MrBugger
2010-07-24, 13:42
OTL.txt:
OTL logfile created on: 2010-07-24 12:22:02 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Olsson\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 74,52 Gb Total Space | 9,97 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JEOH1
Current User Name: Olsson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Olsson\Skrivbord\OTL.exe (OldTimer Tools)
PRC - C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe ()
PRC - C:\Program\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe ()
PRC - C:\Program\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Program\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
PRC - C:\Program\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\Program\D-Tools\daemon.exe (DAEMON'S HOME)
PRC - C:\WINDOWS\vsnpstd.exe ()
PRC - C:\Program\F-Secure\Common\FSMB32.exe (F-Secure Corporation)
PRC - C:\Program\F-Secure\Common\FNRB32.exe (F-Secure Corporation)
PRC - C:\Program\F-Secure\Common\FSM32.exe (F-Secure Corporation)
PRC - C:\Program\F-Secure\Common\FSMA32.exe (F-Secure Corporation)
PRC - C:\Program\F-Secure\Common\FIH32.exe (F-Secure Corporation)
PRC - C:\Program\F-Secure\Common\FAMEH32.exe (F-Secure Corporation)
PRC - C:\Program\F-Secure\Common\fch32.exe (F-Secure Corporation)
PRC - C:\Program\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corp.)
PRC - C:\Program\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corp.)
PRC - C:\Program\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corp.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Olsson\Skrivbord\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\Temp\IadHide3.dll (BackWeb)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program\NOS\bin\getPlus_HelperSvc.exe File not found
SRV - (Apple Mobile Device) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (F-Secure BackWeb LAN Access) -- C:\Program\F-Secure\BackWeb\7681197\Program\fsbwlan.exe ()
SRV - (BackWeb Client - 7681197) -- C:\Program\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe ()
SRV - (fsssvc) -- C:\Program\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Adobe LM Service) -- C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (FSAA) -- C:\Program\F-Secure\Common\FSAA.EXE (F-Secure Corporation. All Rights Reserved.)
SRV - (F-Secure Network Request Broker) -- C:\Program\F-Secure\Common\FNRB32.EXE (F-Secure Corporation)
SRV - (FSMA) -- C:\Program\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corp.)
========== Driver Services (SafeList) ==========
DRV - (XDva349) -- C:\WINDOWS\System32\XDva349.sys File not found
DRV - (XDva348) -- C:\WINDOWS\System32\XDva348.sys File not found
DRV - (XDva347) -- C:\WINDOWS\System32\XDva347.sys File not found
DRV - (XDva346) -- C:\WINDOWS\System32\XDva346.sys File not found
DRV - (XDva345) -- C:\WINDOWS\System32\XDva345.sys File not found
DRV - (XDva342) -- C:\WINDOWS\System32\XDva342.sys File not found
DRV - (XDva341) -- C:\WINDOWS\System32\XDva341.sys File not found
DRV - (XDva337) -- C:\WINDOWS\System32\XDva337.sys File not found
DRV - (XDva336) -- C:\WINDOWS\System32\XDva336.sys File not found
DRV - (XDva327) -- C:\WINDOWS\System32\XDva327.sys File not found
DRV - (XDva326) -- C:\WINDOWS\System32\XDva326.sys File not found
DRV - (XDva323) -- C:\WINDOWS\System32\XDva323.sys File not found
DRV - (XDva321) -- C:\WINDOWS\System32\XDva321.sys File not found
DRV - (XDva317) -- C:\WINDOWS\System32\XDva317.sys File not found
DRV - (npkcrypt) -- C:\Nexon\v55 Maplestory\npkcrypt.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (catchme) -- C:\DOCUME~1\Olsson\LOKALA~1\Temp\catchme.sys File not found
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\WINDOWS\system32\drivers\vcsvad.sys (Avnex)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (snpstd) USB PC Camera (SN9C102) -- C:\WINDOWS\system32\drivers\snpstd.sys ()
DRV - (FSpm) -- C:\Program\F-Secure\Common\FSpm.sys (F-Secure Corporation)
DRV - (F-Secure Gatekeeper) -- C:\Program\F-Secure\Anti-Virus\win2k\fsgk.sys ()
DRV - (F-Secure Filter) -- C:\Program\F-Secure\Anti-Virus\win2k\FSfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program\F-Secure\Anti-Virus\win2k\FSrec.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/index.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[2010-03-10 21:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\Mozilla\Extensions
[2010-03-10 21:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-02-27 20:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\Mozilla\Firefox\extensions
[2010-02-27 20:11:38 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Olsson\Application Data\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
O1 HOSTS File: ([2010-07-13 11:46:57 | 000,413,362 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14285 more lines...
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [fssui] C:\Program\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKCU..\Run: [aammi1e] C:\WINDOWS\System32\xnejkaw3.exe File not found
O4 - HKCU..\Run: [aqrmm6] C:\WINDOWS\System32\0eezqbw.exe File not found
O4 - HKCU..\Run: [bmcxio] C:\WINDOWS\System32\fqwrc870.exe File not found
O4 - HKCU..\Run: [cnjj7] C:\WINDOWS\System32\0mrs9jp.exe File not found
O4 - HKCU..\Run: [djagl] C:\WINDOWS\System32\xss70e1a3.exe File not found
O4 - HKCU..\Run: [dopkq] C:\WINDOWS\System32\c1yefk9g.exe File not found
O4 - HKCU..\Run: [ekvqmh] C:\WINDOWS\System32\dj625b66.exe File not found
O4 - HKCU..\Run: [euvlm] C:\WINDOWS\System32\p9r0ii9jall.exe File not found
O4 - HKCU..\Run: [ezqlmcx] C:\WINDOWS\System32\kvr0ii9ja.exe File not found
O4 - HKCU..\Run: [fbcnt] C:\WINDOWS\System32\c8ijeflbc.exe File not found
O4 - HKCU..\Run: [ghc3o] C:\WINDOWS\System32\2u1q3x7.exe File not found
O4 - HKCU..\Run: [ghityfq] C:\WINDOWS\System32\lgbss9euavg.exe File not found
O4 - HKCU..\Run: [jaglw] C:\WINDOWS\System32\xss70e1a3cn.exe File not found
O4 - HKCU..\Run: [kabrsd] C:\WINDOWS\System32\tzpgmrnt.exe File not found
O4 - HKCU..\Run: [mccy1o] C:\WINDOWS\System32\c1sty86k.exe File not found
O4 - HKCU..\Run: [mdi3u] C:\WINDOWS\System32\5hsdzkf.exe File not found
O4 - HKCU..\Run: [mrinjea] C:\WINDOWS\System32\zugmhddz.exe File not found
O4 - HKCU..\Run: [msooz8] C:\WINDOWS\System32\hs6t15va.exe File not found
O4 - HKCU..\Run: [neezq] C:\WINDOWS\System32\xoojaavm.exe File not found
O4 - HKCU..\Run: [pabbxnn] C:\WINDOWS\System32\vrm674pqgg.exe File not found
O4 - HKCU..\Run: [pggbs] C:\WINDOWS\System32\nytpk1gc71d.exe File not found
O4 - HKCU..\Run: [ppqb8n] C:\WINDOWS\System32\rrd27p0l.exe File not found
O4 - HKCU..\Run: [pvvmmxd] C:\WINDOWS\System32\0jeuglw.exe File not found
O4 - HKCU..\Run: [qbmxt] C:\WINDOWS\System32\ntef2rm9sy.exe File not found
O4 - HKCU..\Run: [qqlcc] C:\WINDOWS\System32\zuu6gg6ss.exe File not found
O4 - HKCU..\Run: [qrcinj] C:\WINDOWS\System32\r4xoepq73s9.exe File not found
O4 - HKCU..\Run: [qwbm9] C:\WINDOWS\System32\ukal2xc3e1.exe File not found
O4 - HKCU..\Run: [rnno3] C:\WINDOWS\System32\9msnokk.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [stez0v] C:\WINDOWS\System32\0riy0uu.exe File not found
O4 - HKCU..\Run: [sxtoo6] C:\WINDOWS\System32\d6avrrnd6.exe File not found
O4 - HKCU..\Run: [tje6a] C:\WINDOWS\System32\dze8a1hr.exe File not found
O4 - HKCU..\Run: [toe9a] C:\WINDOWS\System32\2lbcdyu.exe File not found
O4 - HKCU..\Run: [uqwrst] C:\WINDOWS\System32\yjffbrsi.exe File not found
O4 - HKCU..\Run: [vbmxtoj] C:\WINDOWS\System32\nyjffbrsit.exe File not found
O4 - HKCU..\Run: [vbxtjp] C:\WINDOWS\System32\e7plq6sxi.exe File not found
O4 - HKCU..\Run: [whty3a] C:\WINDOWS\System32\pfqb60c4o0.exe File not found
O4 - HKCU..\Run: [wmcctup] C:\WINDOWS\System32\cs1uzalrhso.exe File not found
O4 - HKCU..\Run: [wsndo9v] C:\WINDOWS\System32\78x5oj6.exe File not found
O4 - HKCU..\Run: [wsnjjaq] C:\WINDOWS\System32\zugmhddza.exe File not found
O4 - HKCU..\Run: [wxdyua] C:\WINDOWS\System32\izplr2siej.exe File not found
O4 - HKCU..\Run: [xdtjzq] C:\WINDOWS\System32\aagmcs9u.exe File not found
O4 - HKCU..\Run: [xtoe8] C:\WINDOWS\System32\hii6e1v2.exe File not found
O4 - HKCU..\Run: [yezaqg] C:\WINDOWS\System32\0iy0uup.exe File not found
O4 - HKCU..\Run: [zaawwh2] C:\WINDOWS\System32\k95iyzaqq9.exe File not found
O4 - HKCU..\Run: [zplghc] C:\WINDOWS\System32\rhd3eu1q.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jenny\Start-meny\Program\IMVU\Run IMVU.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194543042140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Olsson\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Olsson\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-11-07 11:20:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9e7c23de-e8e7-11de-843d-001617b20fe8}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{9e7c23de-e8e7-11de-843d-001617b20fe8}\Shell\explore\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{9e7c23de-e8e7-11de-843d-001617b20fe8}\Shell\open\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{cac0fb4d-8299-11df-851b-001617b20fe8}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{cac0fb4d-8299-11df-851b-001617b20fe8}\Shell\explore\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{cac0fb4d-8299-11df-851b-001617b20fe8}\Shell\open\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2010-07-24 12:19:49 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Olsson\Skrivbord\OTL.exe
[2010-07-24 11:18:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010-07-23 17:16:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-07-23 17:11:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-07-23 17:11:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-07-23 17:11:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-07-23 17:11:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-07-23 17:11:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-07-23 17:10:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-07-23 16:54:10 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Olsson\Skrivbord\TFC.exe
[2010-07-23 15:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olsson\Application Data\Malwarebytes
[2010-07-23 15:54:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-07-23 15:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-07-23 15:54:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-07-23 15:54:02 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[2010-07-23 15:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olsson\Skrivbord\DDS
[2010-07-14 17:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010-07-14 15:52:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010-07-13 13:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olsson\Mina dokument\blandat
[2010-06-28 14:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olsson\Application Data\U3
[2010-06-26 17:05:09 | 000,000,000 | ---D | C] -- C:\Program\iPod
[2010-06-26 16:51:28 | 000,000,000 | ---D | C] -- C:\Program\Bonjour
[2010-06-26 16:48:43 | 000,000,000 | ---D | C] -- C:\Program\Safari
[2008-08-26 20:08:09 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2008-08-26 20:08:09 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2008-08-26 20:08:09 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[2007-11-25 11:38:46 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2007-11-25 11:38:46 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
========== Files - Modified Within 30 Days ==========
[2010-07-24 12:25:00 | 000,000,410 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2C8DC5CE-1445-4847-B385-34C3AC51553E}.job
[2010-07-24 12:19:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Olsson\Skrivbord\OTL.exe
[2010-07-24 12:14:39 | 000,191,924 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-07-24 12:14:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-24 12:14:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-07-24 12:12:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-24 12:12:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-24 11:18:17 | 003,742,848 | R--- | M] () -- C:\Documents and Settings\Olsson\Skrivbord\ComboFix.exe
[2010-07-24 11:16:48 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Olsson\NTUSER.DAT
[2010-07-24 11:14:01 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C4030E41-5E64-40C0-B6D9-D952AC516761}.job
[2010-07-24 10:58:52 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Safari.lnk
[2010-07-23 17:16:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-07-23 16:54:12 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Olsson\Skrivbord\TFC.exe
[2010-07-23 16:47:03 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-07-23 16:41:17 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Olsson\Skrivbord\Teen got My Security Engine installed - Safer-Networking Forums.url
[2010-07-23 15:54:08 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2010-07-19 18:28:58 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Olsson\Skrivbord\dds.scr
[2010-07-19 18:14:16 | 000,002,111 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\iTunes.lnk
[2010-07-19 15:35:55 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\Olsson\ntuser.ini
[2010-07-14 19:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy.job
[2010-07-14 17:05:06 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\F-Secure Online Scanner.url
[2010-07-14 16:57:09 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\par...avwebscan.html.url
[2010-07-13 11:46:57 | 000,413,362 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-06-26 19:45:36 | 000,014,720 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-06-26 16:49:26 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\Olsson\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
========== Files Created - No Company Name ==========
[2010-07-23 17:16:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-07-23 17:16:44 | 000,260,784 | ---- | C] () -- C:\cmldr
[2010-07-23 17:11:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-07-23 17:11:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-07-23 17:11:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-07-23 17:11:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-07-23 17:11:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-07-23 17:08:09 | 003,742,848 | R--- | C] () -- C:\Documents and Settings\Olsson\Skrivbord\ComboFix.exe
[2010-07-23 16:41:17 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Olsson\Skrivbord\Teen got My Security Engine installed - Safer-Networking Forums.url
[2010-07-23 15:54:08 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2010-07-19 18:28:57 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Olsson\Skrivbord\dds.scr
[2010-07-14 17:05:06 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\F-Secure Online Scanner.url
[2010-07-14 16:57:09 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\par...avwebscan.html.url
[2010-06-26 19:45:36 | 000,014,720 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-06-26 17:07:53 | 000,002,111 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\iTunes.lnk
[2010-06-26 16:49:26 | 000,002,149 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Safari.lnk
[2010-06-26 16:49:26 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\Olsson\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2009-12-28 15:49:49 | 000,132,096 | ---- | C] () -- C:\WINDOWS\System32\RashIcon.dll
[2009-12-28 15:49:49 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\RashProp.dll
[2009-11-21 13:50:55 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2009-11-21 13:50:55 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2009-10-29 19:27:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009-09-15 14:22:32 | 002,332,160 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-09-13 18:03:10 | 000,000,256 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-07-31 15:14:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009-07-31 15:14:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008-08-26 20:21:52 | 000,043,729 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2008-08-26 20:08:14 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2008-08-26 20:08:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2008-08-26 20:08:11 | 000,301,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2008-07-21 21:27:51 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-07-21 21:27:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-05-27 00:10:02 | 000,014,772 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-27 00:10:00 | 000,022,298 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-27 00:09:58 | 000,014,614 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-01-18 16:23:27 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007-11-08 20:07:36 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-11-07 12:04:33 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007-11-07 12:04:33 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007-11-07 12:04:33 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007-11-07 12:04:33 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007-11-07 12:04:33 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007-11-07 12:04:33 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007-11-07 12:04:33 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007-11-07 12:04:33 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2007-11-07 12:04:33 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007-11-07 12:04:32 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2007-11-07 11:57:40 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006-06-01 11:22:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-06-01 11:22:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-06-01 11:22:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-06-01 11:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-06-01 11:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-06-01 11:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004-08-22 18:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2002-05-28 03:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2001-06-24 11:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[1999-01-22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2010-07-14 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010-01-17 19:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogSys
[2008-07-21 21:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2010-05-13 13:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-01-17 20:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\Blueberry
[2010-01-17 19:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\LogSys
[2009-11-21 20:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\Nexon
[2008-07-21 21:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\River Past G5
[2010-02-16 20:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\Screaming Bee
[2010-07-19 23:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\Spotify
[2010-01-02 13:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\TweakNow PowerPack 2009
[2009-12-27 19:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\Windows Desktop Search
[2009-12-31 17:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olsson\Application Data\Windows Search
[2010-02-07 11:00:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\defrag.job
[2010-02-06 11:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\Genomsök alla lokala hårddiskar.job
[2010-07-24 12:25:00 | 000,000,410 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2C8DC5CE-1445-4847-B385-34C3AC51553E}.job
[2010-07-24 11:14:01 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C4030E41-5E64-40C0-B6D9-D952AC516761}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004-08-04 14:00:00 | 018,778,343 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-05-16 19:40:48 | 023,884,604 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-05-16 19:40:48 | 023,884,604 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004-08-04 14:00:00 | 018,778,343 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-05-16 19:40:48 | 023,884,604 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-05-16 19:40:48 | 023,884,604 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Qoobox\32788R22FWJFW\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008-04-14 18:04:38 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=0A6DF967AE8E836D053DB46398F603E5 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 18:04:38 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=0A6DF967AE8E836D053DB46398F603E5 -- C:\WINDOWS\system32\eventlog.dll
[2004-08-04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=264DBC116901E89565B830B0CC20F922 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008-04-14 18:04:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=4F4A16EAEB932AE413E48923E6A400E0 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-14 18:04:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=4F4A16EAEB932AE413E48923E6A400E0 -- C:\WINDOWS\system32\netlogon.dll
[2004-08-04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A6FD3341EC1A98A31B044C6E0DAF8F26 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004-08-04 14:00:00 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=24BADA1C3795CB877C67E0F2F8BBAD1F -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008-04-14 18:04:47 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=3B50B494647E60CE6AC516E3F5C82B25 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-14 18:04:47 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=3B50B494647E60CE6AC516E3F5C82B25 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: VIAMRAID.SYS >
[2005-11-23 04:12:24 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\Qoobox\32788R22FWJFW\viamraid.sys
[2005-11-23 04:12:24 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\system32\drivers\viamraid.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007-11-07 12:00:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007-11-07 12:00:26 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007-11-07 12:00:26 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
Extras.txt:
OTL Extras logfile created on: 2010-07-24 12:22:02 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Olsson\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 74,52 Gb Total Space | 9,97 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JEOH1
Current User Name: Olsson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program\Safari\Safari.exe (Apple Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program\MSN Messenger\livecall.exe" = C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program\Winamp Remote\bin\Orb.exe" = C:\Program\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program\Winamp Remote\bin\OrbTray.exe" = C:\Program\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program\SpacialAudio\SAMBC\SAMBC.exe" = C:\Program\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC -- File not found
"C:\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\mph.exe" = C:\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\mph.exe:*:Enabled:mph -- ()
"C:\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\game.exe" = C:\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\game.exe:*:Enabled:game -- (Westwood Studios)
"C:\Program\MSN Messenger\livecall.exe" = C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program\River Past\Screen Recorder Pro\ScreenRecorderPro.exe" = C:\Program\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro -- File not found
"C:\Spel\Hasbro Interactive\RollerCoaster Tycoon\rct.exe" = C:\Spel\Hasbro Interactive\RollerCoaster Tycoon\rct.exe:*:Enabled:rct -- File not found
"C:\Documents and Settings\Olsson\Skrivbord\rctrec1.exe" = C:\Documents and Settings\Olsson\Skrivbord\rctrec1.exe:*:Enabled:rctrec1 -- File not found
"C:\Mohaa\Mohaa\MOHAA.exe" = C:\Mohaa\Mohaa\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"C:\Program\Ventrilo\Ventrilo.exe" = C:\Program\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Team17\Worms Armageddon\WA.exe" = C:\Team17\Worms Armageddon\WA.exe:*:Enabled:Worms Armageddon -- (Team17 Software Ltd)
"C:\Program\Spotify\spotify.exe" = C:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Fjärrhjälp - Windows Messenger och tal -- (Microsoft Corporation)
"C:\Program\Xfire\Xfire.exe" = C:\Program\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"C:\Program\LimeWire\LimeWire.exe" = C:\Program\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program\iTunes\iTunes.exe" = C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program\Java\jre6\bin\java.exe" = C:\Program\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001041D-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 Studentliv
"{08A247F5-E34F-4D17-8731-0906DF56947E}" = Windows Live Sync
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{14FB2C18-CFC1-4DF4-A9CF-BAD3CCB5AAFD}" = Windows Live Toolbar
"{1A8BAA46-1179-4743-B00E-51B794A018B0}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-041D-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Djurliv
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = USB PC Camera (SN9C102)
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Tonårsprylar Prylpaket
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{65F6D25C-2B2B-4673-A81D-E7D7D72B29E4}" = Windows Live Family Safety
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6B30FB1E-9F4A-49BA-9D74-174F1ECEB59D}" = Windows Live inloggningsassistenten
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Arbetsliv
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Prylpaket
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBE7AA1-AFA8-4D76-8FC2-1FDFD9BD3371}" = Windows Live Mail
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3FE3DD5-92E1-4EC3-BD6B-822DD99E8991}" = Windows Live Photo Gallery
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Året runt
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-041D-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Cross Fire_is1" = Cross Fire En
"F-Secure Anti-Virus" = F-Secure Anti-Virus
"F-Secure BackWeb" = F-Secure BackWeb
"F-Secure Management Agent" = F-Secure Management Agent
"Hospital" = Theme Hospital
"HospitalTycoon" = Hospital Tycoon
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RoadRash" = RoadRash
"Spotify" = Spotify
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TweakNow PowerPack 2009_is1" = TweakNow PowerPack 2009
"Ultra MP4 Video Converter_is1" = Ultra MP4 Video Converter 5.2.0603
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Virtual Villagers_is1" = Virtual Villagers
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Worms Armageddon" = Worms Armageddon
"Worms Pinball" = Worms Pinball
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XCC Game Spy" = XCC Game Spy 1.0.8
"Xvid_is1" = Xvid 1.1.2 final uninstall
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial" = World of Warcraft Trial
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2010-07-24 06:34:50 | Computer Name = JEOH1 | Source = F-Secure Anti-Virus | ID = 103
Description = 45 2010-07-24 12:34:50+02:00 jeoh1 JEOH1\Olsson F-Secure Anti-Virus
An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.
Error - 2010-07-24 06:34:50 | Computer Name = JEOH1 | Source = F-Secure Anti-Virus | ID = 103
Description = 46 2010-07-24 12:34:50+02:00 jeoh1 JEOH1\Olsson F-Secure Anti-Virus
An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.
Error - 2010-07-24 06:34:50 | Computer Name = JEOH1 | Source = F-Secure Anti-Virus | ID = 103
Description = 47 2010-07-24 12:34:50+02:00 jeoh1 JEOH1\Olsson F-Secure Anti-Virus
An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.
Error - 2010-07-24 06:34:50 | Computer Name = JEOH1 | Source = F-Secure Anti-Virus | ID = 103
Description = 48 2010-07-24 12:34:50+02:00 jeoh1 JEOH1\Olsson F-Secure Anti-Virus
An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.
Error - 2010-07-24 06:34:50 | Computer Name = JEOH1 | Source = F-Secure Anti-Virus | ID = 103
Description = 49 2010-07-24 12:34:50+02:00 jeoh1 JEOH1\Olsson F-Secure Anti-Virus
An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.
Error - 2010-07-24 06:34:50 | Computer Name = JEOH1 | Source = F-Secure Anti-Virus | ID = 103
Description = 50 2010-07-24 12:34:50+02:00 jeoh1 JEOH1\Olsson F-Secure Anti-Virus
An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.
Error - 2010-07-24 06:34:50 | Computer Name = JEOH1 | Source = F-Secure Anti-Virus | ID = 103
Description = 51 2010-07-24 12:34:50+02:00 jeoh1 JEOH1\Olsson F-Secure Anti-Virus
An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.
Error - 2010-07-24 06:34:50 | Computer Name = JEOH1 | Source = F-Secure Anti-Virus | ID = 103
Description = 52 2010-07-24 12:34:50+02:00 jeoh1 JEOH1\Olsson F-Secure Anti-Virus
An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.
Error - 2010-07-24 06:34:50 | Computer Name = JEOH1 | Source = F-Secure Anti-Virus | ID = 103
Description = 53 2010-07-24 12:34:50+02:00 jeoh1 JEOH1\Olsson F-Secure Anti-Virus
An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.
Error - 2010-07-24 06:34:50 | Computer Name = JEOH1 | Source = F-Secure Anti-Virus | ID = 103
Description = 54 2010-07-24 12:34:50+02:00 jeoh1 JEOH1\Olsson F-Secure Anti-Virus
An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.
[ System Events ]
Error - 2010-07-23 11:01:48 | Computer Name = JEOH1 | Source = Dhcp | ID = 1002
Description = IP-adresslånet 192.168.0.25 för det nätverkskort som har nätverksadressen
001617B20FE8 har nekats av DHCP-servern 192.168.0.1 (DHCP-servern skickade ett DHCPNACK-meddelande).
Error - 2010-07-23 11:02:28 | Computer Name = JEOH1 | Source = Service Control Manager | ID = 7000
Description = Tjänsten npkcrypt kunde inte startas på grund av följande fel: %%3
Error - 2010-07-23 11:18:22 | Computer Name = JEOH1 | Source = Service Control Manager | ID = 7034
Description = Tjänsten F-Secure BackWeb avslutades oväntat. Detta har skett 1 gånger.
Error - 2010-07-23 23:01:54 | Computer Name = JEOH1 | Source = Dhcp | ID = 1002
Description = IP-adresslånet 192.168.0.25 för det nätverkskort som har nätverksadressen
001617B20FE8 har nekats av DHCP-servern 192.168.0.1 (DHCP-servern skickade ett DHCPNACK-meddelande).
Error - 2010-07-24 05:12:22 | Computer Name = JEOH1 | Source = Service Control Manager | ID = 7023
Description = Tjänsten HID Input Service avbröts med följande fel: %%126
Error - 2010-07-24 05:12:22 | Computer Name = JEOH1 | Source = Service Control Manager | ID = 7000
Description = Tjänsten npkcrypt kunde inte startas på grund av följande fel: %%3
Error - 2010-07-24 05:23:03 | Computer Name = JEOH1 | Source = Service Control Manager | ID = 7034
Description = Tjänsten F-Secure BackWeb avslutades oväntat. Detta har skett 1 gånger.
Error - 2010-07-24 06:13:12 | Computer Name = JEOH1 | Source = Service Control Manager | ID = 7023
Description = Tjänsten HID Input Service avbröts med följande fel: %%126
Error - 2010-07-24 06:13:12 | Computer Name = JEOH1 | Source = Service Control Manager | ID = 7000
Description = Tjänsten npkcrypt kunde inte startas på grund av följande fel: %%3
Error - 2010-07-24 06:13:56 | Computer Name = JEOH1 | Source = Service Control Manager | ID = 7011
Description = En timeout (30000 ms) inträffade vid väntan på transaktionssvar från
tjänsten NVSvc.
< End of report >
MrBugger
2010-07-24, 23:59
Hi Ken!
I didn't se your edit on the post. I just followed the e-mail so i did the CF in safemode. Just tell me if you want we to do the way you edited.
ComboFix 10-07-23.04 - Olsson 2010-07-24 22:30:30.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2046.1789 [GMT 2:00]
Körs från: c:\documents and settings\Olsson\Skrivbord\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\daemon.dll
.
(((((((((((((((((((((((( Filer Skapade från 2010-06-24 till 2010-07-24 ))))))))))))))))))))))))))))))
.
2010-07-24 12:55 . 2010-07-24 12:55 -------- d-----w- C:\_OTL
2010-07-23 13:54 . 2010-07-23 13:54 -------- d-----w- c:\documents and settings\Olsson\Application Data\Malwarebytes
2010-07-23 13:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-23 13:54 . 2010-07-23 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-23 13:54 . 2010-07-23 13:54 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2010-07-23 13:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 15:14 . 2010-07-14 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-07-14 13:52 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-28 12:55 . 2010-06-28 12:55 -------- d-----w- c:\documents and settings\Olsson\Application Data\U3
2010-06-26 17:45 . 2010-06-26 17:45 14720 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-26 15:05 . 2010-06-26 15:05 -------- d-----w- c:\program\iPod
2010-06-26 14:51 . 2010-06-26 14:51 -------- d-----w- c:\program\Bonjour
2010-06-26 14:49 . 2010-06-26 14:49 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-26 14:48 . 2010-06-26 14:49 -------- d-----w- c:\program\Safari
2010-06-26 14:47 . 2010-06-26 14:47 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 10:18 . 2010-01-30 10:57 -------- d-----w- c:\documents and settings\Olsson\Application Data\Skype
2010-07-24 09:15 . 2010-01-30 10:59 -------- d-----w- c:\documents and settings\Olsson\Application Data\skypePM
2010-07-19 21:12 . 2009-11-01 15:12 -------- d-----w- c:\documents and settings\Olsson\Application Data\Spotify
2010-07-15 09:58 . 2009-06-20 15:48 -------- d-----w- c:\program\Pando Networks
2010-06-29 21:05 . 2010-05-13 11:35 -------- d-----w- c:\documents and settings\Olsson\Application Data\Apple Computer
2010-06-26 15:52 . 2010-02-04 09:48 -------- d-----w- c:\program\World of Warcraft Trial
2010-06-26 15:07 . 2010-05-13 11:32 -------- d-----w- c:\program\iTunes
2010-06-26 15:04 . 2010-05-13 11:25 -------- d-----w- c:\program\Delade filer\Apple
2010-06-22 19:15 . 2004-08-04 12:00 87766 ----a-w- c:\windows\system32\perfc01D.dat
2010-06-22 19:15 . 2004-08-04 12:00 454926 ----a-w- c:\windows\system32\perfh01D.dat
2010-06-19 17:14 . 2010-06-19 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-06-18 19:06 . 2010-01-17 17:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-14 14:31 . 2007-11-07 09:18 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-05 10:47 . 2008-03-24 20:53 -------- d-----w- c:\program\Microsoft Silverlight
2010-05-29 09:10 . 2010-01-30 10:56 -------- d-----r- c:\program\Skype
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 11:43 . 2010-05-13 11:43 321328 ----a-w- c:\program\utorrent.exe
2010-05-13 11:36 . 2010-05-13 11:36 562864 ----a-w- c:\program\GoogleEarthPluginSetup.exe
2010-05-13 11:18 . 2010-05-13 11:18 97547048 ----a-w- c:\program\iTunesSetup.exe
2010-05-06 10:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 14:58 . 2010-05-04 14:58 282624 ----a-w- c:\documents and settings\Olsson\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-04 14:58 . 2010-05-04 14:58 655360 ----a-w- c:\documents and settings\Olsson\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-04 14:58 . 2010-05-04 14:58 208896 ----a-w- c:\documents and settings\Olsson\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-02 08:10 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-12-28 19:48 . 2009-12-28 19:48 1971 ----a-w- c:\program\Harry Potter(TM) och Fången från Azkaban.lnk
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"DAEMON Tools-1033"="c:\program\D-Tools\daemon.exe" [2004-08-22 81920]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"F-Secure Manager"="c:\program\F-Secure\Common\FSM32.EXE" [2002-12-05 106571]
"fssui"="c:\program\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2010-06-15 141624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start-meny\Program\Autostart\
Microsoft Office.lnk - c:\program\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 16:05 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-17 21:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-17 21:55 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-17 21:55 1657376 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-11-23 02:12 1060864 ----a-r- c:\program\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 07:34 16143872 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Jenny\\Lokala inställningar\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\EA Games\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\mph.exe"=
"c:\\EA Games\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Mohaa\\Mohaa\\MOHAA.exe"=
"c:\\Program\\Ventrilo\\Ventrilo.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Team17\\Worms Armageddon\\WA.exe"=
"c:\\Program\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
"c:\\Program\\Java\\jre6\\bin\\java.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-11-25 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-11-25 5248]
S2 BackWeb Client - 7681197;F-Secure BackWeb;c:\program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2009-09-13 16384]
S2 F-Secure Filter;F-Secure File System Filter;c:\program\F-Secure\Anti-Virus\win2k\FSfilter.sys [2009-09-13 47280]
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\F-Secure\Anti-Virus\win2k\fsgk.sys [2009-09-13 37456]
S2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\F-Secure\Anti-Virus\win2k\FSrec.sys [2009-09-13 15984]
S2 FSpm;F-Secure Policy Manager;c:\program\F-Secure\Common\FSpm.sys [2009-09-13 65328]
S2 gupdate;Google Update Service (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2010-01-27 17792]
.
Innehållet i mappen 'Schemalagda aktiviteter':
2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
2010-02-07 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-08-04 16:05]
2010-02-06 c:\windows\Tasks\Genomsök alla lokala hårddiskar.job
- c:\program\F-Secure\ANTI-V~1\fsavstrt.exe [2009-09-13 15:44]
2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-05-13 11:36]
2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-05-13 11:36]
2010-07-14 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\program\SPYBOT~1\SpybotSD.exe [2007-11-08 13:31]
2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{2C8DC5CE-1445-4847-B385-34C3AC51553E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{C4030E41-5E64-40C0-B6D9-D952AC516761}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://forums.spybot.info/index.php
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jenny\Start-meny\Program\IMVU\Run IMVU.lnk
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Worms Pinball - c:\team17\Worms Pinball\Uninst.isu
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program\NOS\bin\getPlus_HelperSvc.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 22:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4DD248]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7588cb8
\Driver\atapi -> 0x8a4dd248
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7868bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7875a21
SendHandler -> NDIS.sys @ 0xf785387b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
[HKEY_USERS\S-1-5-21-789336058-682003330-1775052-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2420B5BB-416C-03FE-7DD8-043FEB80489B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaoihfhdedlcocinfl"=hex:69,61,61,6d,70,6c,6b,64,67,66,6b,67,6d,6c,61,64,70,62,
00,00
"haijbhbmoefjaaal"=hex:69,61,61,6d,70,6c,6b,64,67,66,6b,67,6d,6c,61,64,70,62,
00,00
"iackpenkdhejipclep"=hex:63,61,6e,6c,64,6d,00,7c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Sluttid: 2010-07-24 22:43:02
ComboFix-quarantined-files.txt 2010-07-24 20:42
Före genomsökningen: 10*666*192*896 byte ledigt
Efter genomsökningen: 10*679*812*096 byte ledigt
- - End Of File - - C6E18B31B5F6C66BCD521593374C312A