0c6c16-d51d-11dd-92d3-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{3e0c6c16-d51d-11dd-92d3-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{48e7db30-a4a9-11de-82e1-f33cee7ca331}\Shell - "" = AutoRun

O33 - MountPoints2\{48e7db30-a4a9-11de-82e1-f33cee7ca331}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found

O33 - MountPoints2\{4c306fb8-6258-11de-9cd2-001b24767d28}\Shell - "" = AutoRun

O33 - MountPoints2\{4c306fb8-6258-11de-9cd2-001b24767d28}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{4fea6cb6-a4f4-11de-8a9b-bc1717a2bb4e}\Shell - "" = AutoRun

O33 - MountPoints2\{4fea6cb6-a4f4-11de-8a9b-bc1717a2bb4e}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{5851e22a-025e-11dd-9f55-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{5851e22a-025e-11dd-9f55-001a7385345c}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found

O33 - MountPoints2\{5851e231-025e-11dd-9f55-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{5851e231-025e-11dd-9f55-001a7385345c}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found

O33 - MountPoints2\{6a5ec189-88a7-11de-9590-001b24767d28}\Shell - "" = AutoRun

O33 - MountPoints2\{6a5ec189-88a7-11de-9590-001b24767d28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{6c444325-a71f-11dd-a790-001a6bbafeb0}\Shell - "" = AutoRun

O33 - MountPoints2\{6c444325-a71f-11dd-a790-001a6bbafeb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{6c44433f-a71f-11dd-a790-001a6bbafeb0}\Shell - "" = AutoRun

O33 - MountPoints2\{6c44433f-a71f-11dd-a790-001a6bbafeb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\Shell\AutoRun\command - "" = SYSTEM.EXE

O33 - MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\Shell\eXpLorE\CoMmAnD - "" = SYSTEM.EXE

O33 - MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\Shell\oPEN\cOMMaNd - "" = SYSTEM.EXE

O33 - MountPoints2\{7aa356ec-6335-11dd-b776-001a6bbafeb0}\Shell - "" = AutoRun

O33 - MountPoints2\{7aa356ec-6335-11dd-b776-001a6bbafeb0}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{95b3209e-a473-11de-9bad-85362dccaf87}\Shell - "" = AutoRun

O33 - MountPoints2\{95b3209e-a473-11de-9bad-85362dccaf87}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{a3790bf7-03aa-11dd-a434-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{a3790bf7-03aa-11dd-a434-001a7385345c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{a3790bfe-03aa-11dd-a434-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{a3790bfe-03aa-11dd-a434-001a7385345c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{a8f83953-598a-11de-8045-001b24767d28}\Shell - "" = AutoRun

O33 - MountPoints2\{a8f83953-598a-11de-8045-001b24767d28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\Shell\AutoRun\command - "" = SYSTEM.EXE

O33 - MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\Shell\eXpLorE\CoMmAnD - "" = SYSTEM.EXE

O33 - MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\Shell\oPEN\cOMMaNd - "" = SYSTEM.EXE

O33 - MountPoints2\{c1fe06f0-a782-11dd-bd52-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{c1fe06f0-a782-11dd-bd52-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{c1fe071f-a782-11dd-bd52-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{c1fe071f-a782-11dd-bd52-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{d0340558-58bb-11de-b581-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{d0340558-58bb-11de-b581-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{d034057c-58bb-11de-b581-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{d034057c-58bb-11de-b581-001a7385345c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{d03405a5-58bb-11de-b581-001b24767d28}\Shell - "" = AutoRun

O33 - MountPoints2\{d03405a5-58bb-11de-b581-001b24767d28}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{d57ac79a-897d-11de-9e22-b2cdb4ae3d3d}\Shell - "" = AutoRun

O33 - MountPoints2\{d57ac79a-897d-11de-9e22-b2cdb4ae3d3d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\Shell\AutoRun\command - "" = F:\SYSTEM.EXE -- File not found

O33 - MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\Shell\eXpLorE\CoMmAnD - "" = F:\SYSTEM.EXE -- File not found

O33 - MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\Shell\oPEN\cOMMaNd - "" = F:\SYSTEM.EXE -- File not found

O33 - MountPoints2\{dc10a289-5f92-11dd-961a-001a6bbafeb0}\Shell - "" = AutoRun

O33 - MountPoints2\{dc10a289-5f92-11dd-961a-001a6bbafeb0}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{dc10a2a3-5f92-11dd-961a-001a6bbafeb0}\Shell - "" = AutoRun

O33 - MountPoints2\{dc10a2a3-5f92-11dd-961a-001a6bbafeb0}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{dc10a2ad-5f92-11dd-961a-001b24767d28}\Shell - "" = AutoRun

O33 - MountPoints2\{dc10a2ad-5f92-11dd-961a-001b24767d28}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{e6d3a075-87d2-11de-9fea-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{e6d3a075-87d2-11de-9fea-001a7385345c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{e6d3a120-87d2-11de-9fea-951141d3b0bd}\Shell - "" = AutoRun

O33 - MountPoints2\{e6d3a120-87d2-11de-9fea-951141d3b0bd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{f5414587-db52-11dc-b639-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{f5414587-db52-11dc-b639-001a7385345c}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found

O33 - MountPoints2\{f54145a5-db52-11dc-b639-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{f54145a5-db52-11dc-b639-001a7385345c}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\RunGame.exe -- File not found

O33 - MountPoints2\J\Shell - "" = AutoRun

O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\RunGame.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010-07-10 13:11:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\anton\Desktop\OTL (1).exe

[2010-07-10 13:09:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\anton\Desktop\OTL.exe

[2010-07-09 22:10:51 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\Uniblue

[2010-07-09 22:10:32 | 000,000,000 | ---D | C] -- C:\Program\Uniblue

[2010-07-09 20:35:22 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll

[2010-07-09 20:35:22 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll

[2010-07-09 20:35:16 | 000,000,000 | ---D | C] -- C:\Program\RADO Removal Tool

[2010-07-09 20:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010-07-09 20:28:58 | 000,000,000 | ---D | C] -- C:\Program\Spybot - Search & Destroy

[2010-07-09 13:52:39 | 000,000,000 | ---D | C] -- C:\Program\Spyware Doctor

[2010-07-09 13:52:39 | 000,000,000 | ---D | C] -- C:\Program\Common Files\PC Tools

[2010-07-09 13:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010-07-09 13:29:07 | 000,000,000 | ---D | C] -- C:\Program\Common Files\Wise Installation Wizard

[2010-07-09 12:42:37 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\MAGIX

[2010-07-09 12:41:36 | 000,014,208 | ---- | C] (MAGIX) -- C:\Windows\System32\drivers\disksec.sys

[2010-07-09 12:41:26 | 000,991,232 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe

[2010-07-09 12:41:26 | 000,720,896 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll

[2010-07-09 12:41:26 | 000,274,432 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll

[2010-07-09 12:41:26 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll

[2010-07-09 12:41:26 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll

[2010-07-09 12:41:26 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll

[2010-07-09 12:41:26 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDA32.dll

[2010-07-09 12:41:26 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll

[2010-07-09 12:41:26 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll

[2010-07-09 12:41:26 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll

[2010-07-09 12:41:26 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll

[2010-07-09 12:41:26 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPTL32.dll

[2010-07-09 12:41:26 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDF32.dll

[2010-07-09 12:41:26 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLTPO32.dll

[2010-07-09 12:41:26 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRJ32.dll

[2010-07-09 12:41:26 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIMG32.dll

[2010-07-09 12:41:26 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRD32.dll

[2010-07-09 12:41:26 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLMSC32.dll

[2010-07-09 12:41:26 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLISO32.dll

[2010-07-09 12:41:26 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDIR32.dll

[2010-07-09 12:41:26 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTIC32.dll

[2010-07-09 12:41:26 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTI32.dll

[2010-07-09 12:41:26 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIX.dll

[2010-07-09 12:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX

[2010-07-09 12:40:09 | 000,000,000 | ---D | C] -- C:\Program\MAGIX

[2010-07-09 12:38:35 | 000,000,000 | ---D | C] -- C:\Program\Common Files\MAGIX Services

[2010-06-28 23:14:25 | 000,000,000 | ---D | C] -- C:\Users\anton\Documents\My Games

[2010-06-28 22:04:09 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Hotel.Giant.2-RELOADED

[2010-06-28 21:55:58 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\The Sims 3 - Razor1911 Final MAXSPEED

[2010-06-24 03:03:25 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010-06-24 03:03:23 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010-06-24 03:03:23 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010-06-23 14:15:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-06-23 14:15:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010-06-20 18:48:13 | 000,000,000 | ---D | C] -- C:\Users\anton\P5JavaClientSettings

[2010-06-19 20:13:52 | 000,000,000 | ---D | C] -- C:\Program\iPod

[2010-06-19 20:13:47 | 000,000,000 | ---D | C] -- C:\Program\iTunes

[2010-06-19 20:09:31 | 000,000,000 | ---D | C] -- C:\Program\QuickTime

[2010-06-19 20:03:52 | 000,000,000 | ---D | C] -- C:\Program\Apple Software Update

[2010-06-19 19:36:36 | 000,000,000 | R--D | C] -- C:\Program\Norton Support

[2010-06-19 13:15:44 | 000,000,000 | ---D | C] -- C:\Program\Windows Installer Clean Up

[2010-06-19 03:19:15 | 000,000,000 | ---D | C] -- C:\Program\Bonjour

[2010-06-18 12:11:26 | 000,000,000 | ---D | C] -- C:\Users\anton\Office Genuine Advantage

[2010-06-17 18:57:42 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Local\ApplicationHistory

[2010-06-17 18:03:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP

[2010-06-17 15:58:12 | 000,000,000 | ---D | C] -- C:\Program\SEGA

[2010-06-16 23:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage

[2010-06-16 09:40:44 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[2010-06-12 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Ny mapp (2)

[2010-06-11 21:58:51 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010-06-11 21:58:48 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010-06-11 21:58:48 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010-06-11 21:58:46 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010-06-11 21:57:54 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010-06-11 21:48:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010-06-11 21:48:31 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010-06-11 21:48:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010-06-11 18:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology

[2010-06-11 14:38:17 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Anton student -10

[2010-06-09 22:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games

[2010-06-07 15:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010-06-06 18:34:58 | 000,000,000 | ---D | C] -- C:\Program\SystemRequirementsLab

[2010-06-03 19:06:30 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\SystemRequirementsLab

[2010-05-31 19:41:33 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll

[2010-05-31 19:37:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive

[2010-05-31 18:14:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images

[2010-05-31 13:13:30 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Ny mapp

[2010-05-30 12:05:41 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Local\storage

[2010-05-30 12:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2010-05-29 10:31:54 | 000,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys

[2010-05-29 10:31:42 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2010-05-29 10:30:36 | 000,000,000 | ---D | C] -- C:\Program\Symantec

[2010-05-29 10:29:40 | 000,000,000 | ---D | C] -- C:\Program\Norton 360

[2010-05-29 10:29:13 | 000,000,000 | ---D | C] -- C:\Program\NortonInstaller

[2010-05-28 08:47:44 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Users\anton\AppData\Roaming\hwreg.exe

[2010-05-26 08:48:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010-05-18 16:35:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2010-05-18 16:35:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2010-05-02 11:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010-05-02 11:27:55 | 000,000,000 | ---D | C] -- C:\Program\Common Files\Java

[2010-05-02 11:27:08 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010-05-02 11:27:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010-05-02 11:27:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010-05-02 11:27:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010-04-28 15:52:39 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Pop

[2010-04-19 20:47:44 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll

[2010-04-16 15:43:17 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm

[2010-04-16 15:43:17 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

[2010-04-16 15:43:11 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2010-04-16 15:43:03 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010-04-16 15:43:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[3 C:\Users\anton\AppData\Roaming\*.tmp files -> C:\Users\anton\AppData\Roaming\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\anton\Desktop\*.tmp files -> C:\Users\anton\Desktop\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2010-07-10 13:12:15 | 011,534,336 | -HS- | M] () -- C:\Users\anton\ntuser.dat

[2010-07-10 13:11:34 | 000,164,161 | ---- | M] () -- C:\Users\anton\AppData\Roaming\nvModes.001

[2010-07-10 13:11:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\anton\Desktop\OTL.exe

[2010-07-10 13:11:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\anton\Desktop\OTL (1).exe

[2010-07-10 13:11:03 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3038531085-385911798-1803676192-1000UA.job

[2010-07-10 12:08:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010-07-10 12:08:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010-07-10 02:11:13 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3038531085-385911798-1803676192-1000Core.job

[2010-07-09 22:26:38 | 041,693,002 | ---- | M] () -- C:\Users\anton\Desktop\SpySweeperSNRSetup4257_EN.exe

[2010-07-09 22:10:44 | 000,000,913 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk

[2010-07-09 22:10:44 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk

[2010-07-09 20:29:27 | 000,001,079 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-09 20:29:27 | 000,001,055 | ---- | M] () -- C:\Users\anton\Desktop\Spybot - Search & Destroy.lnk

[2010-07-09 20:27:37 | 000,169,984 | ---- | M] () -- C:\Users\anton\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-09 19:44:44 | 003,520,804 | ---- | M] () -- C:\Users\anton\Desktop\Brett_Dennen_Feat_Femi_Kuti_-_.mp3

[2010-07-09 17:23:16 | 163,273,468 | ---- | M] () -- C:\Users\anton\Desktop\Exploitedteens_-_Cindy.mpg

[2010-07-09 16:24:32 | 009,107,338 | ---- | M] () -- C:\Users\anton\Desktop\Mohombi__-_Bumpy_Ride.mp3

[2010-07-09 16:19:05 | 000,000,000 | ---- | M] () -- C:\Users\anton\Desktop\Mohombi - Bumpy Ride.mp3

[2010-07-09 13:11:19 | 000,164,161 | ---- | M] () -- C:\Users\anton\AppData\Roaming\nvModes.dat

[2010-07-09 12:42:26 | 000,000,111 | ---- | M] () -- C:\Windows\installation.ini

[2010-07-09 12:03:10 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010-07-09 12:03:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-anton-Startup.job

[2010-07-09 12:02:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-07-09 12:02:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-07-09 00:27:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010-07-09 00:23:21 | 000,524,288 | -HS- | M] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

[2010-07-09 00:23:21 | 000,065,536 | -HS- | M] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TM.blf

[2010-07-08 22:36:48 | 007,188,513 | ---- | M] () -- C:\Users\anton\Desktop\Inna - Sun Is Up ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:35:35 | 005,153,466 | ---- | M] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Usher - Dirty Dancer (Prod. By RedOne) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:32:18 | 004,470,683 | ---- | M] () -- C:\Users\anton\Desktop\Francisco Feat. Rohff - Animal (Prod. By Gee Futuristic) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:31:24 | 005,898,896 | ---- | M] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Akon - One Day At A Time (Prod. By RedOne Konvict) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:30:53 | 007,007,988 | ---- | M] () -- C:\Users\anton\Desktop\Casely Feat. Machel Montano & David Rush - Burn It Up (Remix) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:29:23 | 009,885,359 | ---- | M] () -- C:\Users\anton\Desktop\Casely Feat. Pitbull - Messy ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:26:24 | 007,995,143 | ---- | M] () -- C:\Users\anton\Desktop\Charice Feat. Iyaz - Pyramid ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:20:20 | 006,068,217 | ---- | M] () -- C:\Users\anton\Desktop\Johnta Austin - My Love.mp3

[2010-07-07 12:11:56 | 005,750,110 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010-07-07 12:11:55 | 002,462,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010-07-07 12:11:55 | 001,965,858 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010-07-07 12:11:55 | 001,888,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010-07-07 12:11:54 | 000,005,534 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010-07-06 23:42:10 | 003,646,819 | -H-- | M] () -- C:\Users\anton\AppData\Local\IconCache.db

[2010-07-06 15:15:13 | 012,671,887 | ---- | M] () -- C:\Users\anton\Desktop\Lenka_-_Trouble_Is_A_Friend_20.mp3

[2010-06-30 13:39:41 | 005,620,193 | ---- | M] () -- C:\Users\anton\Desktop\David Archuleta - Crush [www.4music.lt].mp3

[2010-06-30 13:39:33 | 005,707,904 | ---- | M] () -- C:\Users\anton\Desktop\Justin Timberlake Ft. T.I. - My Love.mp3

[2010-06-30 13:38:20 | 006,694,168 | ---- | M] () -- C:\Users\anton\Desktop\Massari - Real Love ( 2oo9 ) [ www.Black-Center.com ].mp3

[2010-06-30 13:38:11 | 008,358,307 | ---- | M] () -- C:\Users\anton\Desktop\wWw.NewHMusic.Com - Akon-Keep You Much Longer.mp3

[2010-06-23 17:46:49 | 000,002,401 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

[2010-06-23 17:44:36 | 000,002,633 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk

[2010-06-22 13:23:03 | 004,665,171 | ---- | M] () -- C:\Users\anton\Desktop\Demarco - Standing Soldier [iM1].mp3

[2010-06-20 19:04:07 | 003,340,098 | ---- | M] () -- C:\Users\anton\Desktop\Francisco - And Now We Dance [LATESTJAMZ.COM].mp3

[2010-06-20 18:15:32 | 000,008,268 | ---- | M] () -- C:\Users\anton\AppData\Local\d3d9caps.dat

[2010-06-20 00:03:24 | 000,524,288 | -HS- | M] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000002.regtrans-ms

[2010-06-19 14:05:25 | 000,524,288 | -HS- | M] () -- C:\Users\anton\ntuser.dat{2945b911-0846-11df-9aa7-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

[2010-06-19 14:05:25 | 000,065,536 | -HS- | M] () -- C:\Users\anton\ntuser.dat{2945b911-0846-11df-9aa7-001a7385345c}.TM.blf

[2010-06-18 19:15:52 | 005,893,519 | ---- | M] () -- C:\Users\anton\Desktop\11-Akcent - That's My Name (Radio Edit).mp3

[2010-06-18 19:11:35 | 006,350,848 | ---- | M] () -- C:\Users\anton\Desktop\Ne-Yo - Together [iM1].mp3

[2010-06-18 19:10:13 | 009,485,911 | ---- | M] () -- C:\Users\anton\Desktop\Drew_Deezy__Thai_-_I_Dont_See_.mp3

[2010-06-18 19:08:23 | 005,753,539 | ---- | M] () -- C:\Users\anton\Desktop\Usher - Oh My Gosh.mp3

[2010-06-18 12:14:16 | 000,025,600 | ---- | M] () -- C:\Users\anton\Desktop\personlig assisten.doc

[2010-06-18 09:52:53 | 013,133,769 | ---- | M] () -- C:\Users\anton\Desktop\Sean Kingston - Fire Burning (Cherry Coke Remix) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:53 | 003,616,002 | ---- | M] () -- C:\Users\anton\Desktop\Shakira - Waka Waka (David Guetta Remix) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:52 | 020,328,535 | ---- | M] () -- C:\Users\anton\Desktop\Kelly Rowland feat David Guetta - Commander (Rafael Lelis Reconstruction Dub) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:52 | 004,774,062 | ---- | M] () -- C:\Users\anton\Desktop\Infected Culture meets Corona - The Summer Is Magic 2010 (Bootleg Edit) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:51 | 013,071,073 | ---- | M] () -- C:\Users\anton\Desktop\DJ Antoine - Starting Tonight (Clubzound Flipping Remix) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:51 | 010,613,473 | ---- | M] () -- C:\Users\anton\Desktop\Discotronic meets Tevin - To The Moon And Back (M. Deejay & Tunebot Remix) (2010) [www.RnB4U.in].mp3

[2010-06-17 18:57:43 | 000,000,093 | ---- | M] () -- C:\Users\anton\AppData\Local\fusioncache.dat

[2010-06-16 10:00:55 | 000,000,222 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Liknande.url

[2010-06-15 10:59:57 | 004,974,394 | ---- | M] () -- C:\Users\anton\Desktop\Darin_-_Breathing_your_Love__Slow_Version_.mp3

[2010-06-14 17:29:38 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForanton.job

[2010-06-12 13:53:37 | 002,496,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010-06-07 15:24:50 | 000,023,580 | ---- | M] () -- C:\Users\anton\AppData\Roaming\UserTile.png

[2010-05-31 20:01:36 | 000,001,080 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\fm.exe - genväg.lnk

[2010-05-31 19:41:33 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll

[2010-05-30 18:35:51 | 006,685,601 | ---- | M] () -- C:\Users\anton\Desktop\Rihanna feat. Will.I.Am - Photographs.mp3

[2010-05-29 10:30:36 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2010-05-29 10:30:36 | 000,007,386 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2010-05-29 10:30:36 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2010-05-29 10:30:24 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2010-05-29 10:30:14 | 000,025,648 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys

[2010-05-28 08:47:44 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Users\anton\AppData\Roaming\hwreg.exe

[2010-05-27 13:53:48 | 673,843,743 | ---- | M] () -- C:\Users\anton\Desktop\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip

[2010-05-26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010-05-26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010-05-26 11:39:26 | 005,549,618 | ---- | M] () -- C:\Users\anton\Desktop\Brooke Hogan ft. Paul Wall - About Us.mp3

[2010-05-25 21:19:33 | 004,455,476 | ---- | M] () -- C:\Users\anton\Desktop\Go-Hard.mp3

[2010-05-24 15:59:28 | 003,296,836 | ---- | M] () -- C:\Users\anton\Desktop\Settler Project - Le [www.4music.lt].mp3

[2010-05-21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010-05-19 20:09:07 | 000,104,960 | ---- | M] () -- C:\Users\anton\Documents\viet lyrics.doc

[2010-05-18 16:35:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2010-05-18 16:35:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2010-05-07 17:23:36 | 000,224,190 | RHS- | M] () -- C:\Users\anton\AppData\Roaming\winupd.exe

[2010-05-04 21:10:47 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010-05-04 21:10:47 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010-05-04 21:10:46 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010-05-04 20:37:45 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010-05-01 16:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010-04-23 16:13:55 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010-04-19 20:47:44 | 003,062,048 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll

[2010-04-17 15:37:56 | 000,025,600 | ---- | M] () -- C:\Users\anton\Desktop\lagerarbetare.doc

[2010-04-16 18:43:35 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-04-16 16:39:07 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010-04-14 17:22:40 | 000,000,104 | ---- | M] () -- C:\Users\anton\Desktop\Papperskorgen - genväg.lnk

[2010-04-12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010-04-12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010-04-12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[3 C:\Users\anton\AppData\Roaming\*.tmp files -> C:\Users\anton\AppData\Roaming\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\anton\Desktop\*.tmp files -> C:\Users\anton\Desktop\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-07-09 22:24:42 | 041,693,002 | ---- | C] () -- C:\Users\anton\Desktop\SpySweeperSNRSetup4257_EN.exe

[2010-07-09 22:10:44 | 000,000,913 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk

[2010-07-09 22:10:44 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk

[2010-07-09 20:29:27 | 000,001,079 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-09 20:29:27 | 000,001,055 | ---- | C] () -- C:\Users\anton\Desktop\Spybot - Search & Destroy.lnk

[2010-07-09 19:44:29 | 003,520,804 | ---- | C] () -- C:\Users\anton\Desktop\Brett_Dennen_Feat_Femi_Kuti_-_.mp3

[2010-07-09 17:01:45 | 163,273,468 | ---- | C] () -- C:\Users\anton\Desktop\Exploitedteens_-_Cindy.mpg

[2010-07-09 16:23:33 | 009,107,338 | ---- | C] () -- C:\Users\anton\Desktop\Mohombi__-_Bumpy_Ride.mp3

[2010-07-09 16:19:05 | 000,000,000 | ---- | C] () -- C:\Users\anton\Desktop\Mohombi - Bumpy Ride.mp3

[2010-07-09 12:42:26 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini

[2010-07-09 12:41:26 | 000,038,492 | ---- | C] () -- C:\Windows\System32\DLLAV32.lib

[2010-07-09 12:40:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2010-07-08 22:36:20 | 007,188,513 | ---- | C] () -- C:\Users\anton\Desktop\Inna - Sun Is Up ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:35:14 | 005,153,466 | ---- | C] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Usher - Dirty Dancer (Prod. By RedOne) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:31:58 | 004,470,683 | ---- | C] () -- C:\Users\anton\Desktop\Francisco Feat. Rohff - Animal (Prod. By Gee Futuristic) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:31:00 | 005,898,896 | ---- | C] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Akon - One Day At A Time (Prod. By RedOne Konvict) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:30:23 | 007,007,988 | ---- | C] () -- C:\Users\anton\Desktop\Casely Feat. Machel Montano & David Rush - Burn It Up (Remix) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:28:44 | 009,885,359 | ---- | C] () -- C:\Users\anton\Desktop\Casely Feat. Pitbull - Messy ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:26:07 | 007,995,143 | ---- | C] () -- C:\Users\anton\Desktop\Charice Feat. Iyaz - Pyramid ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:20:05 | 006,068,217 | ---- | C] () -- C:\Users\anton\Desktop\Johnta Austin - My Love.mp3

[2010-07-06 15:13:27 | 012,671,887 | ---- | C] () -- C:\Users\anton\Desktop\Lenka_-_Trouble_Is_A_Friend_20.mp3

[2010-06-30 13:39:16 | 005,620,193 | ---- | C] () -- C:\Users\anton\Desktop\David Archuleta - Crush [www.4music.lt].mp3

[2010-06-30 13:38:34 | 005,707,904 | ---- | C] () -- C:\Users\anton\Desktop\Justin Timberlake Ft. T.I. - My Love.mp3

[2010-06-30 13:37:56 | 006,694,168 | ---- | C] () -- C:\Users\anton\Desktop\Massari - Real Love ( 2oo9 ) [ www.Black-Center.com ].mp3

[2010-06-30 13:37:21 | 008,358,307 | ---- | C] () -- C:\Users\anton\Desktop\wWw.NewHMusic.Com - Akon-Keep You Much Longer.mp3

[2010-06-24 13:37:30 | 003,616,002 | ---- | C] () -- C:\Users\anton\Desktop\Shakira - Waka Waka (David Guetta Remix) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:28 | 013,133,769 | ---- | C] () -- C:\Users\anton\Desktop\Sean Kingston - Fire Burning (Cherry Coke Remix) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:23 | 020,328,535 | ---- | C] () -- C:\Users\anton\Desktop\Kelly Rowland feat David Guetta - Commander (Rafael Lelis Reconstruction Dub) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:22 | 004,774,062 | ---- | C] () -- C:\Users\anton\Desktop\Infected Culture meets Corona - The Summer Is Magic 2010 (Bootleg Edit) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:17 | 013,071,073 | ---- | C] () -- C:\Users\anton\Desktop\DJ Antoine - Starting Tonight (Clubzound Flipping Remix) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:15 | 010,613,473 | ---- | C] () -- C:\Users\anton\Desktop\Discotronic meets Tevin - To The Moon And Back (M. Deejay & Tunebot Remix) (2010) [www.RnB4U.in].mp3

[2010-06-22 13:22:15 | 004,665,171 | ---- | C] () -- C:\Users\anton\Desktop\Demarco - Standing Soldier [iM1].mp3

[2010-06-20 19:04:00 | 003,340,098 | ---- | C] () -- C:\Users\anton\Desktop\Francisco - And Now We Dance [LATESTJAMZ.COM].mp3

[2010-06-19 19:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000002.regtrans-ms

[2010-06-19 19:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

[2010-06-19 19:33:09 | 000,065,536 | -HS- | C] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TM.blf

[2010-06-18 19:13:32 | 005,893,519 | ---- | C] () -- C:\Users\anton\Desktop\11-Akcent - That's My Name (Radio Edit).mp3

[2010-06-18 19:10:04 | 006,350,848 | ---- | C] () -- C:\Users\anton\Desktop\Ne-Yo - Together [iM1].mp3

[2010-06-18 19:09:14 | 009,485,911 | ---- | C] () -- C:\Users\anton\Desktop\Drew_Deezy__Thai_-_I_Dont_See_.mp3

[2010-06-18 19:07:57 | 005,753,539 | ---- | C] () -- C:\Users\anton\Desktop\Usher - Oh My Gosh.mp3

[2010-06-17 18:57:43 | 000,000,093 | ---- | C] () -- C:\Users\anton\AppData\Local\fusioncache.dat

[2010-06-16 10:00:55 | 000,000,222 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Liknande.url

[2010-06-15 10:59:22 | 004,974,394 | ---- | C] () -- C:\Users\anton\Desktop\Darin_-_Breathing_your_Love__Slow_Version_.mp3

[2010-06-07 11:09:50 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForanton.job

[2010-05-31 20:01:36 | 000,001,080 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\fm.exe - genväg.lnk

[2010-05-30 18:26:54 | 006,685,601 | ---- | C] () -- C:\Users\anton\Desktop\Rihanna feat. Will.I.Am - Photographs.mp3

[2010-05-29 10:31:42 | 000,007,386 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2010-05-29 10:31:42 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2010-05-29 10:30:24 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2010-05-27 13:43:53 | 673,843,743 | ---- | C] () -- C:\Users\anton\Desktop\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip

[2010-05-26 11:39:16 | 005,549,618 | ---- | C] () -- C:\Users\anton\Desktop\Brooke Hogan ft. Paul Wall - About Us.mp3

[2010-05-25 21:19:15 | 004,455,476 | ---- | C] () -- C:\Users\anton\Desktop\Go-Hard.mp3

[2010-05-24 15:59:17 | 003,296,836 | ---- | C] () -- C:\Users\anton\Desktop\Settler Project - Le [www.4music.lt].mp3

[2010-05-19 20:09:06 | 000,104,960 | ---- | C] () -- C:\Users\anton\Documents\viet lyrics.doc

[2010-05-12 15:53:18 | 000,224,190 | RHS- | C] () -- C:\Users\anton\AppData\Roaming\winupd.exe

[2010-04-17 15:37:56 | 000,025,600 | ---- | C] () -- C:\Users\anton\Desktop\lagerarbetare.doc

[2010-04-17 15:29:50 | 000,025,600 | ---- | C] () -- C:\Users\anton\Desktop\personlig assisten.doc

[2010-04-14 17:22:40 | 000,000,104 | ---- | C] () -- C:\Users\anton\Desktop\Papperskorgen - genväg.lnk

[2010-03-11 09:32:44 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2009-09-11 19:42:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009-08-02 17:19:00 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009-06-19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008-10-22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2008-08-31 18:00:13 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll

[2008-08-25 06:02:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\DELG1L3.DLL

[2008-08-22 07:32:18 | 000,217,088 | ---- | C] () -- C:\Windows\System32\ssminidriver.dll

[2008-08-22 07:32:18 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ssimgfilter.dll

[2008-08-22 07:32:18 | 000,011,264 | ---- | C] () -- C:\Windows\System32\sssegfilter.dll

[2008-08-22 07:32:18 | 000,010,752 | ---- | C] () -- C:\Windows\System32\sserrhandler.dll

[2008-05-14 10:37:24 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll

[2007-10-31 19:53:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2007-09-11 21:15:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007-09-03 20:50:19 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2007-05-09 20:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2007-03-29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006-03-10 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005-08-02 23:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

[2005-05-07 14:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2005-04-03 22:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll

[2001-11-14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1998-05-07 03:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

 

========== Files - Unicode (All) ==========

[2009-08-13 16:43:26 | 000,026,624 | ---- | M] ()(C:\Users\anton\Documents\Em yêu d?u bi?t r?ng cu?c tình.doc) -- C:\Users\anton\Documents\Em yêu dẫu biết rằng cuộc tình.doc

[2009-08-13 16:43:25 | 000,026,624 | ---- | C] ()(C:\Users\anton\Documents\Em yêu d?u bi?t r?ng cu?c tình.doc) -- C:\Users\anton\Documents\Em yêu dẫu biết rằng cuộc tình.doc

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Extras.Txt

Link to comment
Share on other sites

Vilka filer hittar RADO Removal Tool?

 

Kan du ladda upp c:\program files\mozilla firefox\plugins\npganymedenet.dll igen och så klickar du på knappen Omanalysera så får vi en färsk rapport i stället. Kolla upp C:\Users\anton\AppData\Roaming\hwreg.exe på virustotal också.

 

Finns det några filer i mappen C:\ProgramData\TEMP ?

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwarebytes.org/mbam-download.php

http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=b4a0904e0f02b40bf2ae9ce030ef5c99&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11375988&mfgId=6290020&merId=6290020&pguid=XI3P-goPjFwAACI-g4wAAAA4&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3Db4a0904e0f02b40bf2ae9ce030ef5c99

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

Starta sedan om datorn och klistra in en ny OTL-logg (90 dagar) för att se vad som finns kvar.

Link to comment
Share on other sites

Tomahawk203

http://www.virustotal.com/sv/analisis/8718a63c5effc98f230934a122cd706583ed0929526dcca4a1a884022c47f532-1278772546

 

det här ovanstående är filen "c:\program files\mozilla firefox\plugins\npganymedenet.dll"

 

http://www.virustotal.com/sv/analisis/9a32722bedb7215341c554f6a6d0902bdd85c7f93aece913a7a740bf1ac3d3d5-1278772804

 

det här ovanstående är C:\Users\anton\AppData\Roaming\hwreg.exe

 

 

Nej det fanns inga filer i mappen C:\ProgramData\TEMP

 

 

 

 

 

 

 

 

 

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4299

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

 

2010-07-10 17:19:22

mbam-log-2010-07-10 (17-19-22).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 137182

Förfluten tid: 30 minut(er), 38 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 4

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update (Backdoor.IRCBot) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Users\anton\AppData\Roaming\Microsoft\Windows\Templates\winupd.exe (Backdoor.IRCBot) -> Delete on reboot.

Link to comment
Share on other sites

Tomahawk203

Så, nu har jag startat om datorn eftersom malwarebytes programmet bad mig om det. När jag trycker upp aktivitetshanteraren finns inte winupd.exe kvar. Dock när jag trycker upp systemkonfigurationen för att se vilka program som är på autostart så finns fortfarande Windows update kvar. och den är bockad för. Vad ska jag göra härnäst? Jag väntar fortfarande på OTL loggen.

Link to comment
Share on other sites

Tomahawk203

2010-07-10 17:50:00

mbam-log-2010-07-10 (17-50-00).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 136447

Förfluten tid: 11 minut(er), 35 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update (Backdoor.IRCBot) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

 

 

jag körde en sån malware en gång till.

Link to comment
Share on other sites

Tomahawk203

OTL logfile created on: 2010-07-10 17:35:14 - Run 2

OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\anton\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

31,00 Gb Paging File | 30,00 Gb Available in Paging File | 96,00% Paging File free

Paging file location(s): c:\pagefile.sys 30000 30000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142,67 Gb Total Space | 23,32 Gb Free Space | 16,34% Space Free | Partition Type: NTFS

Drive D: | 6,38 Gb Total Space | 1,43 Gb Free Space | 22,43% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ANTONTRINH

Current User Name: anton

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 90 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\anton\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Users\anton\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program\Norton 360\Engine\3.5.0.15\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program\Uniblue\RegistryBooster\registrybooster.exe (Uniblue Systems Limited)

PRC - C:\Program\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Program\HP\QuickPlay\Kernel\TV\CLSched.exe ()

PRC - C:\Program\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - c:\Program\Bioscrypt\VeriSoft\Bin\asghost.exe (Cognizance Corporation)

PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

PRC - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\anton\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File not found

SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe File not found

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.5.0.15\ccSvcHst.exe (Symantec Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (WinDefend) -- C:\Program\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

SRV - (ASBroker) -- c:\Program\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (Cognizance Corporation)

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

SRV - (MSCSPTISRV) -- C:\Program\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

SRV - (ASChannel) -- c:\Program\Bioscrypt\VeriSoft\Bin\ASChnl.dll (Cognizance Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)

SRV - (MSSQLServerADHelper) -- C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (GarenaPEngine) -- C:\Users\anton\AppData\Local\Temp\JKOEF20.tmp File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100709.040\NAVEX15.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100709.040\NAVENG.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0305000.00F\SRTSP.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMFW.SYS (Symantec Corporation)

DRV - (SYMNDISV) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMNDISV.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0305000.00F\SRTSPX.SYS (Symantec Corporation)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0305000.00F\ccHPx86.sys (Symantec Corporation)

DRV - (BHDrvx86) -- C:\Windows\system32\drivers\N360\0305000.00F\BHDrvx86.sys (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100709.001\IDSvix86.sys (Symantec Corporation)

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (usbaudio) USB-ljuddrivrutiner (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-19 20:10:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-19 20:10:29 | 000,000,000 | ---D | M]

 

[2008-10-03 22:37:02 | 000,000,000 | ---D | M] -- C:\Users\anton\AppData\Roaming\mozilla\Extensions

[2010-06-09 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions

[2009-07-27 16:06:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009-10-24 19:46:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2008-12-17 23:24:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009-07-24 00:59:36 | 000,000,000 | ---D | M] -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\firefox@tvunetworks.com

[2010-07-10 17:28:49 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions

[2010-05-02 11:27:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll

[2009-02-03 17:35:38 | 000,120,296 | ---- | M] ( ) -- C:\Program\Mozilla Firefox\plugins\npganymedenet.dll

[2009-03-24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2009-05-24 23:55:16 | 000,001,470 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml

[2009-05-24 23:55:17 | 000,002,670 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml

[2009-05-24 23:55:17 | 000,000,948 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml

[2009-05-24 23:55:17 | 000,001,174 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml

[2009-05-24 23:55:17 | 000,000,647 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2008-09-27 18:04:32 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton 360\Engine\3.5.0.15\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll File not found

O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll File not found

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Windows Update] C:\Users\anton\AppData\Roaming\Microsoft\Windows\Templates\winupd.exe File not found

O4 - HKCU..\Run: [WMPNSCFG] C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe File not found

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-04-11 23:05:06 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2005-09-11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O33 - MountPoints2\{16f91879-25ab-11de-a0ea-001b24767d28}\Shell\AutoRun\command - "" = E:\.\Vado\Vado.exe -- File not found

O33 - MountPoints2\{3e0c6c14-d51d-11dd-92d3-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{3e0c6c14-d51d-11dd-92d3-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{3e0c6c16-d51d-11dd-92d3-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{3e0c6c16-d51d-11dd-92d3-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{48e7db30-a4a9-11de-82e1-f33cee7ca331}\Shell - "" = AutoRun

O33 - MountPoints2\{48e7db30-a4a9-11de-82e1-f33cee7ca331}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found

O33 - MountPoints2\{4c306fb8-6258-11de-9cd2-001b24767d28}\Shell - "" = AutoRun

O33 - MountPoints2\{4c306fb8-6258-11de-9cd2-001b24767d28}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{4fea6cb6-a4f4-11de-8a9b-bc1717a2bb4e}\Shell - "" = AutoRun

O33 - MountPoints2\{4fea6cb6-a4f4-11de-8a9b-bc1717a2bb4e}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{5851e22a-025e-11dd-9f55-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{5851e22a-025e-11dd-9f55-001a7385345c}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found

O33 - MountPoints2\{5851e231-025e-11dd-9f55-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{5851e231-025e-11dd-9f55-001a7385345c}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found

O33 - MountPoints2\{6a5ec189-88a7-11de-9590-001b24767d28}\Shell - "" = AutoRun

O33 - MountPoints2\{6a5ec189-88a7-11de-9590-001b24767d28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{6c444325-a71f-11dd-a790-001a6bbafeb0}\Shell - "" = AutoRun

O33 - MountPoints2\{6c444325-a71f-11dd-a790-001a6bbafeb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{6c44433f-a71f-11dd-a790-001a6bbafeb0}\Shell - "" = AutoRun

O33 - MountPoints2\{6c44433f-a71f-11dd-a790-001a6bbafeb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\Shell\AutoRun\command - "" = SYSTEM.EXE

O33 - MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\Shell\eXpLorE\CoMmAnD - "" = SYSTEM.EXE

O33 - MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\Shell\oPEN\cOMMaNd - "" = SYSTEM.EXE

O33 - MountPoints2\{7aa356ec-6335-11dd-b776-001a6bbafeb0}\Shell - "" = AutoRun

O33 - MountPoints2\{7aa356ec-6335-11dd-b776-001a6bbafeb0}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{95b3209e-a473-11de-9bad-85362dccaf87}\Shell - "" = AutoRun

O33 - MountPoints2\{95b3209e-a473-11de-9bad-85362dccaf87}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{a3790bf7-03aa-11dd-a434-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{a3790bf7-03aa-11dd-a434-001a7385345c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{a3790bfe-03aa-11dd-a434-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{a3790bfe-03aa-11dd-a434-001a7385345c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{a8f83953-598a-11de-8045-001b24767d28}\Shell - "" = AutoRun

O33 - MountPoints2\{a8f83953-598a-11de-8045-001b24767d28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\Shell\AutoRun\command - "" = SYSTEM.EXE

O33 - MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\Shell\eXpLorE\CoMmAnD - "" = SYSTEM.EXE

O33 - MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\Shell\oPEN\cOMMaNd - "" = SYSTEM.EXE

O33 - MountPoints2\{c1fe06f0-a782-11dd-bd52-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{c1fe06f0-a782-11dd-bd52-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{c1fe071f-a782-11dd-bd52-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{c1fe071f-a782-11dd-bd52-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{d0340558-58bb-11de-b581-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{d0340558-58bb-11de-b581-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{d034057c-58bb-11de-b581-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{d034057c-58bb-11de-b581-001a7385345c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{d03405a5-58bb-11de-b581-001b24767d28}\Shell - "" = AutoRun

O33 - MountPoints2\{d03405a5-58bb-11de-b581-001b24767d28}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{d57ac79a-897d-11de-9e22-b2cdb4ae3d3d}\Shell - "" = AutoRun

O33 - MountPoints2\{d57ac79a-897d-11de-9e22-b2cdb4ae3d3d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\Shell\AutoRun\command - "" = F:\SYSTEM.EXE -- File not found

O33 - MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\Shell\eXpLorE\CoMmAnD - "" = F:\SYSTEM.EXE -- File not found

O33 - MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\Shell\oPEN\cOMMaNd - "" = F:\SYSTEM.EXE -- File not found

O33 - MountPoints2\{dc10a289-5f92-11dd-961a-001a6bbafeb0}\Shell - "" = AutoRun

O33 - MountPoints2\{dc10a289-5f92-11dd-961a-001a6bbafeb0}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{dc10a2a3-5f92-11dd-961a-001a6bbafeb0}\Shell - "" = AutoRun

O33 - MountPoints2\{dc10a2a3-5f92-11dd-961a-001a6bbafeb0}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{dc10a2ad-5f92-11dd-961a-001b24767d28}\Shell - "" = AutoRun

O33 - MountPoints2\{dc10a2ad-5f92-11dd-961a-001b24767d28}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{e6d3a075-87d2-11de-9fea-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{e6d3a075-87d2-11de-9fea-001a7385345c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{e6d3a120-87d2-11de-9fea-951141d3b0bd}\Shell - "" = AutoRun

O33 - MountPoints2\{e6d3a120-87d2-11de-9fea-951141d3b0bd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{f5414587-db52-11dc-b639-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{f5414587-db52-11dc-b639-001a7385345c}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found

O33 - MountPoints2\{f54145a5-db52-11dc-b639-001a7385345c}\Shell - "" = AutoRun

O33 - MountPoints2\{f54145a5-db52-11dc-b639-001a7385345c}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\RunGame.exe -- File not found

O33 - MountPoints2\J\Shell - "" = AutoRun

O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\RunGame.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010-07-10 16:46:58 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\Malwarebytes

[2010-07-10 16:46:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010-07-10 16:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010-07-10 16:46:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010-07-10 16:46:05 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2010-07-10 16:43:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\anton\Desktop\mbam-setup.exe

[2010-07-10 13:11:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\anton\Desktop\OTL (1).exe

[2010-07-10 13:09:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\anton\Desktop\OTL.exe

[2010-07-09 22:10:51 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\Uniblue

[2010-07-09 22:10:32 | 000,000,000 | ---D | C] -- C:\Program\Uniblue

[2010-07-09 20:35:22 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll

[2010-07-09 20:35:22 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll

[2010-07-09 20:35:16 | 000,000,000 | ---D | C] -- C:\Program\RADO Removal Tool

[2010-07-09 20:29:17 | 010,811,376 | ---- | C] (Security Stronghold ) -- C:\Users\anton\Desktop\RADO-Removal-Tool.exe

[2010-07-09 20:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010-07-09 20:28:58 | 000,000,000 | ---D | C] -- C:\Program\Spybot - Search & Destroy

[2010-07-09 13:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010-07-09 13:29:07 | 000,000,000 | ---D | C] -- C:\Program\Common Files\Wise Installation Wizard

[2010-07-09 12:42:37 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\MAGIX

[2010-07-09 12:41:36 | 000,014,208 | ---- | C] (MAGIX) -- C:\Windows\System32\drivers\disksec.sys

[2010-07-09 12:41:26 | 000,991,232 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe

[2010-07-09 12:41:26 | 000,720,896 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll

[2010-07-09 12:41:26 | 000,274,432 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll

[2010-07-09 12:41:26 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll

[2010-07-09 12:41:26 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll

[2010-07-09 12:41:26 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll

[2010-07-09 12:41:26 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDA32.dll

[2010-07-09 12:41:26 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll

[2010-07-09 12:41:26 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll

[2010-07-09 12:41:26 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll

[2010-07-09 12:41:26 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll

[2010-07-09 12:41:26 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPTL32.dll

[2010-07-09 12:41:26 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDF32.dll

[2010-07-09 12:41:26 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLTPO32.dll

[2010-07-09 12:41:26 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRJ32.dll

[2010-07-09 12:41:26 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIMG32.dll

[2010-07-09 12:41:26 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRD32.dll

[2010-07-09 12:41:26 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLMSC32.dll

[2010-07-09 12:41:26 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLISO32.dll

[2010-07-09 12:41:26 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDIR32.dll

[2010-07-09 12:41:26 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTIC32.dll

[2010-07-09 12:41:26 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTI32.dll

[2010-07-09 12:41:26 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIX.dll

[2010-07-09 12:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX

[2010-07-09 12:40:09 | 000,000,000 | ---D | C] -- C:\Program\MAGIX

[2010-07-09 12:38:35 | 000,000,000 | ---D | C] -- C:\Program\Common Files\MAGIX Services

[2010-06-28 23:14:25 | 000,000,000 | ---D | C] -- C:\Users\anton\Documents\My Games

[2010-06-28 22:04:09 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Hotel.Giant.2-RELOADED

[2010-06-28 21:55:58 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\The Sims 3 - Razor1911 Final MAXSPEED

[2010-06-24 03:03:25 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010-06-24 03:03:23 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010-06-24 03:03:23 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010-06-23 14:15:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-06-23 14:15:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010-06-20 18:48:13 | 000,000,000 | ---D | C] -- C:\Users\anton\P5JavaClientSettings

[2010-06-19 20:13:52 | 000,000,000 | ---D | C] -- C:\Program\iPod

[2010-06-19 20:13:47 | 000,000,000 | ---D | C] -- C:\Program\iTunes

[2010-06-19 20:09:31 | 000,000,000 | ---D | C] -- C:\Program\QuickTime

[2010-06-19 20:03:52 | 000,000,000 | ---D | C] -- C:\Program\Apple Software Update

[2010-06-19 19:36:36 | 000,000,000 | R--D | C] -- C:\Program\Norton Support

[2010-06-19 13:15:44 | 000,000,000 | ---D | C] -- C:\Program\Windows Installer Clean Up

[2010-06-19 03:19:15 | 000,000,000 | ---D | C] -- C:\Program\Bonjour

[2010-06-18 12:11:26 | 000,000,000 | ---D | C] -- C:\Users\anton\Office Genuine Advantage

[2010-06-17 18:57:42 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Local\ApplicationHistory

[2010-06-17 18:03:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP

[2010-06-17 15:58:12 | 000,000,000 | ---D | C] -- C:\Program\SEGA

[2010-06-16 23:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage

[2010-06-16 09:40:44 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[2010-06-12 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Ny mapp (2)

[2010-06-11 21:58:51 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010-06-11 21:58:48 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010-06-11 21:58:48 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010-06-11 21:58:46 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010-06-11 21:57:54 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010-06-11 21:48:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010-06-11 21:48:31 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010-06-11 21:48:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010-06-11 18:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology

[2010-06-11 14:38:17 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Anton student -10

[2010-06-09 22:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games

[2010-06-07 15:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010-06-06 18:34:58 | 000,000,000 | ---D | C] -- C:\Program\SystemRequirementsLab

[2010-06-03 19:06:30 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\SystemRequirementsLab

[2010-05-31 19:41:33 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll

[2010-05-31 19:37:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive

[2010-05-31 18:14:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images

[2010-05-31 13:13:30 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Ny mapp

[2010-05-30 12:05:41 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Local\storage

[2010-05-30 12:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2010-05-29 10:31:54 | 000,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys

[2010-05-29 10:31:42 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2010-05-29 10:30:36 | 000,000,000 | ---D | C] -- C:\Program\Symantec

[2010-05-29 10:29:40 | 000,000,000 | ---D | C] -- C:\Program\Norton 360

[2010-05-29 10:29:13 | 000,000,000 | ---D | C] -- C:\Program\NortonInstaller

[2010-05-28 08:47:44 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Users\anton\AppData\Roaming\hwreg.exe

[2010-05-26 08:48:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010-05-18 16:35:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2010-05-18 16:35:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2010-05-02 11:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010-05-02 11:27:55 | 000,000,000 | ---D | C] -- C:\Program\Common Files\Java

[2010-05-02 11:27:08 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010-05-02 11:27:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010-05-02 11:27:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010-05-02 11:27:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010-04-28 15:52:39 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Pop

[2010-04-19 20:47:44 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll

[2010-04-16 15:43:17 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm

[2010-04-16 15:43:17 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

[2010-04-16 15:43:11 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2010-04-16 15:43:03 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010-04-16 15:43:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[3 C:\Users\anton\AppData\Roaming\*.tmp files -> C:\Users\anton\AppData\Roaming\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\anton\Desktop\*.tmp files -> C:\Users\anton\Desktop\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2010-07-10 17:34:38 | 011,534,336 | -HS- | M] () -- C:\Users\anton\ntuser.dat

[2010-07-10 17:29:26 | 000,164,161 | ---- | M] () -- C:\Users\anton\AppData\Roaming\nvModes.001

[2010-07-10 17:28:47 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010-07-10 17:28:34 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-anton-Startup.job

[2010-07-10 17:28:32 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010-07-10 17:28:32 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010-07-10 17:28:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-07-10 17:28:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-07-10 17:25:21 | 000,065,536 | -HS- | M] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TM.blf

[2010-07-10 17:25:16 | 000,524,288 | -HS- | M] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

[2010-07-10 17:24:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010-07-10 17:23:56 | 006,291,456 | -H-- | M] () -- C:\Users\anton\AppData\Local\IconCache.db

[2010-07-10 17:23:09 | 000,000,000 | ---- | M] () -- C:\Users\anton\AppData\Roaming\winx.ld

[2010-07-10 17:11:14 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3038531085-385911798-1803676192-1000UA.job

[2010-07-10 16:46:29 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010-07-10 16:43:54 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\anton\Desktop\mbam-setup.exe

[2010-07-10 16:38:19 | 000,001,814 | ---- | M] () -- C:\Users\anton\Desktop\RADO Removal Tool.lnk

[2010-07-10 13:11:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\anton\Desktop\OTL.exe

[2010-07-10 13:11:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\anton\Desktop\OTL (1).exe

[2010-07-10 02:11:13 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3038531085-385911798-1803676192-1000Core.job

[2010-07-09 22:26:38 | 041,693,002 | ---- | M] () -- C:\Users\anton\Desktop\SpySweeperSNRSetup4257_EN.exe

[2010-07-09 22:10:44 | 000,000,913 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk

[2010-07-09 22:10:44 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk

[2010-07-09 20:30:07 | 010,811,376 | ---- | M] (Security Stronghold ) -- C:\Users\anton\Desktop\RADO-Removal-Tool.exe

[2010-07-09 20:29:27 | 000,001,079 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-09 20:29:27 | 000,001,055 | ---- | M] () -- C:\Users\anton\Desktop\Spybot - Search & Destroy.lnk

[2010-07-09 20:27:37 | 000,169,984 | ---- | M] () -- C:\Users\anton\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-09 19:44:44 | 003,520,804 | ---- | M] () -- C:\Users\anton\Desktop\Brett_Dennen_Feat_Femi_Kuti_-_.mp3

[2010-07-09 16:24:32 | 009,107,338 | ---- | M] () -- C:\Users\anton\Desktop\Mohombi__-_Bumpy_Ride.mp3

[2010-07-09 13:11:19 | 000,164,161 | ---- | M] () -- C:\Users\anton\AppData\Roaming\nvModes.dat

[2010-07-09 12:42:26 | 000,000,111 | ---- | M] () -- C:\Windows\installation.ini

[2010-07-08 22:36:48 | 007,188,513 | ---- | M] () -- C:\Users\anton\Desktop\Inna - Sun Is Up ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:35:35 | 005,153,466 | ---- | M] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Usher - Dirty Dancer (Prod. By RedOne) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:32:18 | 004,470,683 | ---- | M] () -- C:\Users\anton\Desktop\Francisco Feat. Rohff - Animal (Prod. By Gee Futuristic) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:31:24 | 005,898,896 | ---- | M] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Akon - One Day At A Time (Prod. By RedOne Konvict) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:30:53 | 007,007,988 | ---- | M] () -- C:\Users\anton\Desktop\Casely Feat. Machel Montano & David Rush - Burn It Up (Remix) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:29:23 | 009,885,359 | ---- | M] () -- C:\Users\anton\Desktop\Casely Feat. Pitbull - Messy ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:26:24 | 007,995,143 | ---- | M] () -- C:\Users\anton\Desktop\Charice Feat. Iyaz - Pyramid ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:20:20 | 006,068,217 | ---- | M] () -- C:\Users\anton\Desktop\Johnta Austin - My Love.mp3

[2010-07-07 12:11:56 | 005,750,110 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010-07-07 12:11:55 | 002,462,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010-07-07 12:11:55 | 001,965,858 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010-07-07 12:11:55 | 001,888,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010-07-07 12:11:54 | 000,005,534 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010-07-06 15:15:13 | 012,671,887 | ---- | M] () -- C:\Users\anton\Desktop\Lenka_-_Trouble_Is_A_Friend_20.mp3

[2010-06-30 13:39:41 | 005,620,193 | ---- | M] () -- C:\Users\anton\Desktop\David Archuleta - Crush [www.4music.lt].mp3

[2010-06-30 13:39:33 | 005,707,904 | ---- | M] () -- C:\Users\anton\Desktop\Justin Timberlake Ft. T.I. - My Love.mp3

[2010-06-30 13:38:20 | 006,694,168 | ---- | M] () -- C:\Users\anton\Desktop\Massari - Real Love ( 2oo9 ) [ www.Black-Center.com ].mp3

[2010-06-30 13:38:11 | 008,358,307 | ---- | M] () -- C:\Users\anton\Desktop\wWw.NewHMusic.Com - Akon-Keep You Much Longer.mp3

[2010-06-23 17:46:49 | 000,002,401 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

[2010-06-23 17:44:36 | 000,002,633 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk

[2010-06-22 13:23:03 | 004,665,171 | ---- | M] () -- C:\Users\anton\Desktop\Demarco - Standing Soldier [iM1].mp3

[2010-06-20 19:04:07 | 003,340,098 | ---- | M] () -- C:\Users\anton\Desktop\Francisco - And Now We Dance [LATESTJAMZ.COM].mp3

[2010-06-20 18:15:32 | 000,008,268 | ---- | M] () -- C:\Users\anton\AppData\Local\d3d9caps.dat

[2010-06-20 00:03:24 | 000,524,288 | -HS- | M] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000002.regtrans-ms

[2010-06-19 14:05:25 | 000,524,288 | -HS- | M] () -- C:\Users\anton\ntuser.dat{2945b911-0846-11df-9aa7-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

[2010-06-19 14:05:25 | 000,065,536 | -HS- | M] () -- C:\Users\anton\ntuser.dat{2945b911-0846-11df-9aa7-001a7385345c}.TM.blf

[2010-06-18 19:15:52 | 005,893,519 | ---- | M] () -- C:\Users\anton\Desktop\11-Akcent - That's My Name (Radio Edit).mp3

[2010-06-18 19:11:35 | 006,350,848 | ---- | M] () -- C:\Users\anton\Desktop\Ne-Yo - Together [iM1].mp3

[2010-06-18 19:10:13 | 009,485,911 | ---- | M] () -- C:\Users\anton\Desktop\Drew_Deezy__Thai_-_I_Dont_See_.mp3

[2010-06-18 19:08:23 | 005,753,539 | ---- | M] () -- C:\Users\anton\Desktop\Usher - Oh My Gosh.mp3

[2010-06-18 12:14:16 | 000,025,600 | ---- | M] () -- C:\Users\anton\Desktop\personlig assisten.doc

[2010-06-18 09:52:53 | 013,133,769 | ---- | M] () -- C:\Users\anton\Desktop\Sean Kingston - Fire Burning (Cherry Coke Remix) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:53 | 003,616,002 | ---- | M] () -- C:\Users\anton\Desktop\Shakira - Waka Waka (David Guetta Remix) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:52 | 020,328,535 | ---- | M] () -- C:\Users\anton\Desktop\Kelly Rowland feat David Guetta - Commander (Rafael Lelis Reconstruction Dub) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:52 | 004,774,062 | ---- | M] () -- C:\Users\anton\Desktop\Infected Culture meets Corona - The Summer Is Magic 2010 (Bootleg Edit) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:51 | 013,071,073 | ---- | M] () -- C:\Users\anton\Desktop\DJ Antoine - Starting Tonight (Clubzound Flipping Remix) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:51 | 010,613,473 | ---- | M] () -- C:\Users\anton\Desktop\Discotronic meets Tevin - To The Moon And Back (M. Deejay & Tunebot Remix) (2010) [www.RnB4U.in].mp3

[2010-06-17 18:57:43 | 000,000,093 | ---- | M] () -- C:\Users\anton\AppData\Local\fusioncache.dat

[2010-06-16 10:00:55 | 000,000,222 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Liknande.url

[2010-06-15 10:59:57 | 004,974,394 | ---- | M] () -- C:\Users\anton\Desktop\Darin_-_Breathing_your_Love__Slow_Version_.mp3

[2010-06-14 17:29:38 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForanton.job

[2010-06-12 13:53:37 | 002,496,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010-06-07 15:24:50 | 000,023,580 | ---- | M] () -- C:\Users\anton\AppData\Roaming\UserTile.png

[2010-05-31 20:01:36 | 000,001,080 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\fm.exe - genväg.lnk

[2010-05-31 19:41:33 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll

[2010-05-30 18:35:51 | 006,685,601 | ---- | M] () -- C:\Users\anton\Desktop\Rihanna feat. Will.I.Am - Photographs.mp3

[2010-05-29 10:30:36 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2010-05-29 10:30:36 | 000,007,386 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2010-05-29 10:30:36 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2010-05-29 10:30:24 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2010-05-29 10:30:14 | 000,025,648 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys

[2010-05-28 08:47:44 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Users\anton\AppData\Roaming\hwreg.exe

[2010-05-27 13:53:48 | 673,843,743 | ---- | M] () -- C:\Users\anton\Desktop\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip

[2010-05-26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010-05-26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010-05-26 11:39:26 | 005,549,618 | ---- | M] () -- C:\Users\anton\Desktop\Brooke Hogan ft. Paul Wall - About Us.mp3

[2010-05-25 21:19:33 | 004,455,476 | ---- | M] () -- C:\Users\anton\Desktop\Go-Hard.mp3

[2010-05-24 15:59:28 | 003,296,836 | ---- | M] () -- C:\Users\anton\Desktop\Settler Project - Le [www.4music.lt].mp3

[2010-05-21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010-05-19 20:09:07 | 000,104,960 | ---- | M] () -- C:\Users\anton\Documents\viet lyrics.doc

[2010-05-18 16:35:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2010-05-18 16:35:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2010-05-07 17:23:36 | 000,224,190 | RHS- | M] () -- C:\Users\anton\AppData\Roaming\winupd.exe

[2010-05-04 21:10:47 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010-05-04 21:10:47 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010-05-04 21:10:46 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010-05-04 20:37:45 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010-05-01 16:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010-04-23 16:13:55 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010-04-19 20:47:44 | 003,062,048 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll

[2010-04-17 15:37:56 | 000,025,600 | ---- | M] () -- C:\Users\anton\Desktop\lagerarbetare.doc

[2010-04-16 18:43:35 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-04-16 16:39:07 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010-04-14 17:22:40 | 000,000,104 | ---- | M] () -- C:\Users\anton\Desktop\Papperskorgen - genväg.lnk

[2010-04-12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010-04-12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010-04-12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[3 C:\Users\anton\AppData\Roaming\*.tmp files -> C:\Users\anton\AppData\Roaming\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\anton\Desktop\*.tmp files -> C:\Users\anton\Desktop\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-07-10 17:23:09 | 000,000,000 | ---- | C] () -- C:\Users\anton\AppData\Roaming\winx.ld

[2010-07-10 16:46:29 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010-07-10 16:38:19 | 000,001,814 | ---- | C] () -- C:\Users\anton\Desktop\RADO Removal Tool.lnk

[2010-07-09 22:24:42 | 041,693,002 | ---- | C] () -- C:\Users\anton\Desktop\SpySweeperSNRSetup4257_EN.exe

[2010-07-09 22:10:44 | 000,000,913 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk

[2010-07-09 22:10:44 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk

[2010-07-09 20:29:27 | 000,001,079 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-09 20:29:27 | 000,001,055 | ---- | C] () -- C:\Users\anton\Desktop\Spybot - Search & Destroy.lnk

[2010-07-09 19:44:29 | 003,520,804 | ---- | C] () -- C:\Users\anton\Desktop\Brett_Dennen_Feat_Femi_Kuti_-_.mp3

[2010-07-09 16:23:33 | 009,107,338 | ---- | C] () -- C:\Users\anton\Desktop\Mohombi__-_Bumpy_Ride.mp3

[2010-07-09 12:42:26 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini

[2010-07-09 12:41:26 | 000,038,492 | ---- | C] () -- C:\Windows\System32\DLLAV32.lib

[2010-07-09 12:40:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2010-07-08 22:36:20 | 007,188,513 | ---- | C] () -- C:\Users\anton\Desktop\Inna - Sun Is Up ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:35:14 | 005,153,466 | ---- | C] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Usher - Dirty Dancer (Prod. By RedOne) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:31:58 | 004,470,683 | ---- | C] () -- C:\Users\anton\Desktop\Francisco Feat. Rohff - Animal (Prod. By Gee Futuristic) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:31:00 | 005,898,896 | ---- | C] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Akon - One Day At A Time (Prod. By RedOne Konvict) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:30:23 | 007,007,988 | ---- | C] () -- C:\Users\anton\Desktop\Casely Feat. Machel Montano & David Rush - Burn It Up (Remix) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:28:44 | 009,885,359 | ---- | C] () -- C:\Users\anton\Desktop\Casely Feat. Pitbull - Messy ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:26:07 | 007,995,143 | ---- | C] () -- C:\Users\anton\Desktop\Charice Feat. Iyaz - Pyramid ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:20:05 | 006,068,217 | ---- | C] () -- C:\Users\anton\Desktop\Johnta Austin - My Love.mp3

[2010-07-06 15:13:27 | 012,671,887 | ---- | C] () -- C:\Users\anton\Desktop\Lenka_-_Trouble_Is_A_Friend_20.mp3

[2010-06-30 13:39:16 | 005,620,193 | ---- | C] () -- C:\Users\anton\Desktop\David Archuleta - Crush [www.4music.lt].mp3

[2010-06-30 13:38:34 | 005,707,904 | ---- | C] () -- C:\Users\anton\Desktop\Justin Timberlake Ft. T.I. - My Love.mp3

[2010-06-30 13:37:56 | 006,694,168 | ---- | C] () -- C:\Users\anton\Desktop\Massari - Real Love ( 2oo9 ) [ www.Black-Center.com ].mp3

[2010-06-30 13:37:21 | 008,358,307 | ---- | C] () -- C:\Users\anton\Desktop\wWw.NewHMusic.Com - Akon-Keep You Much Longer.mp3

[2010-06-24 13:37:30 | 003,616,002 | ---- | C] () -- C:\Users\anton\Desktop\Shakira - Waka Waka (David Guetta Remix) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:28 | 013,133,769 | ---- | C] () -- C:\Users\anton\Desktop\Sean Kingston - Fire Burning (Cherry Coke Remix) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:23 | 020,328,535 | ---- | C] () -- C:\Users\anton\Desktop\Kelly Rowland feat David Guetta - Commander (Rafael Lelis Reconstruction Dub) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:22 | 004,774,062 | ---- | C] () -- C:\Users\anton\Desktop\Infected Culture meets Corona - The Summer Is Magic 2010 (Bootleg Edit) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:17 | 013,071,073 | ---- | C] () -- C:\Users\anton\Desktop\DJ Antoine - Starting Tonight (Clubzound Flipping Remix) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:15 | 010,613,473 | ---- | C] () -- C:\Users\anton\Desktop\Discotronic meets Tevin - To The Moon And Back (M. Deejay & Tunebot Remix) (2010) [www.RnB4U.in].mp3

[2010-06-22 13:22:15 | 004,665,171 | ---- | C] () -- C:\Users\anton\Desktop\Demarco - Standing Soldier [iM1].mp3

[2010-06-20 19:04:00 | 003,340,098 | ---- | C] () -- C:\Users\anton\Desktop\Francisco - And Now We Dance [LATESTJAMZ.COM].mp3

[2010-06-19 19:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000002.regtrans-ms

[2010-06-19 19:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

[2010-06-19 19:33:09 | 000,065,536 | -HS- | C] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TM.blf

[2010-06-18 19:13:32 | 005,893,519 | ---- | C] () -- C:\Users\anton\Desktop\11-Akcent - That's My Name (Radio Edit).mp3

[2010-06-18 19:10:04 | 006,350,848 | ---- | C] () -- C:\Users\anton\Desktop\Ne-Yo - Together [iM1].mp3

[2010-06-18 19:09:14 | 009,485,911 | ---- | C] () -- C:\Users\anton\Desktop\Drew_Deezy__Thai_-_I_Dont_See_.mp3

[2010-06-18 19:07:57 | 005,753,539 | ---- | C] () -- C:\Users\anton\Desktop\Usher - Oh My Gosh.mp3

[2010-06-17 18:57:43 | 000,000,093 | ---- | C] () -- C:\Users\anton\AppData\Local\fusioncache.dat

[2010-06-16 10:00:55 | 000,000,222 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Liknande.url

[2010-06-15 10:59:22 | 004,974,394 | ---- | C] () -- C:\Users\anton\Desktop\Darin_-_Breathing_your_Love__Slow_Version_.mp3

[2010-06-07 11:09:50 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForanton.job

[2010-05-31 20:01:36 | 000,001,080 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\fm.exe - genväg.lnk

[2010-05-30 18:26:54 | 006,685,601 | ---- | C] () -- C:\Users\anton\Desktop\Rihanna feat. Will.I.Am - Photographs.mp3

[2010-05-29 10:31:42 | 000,007,386 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2010-05-29 10:31:42 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2010-05-29 10:30:24 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2010-05-27 13:43:53 | 673,843,743 | ---- | C] () -- C:\Users\anton\Desktop\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip

[2010-05-26 11:39:16 | 005,549,618 | ---- | C] () -- C:\Users\anton\Desktop\Brooke Hogan ft. Paul Wall - About Us.mp3

[2010-05-25 21:19:15 | 004,455,476 | ---- | C] () -- C:\Users\anton\Desktop\Go-Hard.mp3

[2010-05-24 15:59:17 | 003,296,836 | ---- | C] () -- C:\Users\anton\Desktop\Settler Project - Le [www.4music.lt].mp3

[2010-05-19 20:09:06 | 000,104,960 | ---- | C] () -- C:\Users\anton\Documents\viet lyrics.doc

[2010-05-12 15:53:18 | 000,224,190 | RHS- | C] () -- C:\Users\anton\AppData\Roaming\winupd.exe

[2010-04-17 15:37:56 | 000,025,600 | ---- | C] () -- C:\Users\anton\Desktop\lagerarbetare.doc

[2010-04-17 15:29:50 | 000,025,600 | ---- | C] () -- C:\Users\anton\Desktop\personlig assisten.doc

[2010-04-14 17:22:40 | 000,000,104 | ---- | C] () -- C:\Users\anton\Desktop\Papperskorgen - genväg.lnk

[2010-03-11 09:32:44 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2009-09-11 19:42:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009-08-02 17:19:00 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009-06-19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008-10-22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2008-08-31 18:00:13 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll

[2008-08-25 06:02:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\DELG1L3.DLL

[2008-08-22 07:32:18 | 000,217,088 | ---- | C] () -- C:\Windows\System32\ssminidriver.dll

[2008-08-22 07:32:18 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ssimgfilter.dll

[2008-08-22 07:32:18 | 000,011,264 | ---- | C] () -- C:\Windows\System32\sssegfilter.dll

[2008-08-22 07:32:18 | 000,010,752 | ---- | C] () -- C:\Windows\System32\sserrhandler.dll

[2008-05-14 10:37:24 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll

[2007-10-31 19:53:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2007-09-11 21:15:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007-09-03 20:50:19 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2007-05-09 20:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2007-03-29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006-03-10 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005-08-02 23:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

[2005-05-07 14:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2005-04-03 22:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll

[2001-11-14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1998-05-07 03:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

 

========== Files - Unicode (All) ==========

[2009-08-13 16:43:26 | 000,026,624 | ---- | M] ()(C:\Users\anton\Documents\Em yêu d?u bi?t r?ng cu?c tình.doc) -- C:\Users\anton\Documents\Em yêu dẫu biết rằng cuộc tình.doc

[2009-08-13 16:43:25 | 000,026,624 | ---- | C] ()(C:\Users\anton\Documents\Em yêu d?u bi?t r?ng cu?c tình.doc) -- C:\Users\anton\Documents\Em yêu dẫu biết rằng cuộc tình.doc

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Link to comment
Share on other sites

Ta bort mappen C:\ProgramData\TEMP

 

Avinstallera genast RADO Removal Tool. Starta sedan om datorn och ta bort:

C:\Program\RADO Removal Tool

C:\Users\anton\Desktop\RADO-Removal-Tool.exe

Anledningen är att den kommer från Security Stronghold som är dåligt, se åsikterna på http://www.mywot.com/sv/scorecard/securitystronghold.com

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:OTL
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (GarenaPEngine) -- C:\Users\anton\AppData\Local\Temp\JKOEF20.tmp File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll File not found
O4 - HKCU..\Run: [Windows Update] C:\Users\anton\AppData\Roaming\Microsoft\Windows\Templates\winupd.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab  (Reg Error: Key error.)
O33 - MountPoints2\{16f91879-25ab-11de-a0ea-001b24767d28}\Shell\AutoRun\command - "" = E:\.\Vado\Vado.exe -- File not found
O33 - MountPoints2\{3e0c6c14-d51d-11dd-92d3-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{3e0c6c14-d51d-11dd-92d3-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{3e0c6c16-d51d-11dd-92d3-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{3e0c6c16-d51d-11dd-92d3-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{48e7db30-a4a9-11de-82e1-f33cee7ca331}\Shell - "" = AutoRun
O33 - MountPoints2\{48e7db30-a4a9-11de-82e1-f33cee7ca331}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{4c306fb8-6258-11de-9cd2-001b24767d28}\Shell - "" = AutoRun
O33 - MountPoints2\{4c306fb8-6258-11de-9cd2-001b24767d28}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{4fea6cb6-a4f4-11de-8a9b-bc1717a2bb4e}\Shell - "" = AutoRun
O33 - MountPoints2\{4fea6cb6-a4f4-11de-8a9b-bc1717a2bb4e}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{5851e22a-025e-11dd-9f55-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{5851e22a-025e-11dd-9f55-001a7385345c}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{5851e231-025e-11dd-9f55-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{5851e231-025e-11dd-9f55-001a7385345c}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{6a5ec189-88a7-11de-9590-001b24767d28}\Shell - "" = AutoRun
O33 - MountPoints2\{6a5ec189-88a7-11de-9590-001b24767d28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6c444325-a71f-11dd-a790-001a6bbafeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{6c444325-a71f-11dd-a790-001a6bbafeb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6c44433f-a71f-11dd-a790-001a6bbafeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{6c44433f-a71f-11dd-a790-001a6bbafeb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\Shell\AutoRun\command - "" = SYSTEM.EXE
O33 - MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\Shell\eXpLorE\CoMmAnD - "" = SYSTEM.EXE
O33 - MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\Shell\oPEN\cOMMaNd - "" = SYSTEM.EXE
O33 - MountPoints2\{7aa356ec-6335-11dd-b776-001a6bbafeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa356ec-6335-11dd-b776-001a6bbafeb0}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{95b3209e-a473-11de-9bad-85362dccaf87}\Shell - "" = AutoRun
O33 - MountPoints2\{95b3209e-a473-11de-9bad-85362dccaf87}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a3790bf7-03aa-11dd-a434-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{a3790bf7-03aa-11dd-a434-001a7385345c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{a3790bfe-03aa-11dd-a434-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{a3790bfe-03aa-11dd-a434-001a7385345c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{a8f83953-598a-11de-8045-001b24767d28}\Shell - "" = AutoRun
O33 - MountPoints2\{a8f83953-598a-11de-8045-001b24767d28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\Shell\AutoRun\command - "" = SYSTEM.EXE
O33 - MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\Shell\eXpLorE\CoMmAnD - "" = SYSTEM.EXE
O33 - MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\Shell\oPEN\cOMMaNd - "" = SYSTEM.EXE
O33 - MountPoints2\{c1fe06f0-a782-11dd-bd52-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c1fe06f0-a782-11dd-bd52-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c1fe071f-a782-11dd-bd52-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{c1fe071f-a782-11dd-bd52-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{d0340558-58bb-11de-b581-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{d0340558-58bb-11de-b581-001a7385345c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{d034057c-58bb-11de-b581-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{d034057c-58bb-11de-b581-001a7385345c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{d03405a5-58bb-11de-b581-001b24767d28}\Shell - "" = AutoRun
O33 - MountPoints2\{d03405a5-58bb-11de-b581-001b24767d28}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{d57ac79a-897d-11de-9e22-b2cdb4ae3d3d}\Shell - "" = AutoRun
O33 - MountPoints2\{d57ac79a-897d-11de-9e22-b2cdb4ae3d3d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\Shell\AutoRun\command - "" = F:\SYSTEM.EXE -- File not found
O33 - MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\Shell\eXpLorE\CoMmAnD - "" = F:\SYSTEM.EXE -- File not found
O33 - MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\Shell\oPEN\cOMMaNd - "" = F:\SYSTEM.EXE -- File not found
O33 - MountPoints2\{dc10a289-5f92-11dd-961a-001a6bbafeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{dc10a289-5f92-11dd-961a-001a6bbafeb0}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{dc10a2a3-5f92-11dd-961a-001a6bbafeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{dc10a2a3-5f92-11dd-961a-001a6bbafeb0}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{dc10a2ad-5f92-11dd-961a-001b24767d28}\Shell - "" = AutoRun
O33 - MountPoints2\{dc10a2ad-5f92-11dd-961a-001b24767d28}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{e6d3a075-87d2-11de-9fea-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{e6d3a075-87d2-11de-9fea-001a7385345c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e6d3a120-87d2-11de-9fea-951141d3b0bd}\Shell - "" = AutoRun
O33 - MountPoints2\{e6d3a120-87d2-11de-9fea-951141d3b0bd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f5414587-db52-11dc-b639-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{f5414587-db52-11dc-b639-001a7385345c}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{f54145a5-db52-11dc-b639-001a7385345c}\Shell - "" = AutoRun
O33 - MountPoints2\{f54145a5-db52-11dc-b639-001a7385345c}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\RunGame.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\RunGame.exe -- File not found
[2010-07-10 16:38:19 | 000,001,814 | ---- | M] () -- C:\Users\anton\Desktop\RADO Removal Tool.lnk
[2010-05-12 15:53:18 | 000,224,190 | RHS- | C] () -- C:\Users\anton\AppData\Roaming\winupd.exe
:Commands
[CREATERESTOREPOINT]
[emptytemp]

Klistra in dem i rutan Custom Scans/Fixes.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

 

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

 

Starta om datorn och kör MBAM igen. Dyker registerposten upp igen? För i så fall finns det något dolt i datorn som stoppar tillbaks den.

 

Filen C:\Users\anton\AppData\Roaming\hwreg.exe gör mig mycket fundersam. Det är absolut fel mapp för program samt att det står inuti den att den kommer från Microsoft och de borde ju absolut inte lägga program i den mappen. Inget antivirusprogram hittar något skadligt i den. Men versionsnumret 6.1.7600.16385 (win7_rtm.090713-1255) är ett versionsnummer för Windows 7 och inte för Vista. Är dess beskrivning "Microsoft Custom Dictionary Registration Tool" något du känner igen?

Link to comment
Share on other sites

Tomahawk203

All processes killed

========== OTL ==========

Service NwlnkFwd stopped successfully!

Service NwlnkFwd deleted successfully!

File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.

Service NwlnkFlt stopped successfully!

Service NwlnkFlt deleted successfully!

File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.

Service IpInIp stopped successfully!

Service IpInIp deleted successfully!

File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.

Service GarenaPEngine stopped successfully!

Service GarenaPEngine deleted successfully!

File C:\Users\anton\AppData\Local\Temp\JKOEF20.tmp File not found not found.

Service blbdrive stopped successfully!

Service blbdrive deleted successfully!

File C:\Windows\System32\drivers\blbdrive.sys File not found not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96372AB6-15EB-4316-B497-71C741BC548C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96372AB6-15EB-4316-B497-71C741BC548C}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{35065594-9169-4A34-B167-FC4865038E53} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35065594-9169-4A34-B167-FC4865038E53}\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Update not found.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\Windows\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16f91879-25ab-11de-a0ea-001b24767d28}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16f91879-25ab-11de-a0ea-001b24767d28}\ not found.

File E:\.\Vado\Vado.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e0c6c14-d51d-11dd-92d3-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e0c6c14-d51d-11dd-92d3-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e0c6c14-d51d-11dd-92d3-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e0c6c14-d51d-11dd-92d3-001a7385345c}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e0c6c16-d51d-11dd-92d3-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e0c6c16-d51d-11dd-92d3-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e0c6c16-d51d-11dd-92d3-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e0c6c16-d51d-11dd-92d3-001a7385345c}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48e7db30-a4a9-11de-82e1-f33cee7ca331}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48e7db30-a4a9-11de-82e1-f33cee7ca331}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48e7db30-a4a9-11de-82e1-f33cee7ca331}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48e7db30-a4a9-11de-82e1-f33cee7ca331}\ not found.

File I:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c306fb8-6258-11de-9cd2-001b24767d28}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c306fb8-6258-11de-9cd2-001b24767d28}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c306fb8-6258-11de-9cd2-001b24767d28}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c306fb8-6258-11de-9cd2-001b24767d28}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fea6cb6-a4f4-11de-8a9b-bc1717a2bb4e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fea6cb6-a4f4-11de-8a9b-bc1717a2bb4e}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fea6cb6-a4f4-11de-8a9b-bc1717a2bb4e}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fea6cb6-a4f4-11de-8a9b-bc1717a2bb4e}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5851e22a-025e-11dd-9f55-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5851e22a-025e-11dd-9f55-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5851e22a-025e-11dd-9f55-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5851e22a-025e-11dd-9f55-001a7385345c}\ not found.

File K:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5851e231-025e-11dd-9f55-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5851e231-025e-11dd-9f55-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5851e231-025e-11dd-9f55-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5851e231-025e-11dd-9f55-001a7385345c}\ not found.

File K:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a5ec189-88a7-11de-9590-001b24767d28}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a5ec189-88a7-11de-9590-001b24767d28}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a5ec189-88a7-11de-9590-001b24767d28}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a5ec189-88a7-11de-9590-001b24767d28}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c444325-a71f-11dd-a790-001a6bbafeb0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c444325-a71f-11dd-a790-001a6bbafeb0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c444325-a71f-11dd-a790-001a6bbafeb0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c444325-a71f-11dd-a790-001a6bbafeb0}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c44433f-a71f-11dd-a790-001a6bbafeb0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c44433f-a71f-11dd-a790-001a6bbafeb0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c44433f-a71f-11dd-a790-001a6bbafeb0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c44433f-a71f-11dd-a790-001a6bbafeb0}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e6e637-7727-11dd-b4bb-001a7385345c}\ not found.

File SYSTEM.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e6e637-7727-11dd-b4bb-001a7385345c}\ not found.

File SYSTEM.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e6e637-7727-11dd-b4bb-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e6e637-7727-11dd-b4bb-001a7385345c}\ not found.

File SYSTEM.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aa356ec-6335-11dd-b776-001a6bbafeb0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aa356ec-6335-11dd-b776-001a6bbafeb0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aa356ec-6335-11dd-b776-001a6bbafeb0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aa356ec-6335-11dd-b776-001a6bbafeb0}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95b3209e-a473-11de-9bad-85362dccaf87}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95b3209e-a473-11de-9bad-85362dccaf87}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95b3209e-a473-11de-9bad-85362dccaf87}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95b3209e-a473-11de-9bad-85362dccaf87}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3790bf7-03aa-11dd-a434-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3790bf7-03aa-11dd-a434-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3790bf7-03aa-11dd-a434-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3790bf7-03aa-11dd-a434-001a7385345c}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3790bfe-03aa-11dd-a434-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3790bfe-03aa-11dd-a434-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3790bfe-03aa-11dd-a434-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3790bfe-03aa-11dd-a434-001a7385345c}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8f83953-598a-11de-8045-001b24767d28}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8f83953-598a-11de-8045-001b24767d28}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8f83953-598a-11de-8045-001b24767d28}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8f83953-598a-11de-8045-001b24767d28}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab4f5d27-c464-11de-bc91-001a7385345c}\ not found.

File SYSTEM.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab4f5d27-c464-11de-bc91-001a7385345c}\ not found.

File SYSTEM.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab4f5d27-c464-11de-bc91-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab4f5d27-c464-11de-bc91-001a7385345c}\ not found.

File SYSTEM.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1fe06f0-a782-11dd-bd52-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1fe06f0-a782-11dd-bd52-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1fe06f0-a782-11dd-bd52-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1fe06f0-a782-11dd-bd52-806e6f6e6963}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1fe071f-a782-11dd-bd52-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1fe071f-a782-11dd-bd52-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1fe071f-a782-11dd-bd52-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1fe071f-a782-11dd-bd52-001a7385345c}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0340558-58bb-11de-b581-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0340558-58bb-11de-b581-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0340558-58bb-11de-b581-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0340558-58bb-11de-b581-001a7385345c}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d034057c-58bb-11de-b581-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d034057c-58bb-11de-b581-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d034057c-58bb-11de-b581-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d034057c-58bb-11de-b581-001a7385345c}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d03405a5-58bb-11de-b581-001b24767d28}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d03405a5-58bb-11de-b581-001b24767d28}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d03405a5-58bb-11de-b581-001b24767d28}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d03405a5-58bb-11de-b581-001b24767d28}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d57ac79a-897d-11de-9e22-b2cdb4ae3d3d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d57ac79a-897d-11de-9e22-b2cdb4ae3d3d}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d57ac79a-897d-11de-9e22-b2cdb4ae3d3d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d57ac79a-897d-11de-9e22-b2cdb4ae3d3d}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8927eb9-be58-11de-aae3-001a7385345c}\ not found.

File F:\SYSTEM.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8927eb9-be58-11de-aae3-001a7385345c}\ not found.

File F:\SYSTEM.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8927eb9-be58-11de-aae3-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8927eb9-be58-11de-aae3-001a7385345c}\ not found.

File F:\SYSTEM.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc10a289-5f92-11dd-961a-001a6bbafeb0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc10a289-5f92-11dd-961a-001a6bbafeb0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc10a289-5f92-11dd-961a-001a6bbafeb0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc10a289-5f92-11dd-961a-001a6bbafeb0}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc10a2a3-5f92-11dd-961a-001a6bbafeb0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc10a2a3-5f92-11dd-961a-001a6bbafeb0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc10a2a3-5f92-11dd-961a-001a6bbafeb0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc10a2a3-5f92-11dd-961a-001a6bbafeb0}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc10a2ad-5f92-11dd-961a-001b24767d28}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc10a2ad-5f92-11dd-961a-001b24767d28}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc10a2ad-5f92-11dd-961a-001b24767d28}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc10a2ad-5f92-11dd-961a-001b24767d28}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6d3a075-87d2-11de-9fea-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6d3a075-87d2-11de-9fea-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6d3a075-87d2-11de-9fea-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6d3a075-87d2-11de-9fea-001a7385345c}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6d3a120-87d2-11de-9fea-951141d3b0bd}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6d3a120-87d2-11de-9fea-951141d3b0bd}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6d3a120-87d2-11de-9fea-951141d3b0bd}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6d3a120-87d2-11de-9fea-951141d3b0bd}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5414587-db52-11dc-b639-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5414587-db52-11dc-b639-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5414587-db52-11dc-b639-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5414587-db52-11dc-b639-001a7385345c}\ not found.

File I:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f54145a5-db52-11dc-b639-001a7385345c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f54145a5-db52-11dc-b639-001a7385345c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f54145a5-db52-11dc-b639-001a7385345c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f54145a5-db52-11dc-b639-001a7385345c}\ not found.

File K:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.

File E:\Autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\Setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File G:\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.

File I:\RunGame.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.

File J:\RunGame.exe not found.

File C:\Users\anton\Desktop\RADO Removal Tool.lnk not found.

C:\Users\anton\AppData\Roaming\winupd.exe moved successfully.

========== COMMANDS ==========

 

 

[EMPTYTEMP]

 

User: Administratör

 

User: All Users

 

User: anton

->Temp folder emptied: 39251411 bytes

->Temporary Internet Files folder emptied: 4036408 bytes

->Java cache emptied: 95940799 bytes

->FireFox cache emptied: 62700108 bytes

->Google Chrome cache emptied: 514884315 bytes

->Apple Safari cache emptied: 186454370 bytes

->Flash cache emptied: 51263 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 1262601029 bytes

 

Total Files Cleaned = 2 066,00 mb

 

 

OTL by OldTimer - Version 3.2.8.1 log created on 07112010_233711

 

Files\Folders moved on Reboot...

C:\Users\anton\AppData\Local\Temp\ehmsas.txt moved successfully.

File\Folder C:\Windows\temp\JET52FF.tmp not found!

 

Registry entries deleted on Reboot...

 

Är dess beskrivning "Microsoft Custom Dictionary Registration Tool" något du känner igen?

 

Jag känner igen det eftersom jag har observerat det i min dator. Den hände ganska nyligen och jag vet inte vad den har för funktion.

Link to comment
Share on other sites

Tomahawk203

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4299

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

 

2010-07-12 00:05:50

mbam-log-2010-07-12 (00-05-50).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 135703

Förfluten tid: 12 minut(er), 0 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

Link to comment
Share on other sites

Ta och flytta C:\Users\anton\AppData\Roaming\hwreg.exe till Skrivbordet och byt namn på filen till hwreg.knepig så får vi se om det är något program som klagar på att den saknas.

 

Klistra in en ny OTL-logg så får vi se att allt ser bra ut där också.

Link to comment
Share on other sites

Tomahawk203

Jag har ändrat hwreg.knepig och det verkar som om det inte finns något program som klagar. OTL loggen kommer upp strax, på 90 eller 30 dagar? Jag kör på 90 dagar

Link to comment
Share on other sites

Tomahawk203

OTL logfile created on: 2010-07-12 01:02:40 - Run 3

OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\anton\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free

27,00 Gb Paging File | 25,00 Gb Available in Paging File | 94,00% Paging File free

Paging file location(s): c:\pagefile.sys 30000 30000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142,67 Gb Total Space | 29,03 Gb Free Space | 20,35% Space Free | Partition Type: NTFS

Drive D: | 6,38 Gb Total Space | 1,43 Gb Free Space | 22,43% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ANTONTRINH

Current User Name: anton

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 90 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\anton\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Users\anton\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program\Sports Interactive\Football Manager 2010\fm.exe (Sports Interactive)

PRC - C:\Program\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program\Norton 360\Engine\3.5.0.15\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Program\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - c:\Program\Bioscrypt\VeriSoft\Bin\asghost.exe (Cognizance Corporation)

PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

PRC - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\anton\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File not found

SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe File not found

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.5.0.15\ccSvcHst.exe (Symantec Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (WinDefend) -- C:\Program\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

SRV - (ASBroker) -- c:\Program\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (Cognizance Corporation)

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

SRV - (MSCSPTISRV) -- C:\Program\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

SRV - (ASChannel) -- c:\Program\Bioscrypt\VeriSoft\Bin\ASChnl.dll (Cognizance Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)

SRV - (MSSQLServerADHelper) -- C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100711.002\NAVEX15.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100711.002\NAVENG.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0305000.00F\SRTSP.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMFW.SYS (Symantec Corporation)

DRV - (SYMNDISV) -- C:\Windows\system32\drivers\N360\0305000.00F\SYMNDISV.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0305000.00F\SRTSPX.SYS (Symantec Corporation)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0305000.00F\ccHPx86.sys (Symantec Corporation)

DRV - (BHDrvx86) -- C:\Windows\system32\drivers\N360\0305000.00F\BHDrvx86.sys (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100709.001\IDSvix86.sys (Symantec Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (usbaudio) USB-ljuddrivrutiner (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-19 20:10:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-19 20:10:29 | 000,000,000 | ---D | M]

 

[2008-10-03 22:37:02 | 000,000,000 | ---D | M] -- C:\Users\anton\AppData\Roaming\mozilla\Extensions

[2010-06-09 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions

[2009-07-27 16:06:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009-10-24 19:46:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2008-12-17 23:24:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009-07-24 00:59:36 | 000,000,000 | ---D | M] -- C:\Users\anton\AppData\Roaming\mozilla\Firefox\Profiles\dwn4gpks.default\extensions\firefox@tvunetworks.com

[2010-07-11 23:45:23 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions

[2010-05-02 11:27:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll

[2009-02-03 17:35:38 | 000,120,296 | ---- | M] ( ) -- C:\Program\Mozilla Firefox\plugins\npganymedenet.dll

[2009-03-24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2009-05-24 23:55:16 | 000,001,470 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml

[2009-05-24 23:55:17 | 000,002,670 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml

[2009-05-24 23:55:17 | 000,000,948 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml

[2009-05-24 23:55:17 | 000,001,174 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml

[2009-05-24 23:55:17 | 000,000,647 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2008-09-27 18:04:32 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton 360\Engine\3.5.0.15\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe File not found

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program\Norton 360\Engine\3.5.0.15\CoIEPlg.dll (Symantec Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-04-11 23:05:06 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2005-09-11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010-07-11 23:37:11 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-07-10 16:46:58 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\Malwarebytes

[2010-07-10 16:46:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010-07-10 16:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010-07-10 16:46:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010-07-10 16:46:05 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2010-07-10 13:09:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\anton\Desktop\OTL.exe

[2010-07-09 22:10:51 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\Uniblue

[2010-07-09 20:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010-07-09 20:28:58 | 000,000,000 | ---D | C] -- C:\Program\Spybot - Search & Destroy

[2010-07-09 13:29:07 | 000,000,000 | ---D | C] -- C:\Program\Common Files\Wise Installation Wizard

[2010-07-09 12:42:37 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\MAGIX

[2010-07-09 12:41:36 | 000,014,208 | ---- | C] (MAGIX) -- C:\Windows\System32\drivers\disksec.sys

[2010-07-09 12:41:26 | 000,991,232 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe

[2010-07-09 12:41:26 | 000,720,896 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll

[2010-07-09 12:41:26 | 000,274,432 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll

[2010-07-09 12:41:26 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll

[2010-07-09 12:41:26 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll

[2010-07-09 12:41:26 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll

[2010-07-09 12:41:26 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDA32.dll

[2010-07-09 12:41:26 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll

[2010-07-09 12:41:26 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll

[2010-07-09 12:41:26 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll

[2010-07-09 12:41:26 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll

[2010-07-09 12:41:26 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPTL32.dll

[2010-07-09 12:41:26 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDF32.dll

[2010-07-09 12:41:26 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLTPO32.dll

[2010-07-09 12:41:26 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRJ32.dll

[2010-07-09 12:41:26 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIMG32.dll

[2010-07-09 12:41:26 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRD32.dll

[2010-07-09 12:41:26 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLMSC32.dll

[2010-07-09 12:41:26 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLISO32.dll

[2010-07-09 12:41:26 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDIR32.dll

[2010-07-09 12:41:26 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTIC32.dll

[2010-07-09 12:41:26 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTI32.dll

[2010-07-09 12:41:26 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIX.dll

[2010-07-09 12:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX

[2010-07-09 12:40:09 | 000,000,000 | ---D | C] -- C:\Program\MAGIX

[2010-07-09 12:38:35 | 000,000,000 | ---D | C] -- C:\Program\Common Files\MAGIX Services

[2010-06-28 23:14:25 | 000,000,000 | ---D | C] -- C:\Users\anton\Documents\My Games

[2010-06-28 21:55:58 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\The Sims 3 - Razor1911 Final MAXSPEED

[2010-06-24 03:03:25 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010-06-24 03:03:23 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010-06-24 03:03:23 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010-06-23 14:15:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-06-23 14:15:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010-06-20 18:48:13 | 000,000,000 | ---D | C] -- C:\Users\anton\P5JavaClientSettings

[2010-06-19 20:13:52 | 000,000,000 | ---D | C] -- C:\Program\iPod

[2010-06-19 20:13:47 | 000,000,000 | ---D | C] -- C:\Program\iTunes

[2010-06-19 20:09:31 | 000,000,000 | ---D | C] -- C:\Program\QuickTime

[2010-06-19 20:03:52 | 000,000,000 | ---D | C] -- C:\Program\Apple Software Update

[2010-06-19 19:36:36 | 000,000,000 | R--D | C] -- C:\Program\Norton Support

[2010-06-19 13:15:44 | 000,000,000 | ---D | C] -- C:\Program\Windows Installer Clean Up

[2010-06-19 03:19:15 | 000,000,000 | ---D | C] -- C:\Program\Bonjour

[2010-06-18 12:11:26 | 000,000,000 | ---D | C] -- C:\Users\anton\Office Genuine Advantage

[2010-06-17 18:57:42 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Local\ApplicationHistory

[2010-06-17 18:03:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP

[2010-06-17 15:58:12 | 000,000,000 | ---D | C] -- C:\Program\SEGA

[2010-06-16 23:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage

[2010-06-16 09:40:44 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[2010-06-12 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Ny mapp (2)

[2010-06-11 21:58:51 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010-06-11 21:58:48 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010-06-11 21:58:48 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010-06-11 21:58:46 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010-06-11 21:57:54 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010-06-11 21:48:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010-06-11 21:48:31 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010-06-11 21:48:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010-06-11 18:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology

[2010-06-11 14:38:17 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Anton student -10

[2010-06-09 22:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games

[2010-06-07 15:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010-06-06 18:34:58 | 000,000,000 | ---D | C] -- C:\Program\SystemRequirementsLab

[2010-06-03 19:06:30 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Roaming\SystemRequirementsLab

[2010-05-31 19:41:33 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll

[2010-05-31 19:37:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive

[2010-05-31 18:14:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images

[2010-05-31 13:13:30 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Ny mapp

[2010-05-30 12:05:41 | 000,000,000 | ---D | C] -- C:\Users\anton\AppData\Local\storage

[2010-05-30 12:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2010-05-29 10:31:54 | 000,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys

[2010-05-29 10:31:42 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2010-05-29 10:30:36 | 000,000,000 | ---D | C] -- C:\Program\Symantec

[2010-05-29 10:29:40 | 000,000,000 | ---D | C] -- C:\Program\Norton 360

[2010-05-29 10:29:13 | 000,000,000 | ---D | C] -- C:\Program\NortonInstaller

[2010-05-28 08:47:44 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Users\anton\Desktop\hwreg.knepig

[2010-05-26 08:48:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010-05-18 16:35:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2010-05-18 16:35:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2010-05-02 11:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010-05-02 11:27:55 | 000,000,000 | ---D | C] -- C:\Program\Common Files\Java

[2010-05-02 11:27:08 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010-05-02 11:27:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010-05-02 11:27:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010-05-02 11:27:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010-04-28 15:52:39 | 000,000,000 | ---D | C] -- C:\Users\anton\Desktop\Pop

[2010-04-19 20:47:44 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll

[2010-04-16 15:43:17 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm

[2010-04-16 15:43:17 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

[2010-04-16 15:43:11 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2010-04-16 15:43:03 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010-04-16 15:43:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[3 C:\Users\anton\AppData\Roaming\*.tmp files -> C:\Users\anton\AppData\Roaming\*.tmp -> ]

[1 C:\Users\anton\Desktop\*.tmp files -> C:\Users\anton\Desktop\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2010-07-12 01:06:41 | 011,534,336 | -HS- | M] () -- C:\Users\anton\ntuser.dat

[2010-07-12 00:11:01 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3038531085-385911798-1803676192-1000UA.job

[2010-07-11 23:48:01 | 000,164,161 | ---- | M] () -- C:\Users\anton\AppData\Roaming\nvModes.001

[2010-07-11 23:45:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010-07-11 23:45:13 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-anton-Startup.job

[2010-07-11 23:45:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010-07-11 23:45:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010-07-11 23:45:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-07-11 23:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-07-11 23:39:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010-07-11 23:38:50 | 000,524,288 | -HS- | M] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

[2010-07-11 23:38:50 | 000,065,536 | -HS- | M] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TM.blf

[2010-07-11 14:06:49 | 000,170,496 | ---- | M] () -- C:\Users\anton\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-11 12:37:21 | 000,164,161 | ---- | M] () -- C:\Users\anton\AppData\Roaming\nvModes.dat

[2010-07-11 02:11:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3038531085-385911798-1803676192-1000Core.job

[2010-07-10 18:23:43 | 005,254,832 | ---- | M] () -- C:\Users\anton\Desktop\Brett_Dennen_-_Make_you_crazy.mp3

[2010-07-10 18:17:53 | 000,000,443 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\OTL - genväg.lnk

[2010-07-10 18:17:27 | 000,000,818 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010-07-10 17:23:56 | 006,291,456 | -H-- | M] () -- C:\Users\anton\AppData\Local\IconCache.db

[2010-07-10 17:23:09 | 000,000,000 | ---- | M] () -- C:\Users\anton\AppData\Roaming\winx.ld

[2010-07-10 13:11:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\anton\Desktop\OTL.exe

[2010-07-09 20:29:27 | 000,001,079 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-09 16:24:32 | 009,107,338 | ---- | M] () -- C:\Users\anton\Desktop\Mohombi__-_Bumpy_Ride.mp3

[2010-07-09 12:42:26 | 000,000,111 | ---- | M] () -- C:\Windows\installation.ini

[2010-07-08 22:36:48 | 007,188,513 | ---- | M] () -- C:\Users\anton\Desktop\Inna - Sun Is Up ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:35:35 | 005,153,466 | ---- | M] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Usher - Dirty Dancer (Prod. By RedOne) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:32:18 | 004,470,683 | ---- | M] () -- C:\Users\anton\Desktop\Francisco Feat. Rohff - Animal (Prod. By Gee Futuristic) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:31:24 | 005,898,896 | ---- | M] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Akon - One Day At A Time (Prod. By RedOne Konvict) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:30:53 | 007,007,988 | ---- | M] () -- C:\Users\anton\Desktop\Casely Feat. Machel Montano & David Rush - Burn It Up (Remix) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:29:23 | 009,885,359 | ---- | M] () -- C:\Users\anton\Desktop\Casely Feat. Pitbull - Messy ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:26:24 | 007,995,143 | ---- | M] () -- C:\Users\anton\Desktop\Charice Feat. Iyaz - Pyramid ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:20:20 | 006,068,217 | ---- | M] () -- C:\Users\anton\Desktop\Johnta Austin - My Love.mp3

[2010-07-07 12:11:56 | 005,750,110 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010-07-07 12:11:55 | 002,462,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010-07-07 12:11:55 | 001,965,858 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010-07-07 12:11:55 | 001,888,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010-07-07 12:11:54 | 000,005,534 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010-07-06 15:15:13 | 012,671,887 | ---- | M] () -- C:\Users\anton\Desktop\Lenka_-_Trouble_Is_A_Friend_20.mp3

[2010-06-30 13:39:41 | 005,620,193 | ---- | M] () -- C:\Users\anton\Desktop\David Archuleta - Crush [www.4music.lt].mp3

[2010-06-30 13:39:33 | 005,707,904 | ---- | M] () -- C:\Users\anton\Desktop\Justin Timberlake Ft. T.I. - My Love.mp3

[2010-06-30 13:38:20 | 006,694,168 | ---- | M] () -- C:\Users\anton\Desktop\Massari - Real Love ( 2oo9 ) [ www.Black-Center.com ].mp3

[2010-06-30 13:38:11 | 008,358,307 | ---- | M] () -- C:\Users\anton\Desktop\wWw.NewHMusic.Com - Akon-Keep You Much Longer.mp3

[2010-06-23 17:46:49 | 000,002,401 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

[2010-06-23 17:44:36 | 000,002,633 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk

[2010-06-22 13:23:03 | 004,665,171 | ---- | M] () -- C:\Users\anton\Desktop\Demarco - Standing Soldier [iM1].mp3

[2010-06-20 19:04:07 | 003,340,098 | ---- | M] () -- C:\Users\anton\Desktop\Francisco - And Now We Dance [LATESTJAMZ.COM].mp3

[2010-06-20 18:15:32 | 000,008,268 | ---- | M] () -- C:\Users\anton\AppData\Local\d3d9caps.dat

[2010-06-20 00:03:24 | 000,524,288 | -HS- | M] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000002.regtrans-ms

[2010-06-19 14:05:25 | 000,524,288 | -HS- | M] () -- C:\Users\anton\ntuser.dat{2945b911-0846-11df-9aa7-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

[2010-06-19 14:05:25 | 000,065,536 | -HS- | M] () -- C:\Users\anton\ntuser.dat{2945b911-0846-11df-9aa7-001a7385345c}.TM.blf

[2010-06-18 19:15:52 | 005,893,519 | ---- | M] () -- C:\Users\anton\Desktop\11-Akcent - That's My Name (Radio Edit).mp3

[2010-06-18 19:11:35 | 006,350,848 | ---- | M] () -- C:\Users\anton\Desktop\Ne-Yo - Together [iM1].mp3

[2010-06-18 19:10:13 | 009,485,911 | ---- | M] () -- C:\Users\anton\Desktop\Drew_Deezy__Thai_-_I_Dont_See_.mp3

[2010-06-18 19:08:23 | 005,753,539 | ---- | M] () -- C:\Users\anton\Desktop\Usher - Oh My Gosh.mp3

[2010-06-18 12:14:16 | 000,025,600 | ---- | M] () -- C:\Users\anton\Desktop\personlig assisten.doc

[2010-06-18 09:52:53 | 013,133,769 | ---- | M] () -- C:\Users\anton\Desktop\Sean Kingston - Fire Burning (Cherry Coke Remix) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:53 | 003,616,002 | ---- | M] () -- C:\Users\anton\Desktop\Shakira - Waka Waka (David Guetta Remix) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:52 | 020,328,535 | ---- | M] () -- C:\Users\anton\Desktop\Kelly Rowland feat David Guetta - Commander (Rafael Lelis Reconstruction Dub) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:52 | 004,774,062 | ---- | M] () -- C:\Users\anton\Desktop\Infected Culture meets Corona - The Summer Is Magic 2010 (Bootleg Edit) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:51 | 013,071,073 | ---- | M] () -- C:\Users\anton\Desktop\DJ Antoine - Starting Tonight (Clubzound Flipping Remix) (2010) [www.RnB4U.in].mp3

[2010-06-18 09:52:51 | 010,613,473 | ---- | M] () -- C:\Users\anton\Desktop\Discotronic meets Tevin - To The Moon And Back (M. Deejay & Tunebot Remix) (2010) [www.RnB4U.in].mp3

[2010-06-17 18:57:43 | 000,000,093 | ---- | M] () -- C:\Users\anton\AppData\Local\fusioncache.dat

[2010-06-16 10:00:55 | 000,000,222 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Liknande.url

[2010-06-15 10:59:57 | 004,974,394 | ---- | M] () -- C:\Users\anton\Desktop\Darin_-_Breathing_your_Love__Slow_Version_.mp3

[2010-06-14 17:29:38 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForanton.job

[2010-06-12 13:53:37 | 002,496,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010-06-07 15:24:50 | 000,023,580 | ---- | M] () -- C:\Users\anton\AppData\Roaming\UserTile.png

[2010-05-31 20:01:36 | 000,001,080 | ---- | M] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\fm.exe - genväg.lnk

[2010-05-31 19:41:33 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll

[2010-05-30 18:35:51 | 006,685,601 | ---- | M] () -- C:\Users\anton\Desktop\Rihanna feat. Will.I.Am - Photographs.mp3

[2010-05-29 10:30:36 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2010-05-29 10:30:36 | 000,007,386 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2010-05-29 10:30:36 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2010-05-29 10:30:24 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2010-05-29 10:30:14 | 000,025,648 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys

[2010-05-28 08:47:44 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Users\anton\Desktop\hwreg.knepig

[2010-05-27 13:53:48 | 673,843,743 | ---- | M] () -- C:\Users\anton\Desktop\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip

[2010-05-26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010-05-26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010-05-26 11:39:26 | 005,549,618 | ---- | M] () -- C:\Users\anton\Desktop\Brooke Hogan ft. Paul Wall - About Us.mp3

[2010-05-25 21:19:33 | 004,455,476 | ---- | M] () -- C:\Users\anton\Desktop\Go-Hard.mp3

[2010-05-24 15:59:28 | 003,296,836 | ---- | M] () -- C:\Users\anton\Desktop\Settler Project - Le [www.4music.lt].mp3

[2010-05-21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010-05-19 20:09:07 | 000,104,960 | ---- | M] () -- C:\Users\anton\Documents\viet lyrics.doc

[2010-05-18 16:35:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2010-05-18 16:35:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2010-05-04 21:10:47 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010-05-04 21:10:47 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010-05-04 21:10:46 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010-05-04 20:37:45 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010-05-01 16:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010-04-23 16:13:55 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010-04-19 20:47:44 | 003,062,048 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll

[2010-04-17 15:37:56 | 000,025,600 | ---- | M] () -- C:\Users\anton\Desktop\lagerarbetare.doc

[2010-04-16 18:43:35 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-04-16 16:39:07 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010-04-14 17:22:40 | 000,000,104 | ---- | M] () -- C:\Users\anton\Desktop\Papperskorgen - genväg.lnk

[3 C:\Users\anton\AppData\Roaming\*.tmp files -> C:\Users\anton\AppData\Roaming\*.tmp -> ]

[1 C:\Users\anton\Desktop\*.tmp files -> C:\Users\anton\Desktop\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-07-10 18:22:04 | 005,254,832 | ---- | C] () -- C:\Users\anton\Desktop\Brett_Dennen_-_Make_you_crazy.mp3

[2010-07-10 18:17:53 | 000,000,443 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\OTL - genväg.lnk

[2010-07-10 18:17:27 | 000,000,818 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010-07-10 17:23:09 | 000,000,000 | ---- | C] () -- C:\Users\anton\AppData\Roaming\winx.ld

[2010-07-09 20:29:27 | 000,001,079 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-09 16:23:33 | 009,107,338 | ---- | C] () -- C:\Users\anton\Desktop\Mohombi__-_Bumpy_Ride.mp3

[2010-07-09 12:42:26 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini

[2010-07-09 12:41:26 | 000,038,492 | ---- | C] () -- C:\Windows\System32\DLLAV32.lib

[2010-07-09 12:40:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2010-07-08 22:36:20 | 007,188,513 | ---- | C] () -- C:\Users\anton\Desktop\Inna - Sun Is Up ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:35:14 | 005,153,466 | ---- | C] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Usher - Dirty Dancer (Prod. By RedOne) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:31:58 | 004,470,683 | ---- | C] () -- C:\Users\anton\Desktop\Francisco Feat. Rohff - Animal (Prod. By Gee Futuristic) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:31:00 | 005,898,896 | ---- | C] () -- C:\Users\anton\Desktop\Enrique Iglesias Feat. Akon - One Day At A Time (Prod. By RedOne Konvict) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:30:23 | 007,007,988 | ---- | C] () -- C:\Users\anton\Desktop\Casely Feat. Machel Montano & David Rush - Burn It Up (Remix) ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:28:44 | 009,885,359 | ---- | C] () -- C:\Users\anton\Desktop\Casely Feat. Pitbull - Messy ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:26:07 | 007,995,143 | ---- | C] () -- C:\Users\anton\Desktop\Charice Feat. Iyaz - Pyramid ( 2o1o ) [ www.MzHipHop.com ].mp3

[2010-07-08 22:20:05 | 006,068,217 | ---- | C] () -- C:\Users\anton\Desktop\Johnta Austin - My Love.mp3

[2010-07-06 15:13:27 | 012,671,887 | ---- | C] () -- C:\Users\anton\Desktop\Lenka_-_Trouble_Is_A_Friend_20.mp3

[2010-06-30 13:39:16 | 005,620,193 | ---- | C] () -- C:\Users\anton\Desktop\David Archuleta - Crush [www.4music.lt].mp3

[2010-06-30 13:38:34 | 005,707,904 | ---- | C] () -- C:\Users\anton\Desktop\Justin Timberlake Ft. T.I. - My Love.mp3

[2010-06-30 13:37:56 | 006,694,168 | ---- | C] () -- C:\Users\anton\Desktop\Massari - Real Love ( 2oo9 ) [ www.Black-Center.com ].mp3

[2010-06-30 13:37:21 | 008,358,307 | ---- | C] () -- C:\Users\anton\Desktop\wWw.NewHMusic.Com - Akon-Keep You Much Longer.mp3

[2010-06-24 13:37:30 | 003,616,002 | ---- | C] () -- C:\Users\anton\Desktop\Shakira - Waka Waka (David Guetta Remix) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:28 | 013,133,769 | ---- | C] () -- C:\Users\anton\Desktop\Sean Kingston - Fire Burning (Cherry Coke Remix) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:23 | 020,328,535 | ---- | C] () -- C:\Users\anton\Desktop\Kelly Rowland feat David Guetta - Commander (Rafael Lelis Reconstruction Dub) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:22 | 004,774,062 | ---- | C] () -- C:\Users\anton\Desktop\Infected Culture meets Corona - The Summer Is Magic 2010 (Bootleg Edit) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:17 | 013,071,073 | ---- | C] () -- C:\Users\anton\Desktop\DJ Antoine - Starting Tonight (Clubzound Flipping Remix) (2010) [www.RnB4U.in].mp3

[2010-06-24 13:37:15 | 010,613,473 | ---- | C] () -- C:\Users\anton\Desktop\Discotronic meets Tevin - To The Moon And Back (M. Deejay & Tunebot Remix) (2010) [www.RnB4U.in].mp3

[2010-06-22 13:22:15 | 004,665,171 | ---- | C] () -- C:\Users\anton\Desktop\Demarco - Standing Soldier [iM1].mp3

[2010-06-20 19:04:00 | 003,340,098 | ---- | C] () -- C:\Users\anton\Desktop\Francisco - And Now We Dance [LATESTJAMZ.COM].mp3

[2010-06-19 19:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000002.regtrans-ms

[2010-06-19 19:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

[2010-06-19 19:33:09 | 000,065,536 | -HS- | C] () -- C:\Users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TM.blf

[2010-06-18 19:13:32 | 005,893,519 | ---- | C] () -- C:\Users\anton\Desktop\11-Akcent - That's My Name (Radio Edit).mp3

[2010-06-18 19:10:04 | 006,350,848 | ---- | C] () -- C:\Users\anton\Desktop\Ne-Yo - Together [iM1].mp3

[2010-06-18 19:09:14 | 009,485,911 | ---- | C] () -- C:\Users\anton\Desktop\Drew_Deezy__Thai_-_I_Dont_See_.mp3

[2010-06-18 19:07:57 | 005,753,539 | ---- | C] () -- C:\Users\anton\Desktop\Usher - Oh My Gosh.mp3

[2010-06-17 18:57:43 | 000,000,093 | ---- | C] () -- C:\Users\anton\AppData\Local\fusioncache.dat

[2010-06-16 10:00:55 | 000,000,222 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Liknande.url

[2010-06-15 10:59:22 | 004,974,394 | ---- | C] () -- C:\Users\anton\Desktop\Darin_-_Breathing_your_Love__Slow_Version_.mp3

[2010-06-07 11:09:50 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForanton.job

[2010-05-31 20:01:36 | 000,001,080 | ---- | C] () -- C:\Users\anton\Application Data\Microsoft\Internet Explorer\Quick Launch\fm.exe - genväg.lnk

[2010-05-30 18:26:54 | 006,685,601 | ---- | C] () -- C:\Users\anton\Desktop\Rihanna feat. Will.I.Am - Photographs.mp3

[2010-05-29 10:31:42 | 000,007,386 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2010-05-29 10:31:42 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2010-05-29 10:30:24 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2010-05-27 13:43:53 | 673,843,743 | ---- | C] () -- C:\Users\anton\Desktop\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip

[2010-05-26 11:39:16 | 005,549,618 | ---- | C] () -- C:\Users\anton\Desktop\Brooke Hogan ft. Paul Wall - About Us.mp3

[2010-05-25 21:19:15 | 004,455,476 | ---- | C] () -- C:\Users\anton\Desktop\Go-Hard.mp3

[2010-05-24 15:59:17 | 003,296,836 | ---- | C] () -- C:\Users\anton\Desktop\Settler Project - Le [www.4music.lt].mp3

[2010-05-19 20:09:06 | 000,104,960 | ---- | C] () -- C:\Users\anton\Documents\viet lyrics.doc

[2010-04-17 15:37:56 | 000,025,600 | ---- | C] () -- C:\Users\anton\Desktop\lagerarbetare.doc

[2010-04-17 15:29:50 | 000,025,600 | ---- | C] () -- C:\Users\anton\Desktop\personlig assisten.doc

[2010-04-14 17:22:40 | 000,000,104 | ---- | C] () -- C:\Users\anton\Desktop\Papperskorgen - genväg.lnk

[2010-03-11 09:32:44 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2009-09-11 19:42:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009-08-02 17:19:00 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009-06-19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2009-06-19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008-10-22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2008-08-31 18:00:13 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll

[2008-08-25 06:02:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\DELG1L3.DLL

[2008-08-22 07:32:18 | 000,217,088 | ---- | C] () -- C:\Windows\System32\ssminidriver.dll

[2008-08-22 07:32:18 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ssimgfilter.dll

[2008-08-22 07:32:18 | 000,011,264 | ---- | C] () -- C:\Windows\System32\sssegfilter.dll

[2008-08-22 07:32:18 | 000,010,752 | ---- | C] () -- C:\Windows\System32\sserrhandler.dll

[2008-05-14 10:37:24 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll

[2007-10-31 19:53:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2007-09-11 21:15:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007-09-03 20:50:19 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2007-05-09 20:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2007-03-29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006-03-10 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005-08-02 23:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

[2005-05-07 14:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2005-04-03 22:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll

[2001-11-14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1998-05-07 03:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

 

========== Files - Unicode (All) ==========

[2009-08-13 16:43:26 | 000,026,624 | ---- | M] ()(C:\Users\anton\Documents\Em yêu d?u bi?t r?ng cu?c tình.doc) -- C:\Users\anton\Documents\Em yêu dẫu biết rằng cuộc tình.doc

[2009-08-13 16:43:25 | 000,026,624 | ---- | C] ()(C:\Users\anton\Documents\Em yêu d?u bi?t r?ng cu?c tình.doc) -- C:\Users\anton\Documents\Em yêu dẫu biết rằng cuộc tình.doc

< End of report >

Link to comment
Share on other sites

Det där ser ju bra ut. Du kan klistra in nya DDS-loggar också för en extra koll.

 

Hur fungerar datorn nu?

Link to comment
Share on other sites

Tomahawk203

winupd.exe filen är borta nu och det verkar som jag inte har några illasinnade filer kvar! Vad ska jag göra med hwreg.knepig filen på skrivbordet nu då?

Link to comment
Share on other sites

Tomahawk203

DDS (Ver_10-03-17.01) - NTFSx86

Run by anton at 1:46:03,51 on 2010-07-12

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2046.810 [GMT 2:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\System32\svchost.exe -k Cognizance

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program Files\Norton 360\Engine\3.5.0.15\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Norton 360\Engine\3.5.0.15\ccSvcHst.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Users\anton\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe

C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\Explorer.EXE

C:\Users\anton\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.0.15\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.0.15\IPSBHO.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.0.15\coIEPlg.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {35065594-9169-4A34-B167-FC4865038E53} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Google Update] "c:\users\anton\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {E6073F93-9541-4be4-9800-109D378EB99B} - c:\microgaming\poker\nordicbetmpp\MPPoker.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: {E031D239-883B-4683-85F6-262CD7D4855A} = 148.160.16.66,148.160.16.67

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.0.15\CoIEPlg.dll

AppInit_DLLs: APSHook.dll

LSA: Notification Packages = scecli ASWLNPkg

uASetup: {b60e406s1i-57u71ltr0x-ts6w2q507t-e641mty1c9} - c:\users\anton\appdata\roaming\microsoft\windows\templates\winupd.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\anton\appdata\roaming\mozilla\firefox\profiles\dwn4gpks.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\users\anton\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\users\anton\appdata\roaming\mozilla\firefox\profiles\dwn4gpks.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305000.00f\SymEFA.sys [2010-5-29 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305000.00f\BHDrvx86.sys [2010-5-29 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305000.00f\cchpx86.sys [2010-5-29 482352]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100709.001\IDSvix86.sys [2010-7-10 344112]

R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-10-20 21504]

R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-10-20 21504]

R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.0.15\ccSvcHst.exe [2010-5-29 117624]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-30 102448]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0305000.00f\symndisv.sys [2010-5-29 48688]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-20 21504]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

 

=============== Created Last 30 ================

 

2010-07-11 21:37:11 0 d-----w- C:\_OTL

2010-07-10 14:46:58 0 d-----w- c:\users\anton\appdata\roaming\Malwarebytes

2010-07-10 14:46:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-10 14:46:11 0 d-----w- c:\programdata\Malwarebytes

2010-07-10 14:46:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-10 14:46:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-09 20:10:51 0 d-----w- c:\users\anton\appdata\roaming\Uniblue

2010-07-09 18:28:58 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-07-09 18:28:58 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-07-09 11:29:07 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-07-09 10:42:37 0 d-----w- c:\users\anton\appdata\roaming\MAGIX

2010-07-09 10:42:26 111 ----a-w- c:\windows\installation.ini

2010-07-09 10:40:22 0 d-----w- c:\programdata\MAGIX

2010-07-09 10:40:09 0 d-----w- c:\program files\MAGIX

2010-07-09 10:40:08 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll

2010-07-09 10:38:35 0 d-----w- c:\program files\common files\MAGIX Services

2010-06-24 01:03:25 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-24 01:03:23 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-24 01:03:23 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-24 01:03:23 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-24 01:03:22 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 12:15:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-23 12:15:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-20 16:48:13 0 d-----w- c:\users\anton\P5JavaClientSettings

2010-06-19 18:13:52 0 d-----w- c:\program files\iPod

2010-06-19 18:13:47 0 d-----w- c:\program files\iTunes

2010-06-19 17:36:36 0 d-----r- c:\program files\Norton Support

2010-06-19 17:33:09 65536 --sha-w- c:\users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TM.blf

2010-06-19 17:33:09 524288 --sha-w- c:\users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000002.regtrans-ms

2010-06-19 17:33:09 524288 --sha-w- c:\users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

2010-06-19 11:15:44 0 d-----w- c:\program files\Windows Installer Clean Up

2010-06-19 01:19:15 0 d-----w- c:\program files\Bonjour

2010-06-18 10:11:26 0 d-----w- c:\users\anton\Office Genuine Advantage

2010-06-17 16:03:46 0 d-----w- c:\windows\system32\URTTEMP

2010-06-17 13:58:12 0 d-----w- c:\program files\SEGA

2010-06-16 21:29:25 0 d-----w- c:\programdata\Office Genuine Advantage

2010-06-16 07:40:44 0 d-----w- c:\windows\CheckSur

 

==================== Find3M ====================

 

2010-07-11 10:37:21 164161 ----a-w- c:\users\anton\appdata\roaming\nvModes.dat

2010-07-08 16:23:16 51200 ----a-w- c:\windows\inf\infpub.dat

2010-07-07 10:11:56 5750110 ----a-w- c:\windows\system32\perfh01D.dat

2010-07-07 10:11:55 1965858 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 01:22:51 143360 ----a-w- c:\windows\inf\infstor.dat

2010-06-19 01:22:50 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-05-31 17:41:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-05-29 08:30:36 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-29 08:30:36 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-29 08:30:36 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-29 08:30:14 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-21 12:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-18 14:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 14:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-04 19:15:20 834048 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 10:14:59 75360 ----a-w- c:\windows\fonts\upcei.ttf

2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-19 18:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-11-04 10:56:02 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-11-17 19:36:21 174 --sha-w- c:\program files\desktop.ini

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

 

============= FINISH: 1:48:34,44 ===============

attach.txt

Link to comment
Share on other sites

uASetup: {b60e406s1i-57u71ltr0x-ts6w2q507t-e641mty1c9} - c:\users\anton\appdata\roaming\microsoft\windows\templates\winupd.exe

Det är en rad kvar i registret som har med infektionen att göra. Den är ju ofarlig nu när filen är borta men MBAM borde ta bort den om du kör en fullständig skanning i stället för en snabbskanning.

 

Du har en del gamla programversioner med säkerhetshål. Jag ser VLC och Skype, men Secunias Software Inspector kan göra en kontroll åt dig.

 

Nu återstår bara en sista städomgång:

 

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

XP:

Start - Program- Tillbehör - Systemverktyg - Systemåterställning

Välj att skapa en ny återställningspunkt och tryck på Nästa.

Vista och Windows 7:

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

 

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

 

2. Starta OTL och klicka på knappen CleanUp!. Det medför att OTL och DDS kommer att avinstalleras efter en omstart av datorn. Ta bort loggar som du har liggande på Skrivbordet.

 

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator. http://sites.google.com/site/ceblstockholm/home

 

Tillägg: Jag kan försöka undersöka hwreg-filen lite mer. Du kan ladda upp den på http://www.skickafilen.se/ och skicka länken du får tillbaks i ett PM (meddelande) till mig.

Link to comment
Share on other sites

Tomahawk203

DDS (Ver_10-03-17.01) - NTFSx86

Run by anton at 11:53:56,91 on 2010-07-12

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2046.877 [GMT 2:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\System32\svchost.exe -k Cognizance

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\anton\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program Files\Norton 360\Engine\3.5.0.15\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Norton 360\Engine\3.5.0.15\ccSvcHst.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\anton\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\anton\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.0.15\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.0.15\IPSBHO.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.0.15\coIEPlg.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {35065594-9169-4A34-B167-FC4865038E53} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Google Update] "c:\users\anton\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {E6073F93-9541-4be4-9800-109D378EB99B} - c:\microgaming\poker\nordicbetmpp\MPPoker.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: {E031D239-883B-4683-85F6-262CD7D4855A} = 148.160.16.66,148.160.16.67

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.0.15\CoIEPlg.dll

AppInit_DLLs: APSHook.dll

LSA: Notification Packages = scecli ASWLNPkg

uASetup: {b60e406s1i-57u71ltr0x-ts6w2q507t-e641mty1c9} - c:\users\anton\appdata\roaming\microsoft\windows\templates\winupd.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\anton\appdata\roaming\mozilla\firefox\profiles\dwn4gpks.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\users\anton\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\users\anton\appdata\roaming\mozilla\firefox\profiles\dwn4gpks.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305000.00f\SymEFA.sys [2010-5-29 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305000.00f\BHDrvx86.sys [2010-5-29 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305000.00f\cchpx86.sys [2010-5-29 482352]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100709.001\IDSvix86.sys [2010-7-10 344112]

R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-10-20 21504]

R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-10-20 21504]

R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.0.15\ccSvcHst.exe [2010-5-29 117624]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-30 102448]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0305000.00f\symndisv.sys [2010-5-29 48688]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-20 21504]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

 

=============== Created Last 30 ================

 

2010-07-11 21:37:11 0 d-----w- C:\_OTL

2010-07-10 14:46:58 0 d-----w- c:\users\anton\appdata\roaming\Malwarebytes

2010-07-10 14:46:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-10 14:46:11 0 d-----w- c:\programdata\Malwarebytes

2010-07-10 14:46:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-10 14:46:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-09 20:10:51 0 d-----w- c:\users\anton\appdata\roaming\Uniblue

2010-07-09 18:28:58 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-07-09 18:28:58 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-07-09 11:29:07 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-07-09 10:42:37 0 d-----w- c:\users\anton\appdata\roaming\MAGIX

2010-07-09 10:42:26 111 ----a-w- c:\windows\installation.ini

2010-07-09 10:40:22 0 d-----w- c:\programdata\MAGIX

2010-07-09 10:40:09 0 d-----w- c:\program files\MAGIX

2010-07-09 10:40:08 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll

2010-07-09 10:38:35 0 d-----w- c:\program files\common files\MAGIX Services

2010-06-24 01:03:25 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-24 01:03:23 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-24 01:03:23 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-24 01:03:23 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-24 01:03:22 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 12:15:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-23 12:15:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-20 16:48:13 0 d-----w- c:\users\anton\P5JavaClientSettings

2010-06-19 18:13:52 0 d-----w- c:\program files\iPod

2010-06-19 18:13:47 0 d-----w- c:\program files\iTunes

2010-06-19 17:36:36 0 d-----r- c:\program files\Norton Support

2010-06-19 17:33:09 65536 --sha-w- c:\users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TM.blf

2010-06-19 17:33:09 524288 --sha-w- c:\users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000002.regtrans-ms

2010-06-19 17:33:09 524288 --sha-w- c:\users\anton\ntuser.dat{94f91769-7bc8-11df-9507-001a7385345c}.TMContainer00000000000000000001.regtrans-ms

2010-06-19 11:15:44 0 d-----w- c:\program files\Windows Installer Clean Up

2010-06-19 01:19:15 0 d-----w- c:\program files\Bonjour

2010-06-18 10:11:26 0 d-----w- c:\users\anton\Office Genuine Advantage

2010-06-17 16:03:46 0 d-----w- c:\windows\system32\URTTEMP

2010-06-17 13:58:12 0 d-----w- c:\program files\SEGA

2010-06-16 21:29:25 0 d-----w- c:\programdata\Office Genuine Advantage

2010-06-16 07:40:44 0 d-----w- c:\windows\CheckSur

 

==================== Find3M ====================

 

2010-07-11 10:37:21 164161 ----a-w- c:\users\anton\appdata\roaming\nvModes.dat

2010-07-08 16:23:16 51200 ----a-w- c:\windows\inf\infpub.dat

2010-07-07 10:11:56 5750110 ----a-w- c:\windows\system32\perfh01D.dat

2010-07-07 10:11:55 1965858 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 01:22:51 143360 ----a-w- c:\windows\inf\infstor.dat

2010-06-19 01:22:50 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-05-31 17:41:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-05-29 08:30:36 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-29 08:30:36 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-29 08:30:36 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-29 08:30:14 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-21 12:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-18 14:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 14:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-04 19:15:20 834048 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 10:14:59 75360 ----a-w- c:\windows\fonts\upcei.ttf

2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-19 18:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-11-04 10:56:02 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-11-17 19:36:21 174 --sha-w- c:\program files\desktop.ini

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

 

============= FINISH: 11:55:52,51 ===============

attach.txt

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.×
×
  • Create New...