Malware problem

Status
Not open for further replies.
D

derarne

New member
Hi!

I have a problem with malware/spyware..

It is logging somewhere and taking over my gmail and my wow account.
I tried to do virusscan and different scan with programs like your spybot but I can not find anything else then some cookies that I remove.

I read in another forum that it was a good idea to do a log with hijack.
So I am posting it here.

I would appreciate if someone could help me in any way.

/Best regards

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:31:05, on 2010-06-27
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Program Files (x86)\Voddler\service\VNetManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
O4 - HKLM\..\Run: [VoddlerNet Manager] "C:\Program Files (x86)\Voddler\service\VNetManager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VoddlerNet - Voddler - C:\Program Files (x86)\Voddler\service\voddler.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8789 bytes
 
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Click to expand...
Hi derarne and welcome to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

64bit Operating System Advice:

Your log shows signs that this is a 64 bit machine. Most of the tools we use don't run on 64 bit machines, so the help I can offer is limited I'm afraid.

HijackThis is not really ideal for a 64 bit system like yours in my humble opinion and the scan results can not be relied upon. I'm going to need you to run a different scan for me in due course.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Question:

May I enquire what exactly you are using the software Net iD for?

Next:

Please download OTL and save it to your Desktop.
  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:
  • How is you computer performing now, any further symptoms and or problems encountered?
  • Answer to my Net iD query.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
 
First of all thank you for trying to help me..!

Answer 1:

My computer is quite ok.. the problem is that I cant find and get rid of the malware/keylogger thing that someone uses to hack me the only thing I have been finding is some cookies to take away..

The 2 things that have been taken over both times is my gmail account and my wow account and that has happened 3 times.. I have gotten both back through some reset of passwords and phonecalls but I have been hacked again.

I have been afraid to use those application since I wrote this mail so I cant say if they are safe or not now.. but my guess is not since I have not found anything bad.

Answer 2:

Net ID is an application in sweden to verify that you are you then performing tasks towards the goverment or doing some kind of bankbuisness.

Answer 3:

I have run the application you said, here are the logs:

OTL logfile created on: 2010-06-28 20:32:11 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\DerArne\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 88,10 Gb Free Space | 60,14% Space Free | Partition Type: NTFS
Drive D: | 785,03 Gb Total Space | 673,85 Gb Free Space | 85,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DERARNE-PC
Current User Name: DerArne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\DerArne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files (x86)\Voddler\service\voddler.exe (Voddler)
PRC - C:\Program Files (x86)\Voddler\service\VNetManager.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Net iD\iid.exe (SecMaker AB)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\DerArne\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VoddlerNet) -- C:\Program Files (x86)\Voddler\service\voddler.exe (Voddler)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006-11-02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\DRIVERS\wg111v3.sys (NETGEAR Inc. )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (DSI_SiUSBXp_3_1) -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys (Silicon Laboratories)
DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (CSC) -- C:\Windows\CSC [2010-01-23 04:57:50 | 000,000,000 | ---D | M]
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 56 DD C1 AC 9B CA 01 [binary data]
IE - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006-09-18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Net iD] C:\Program Files (x86)\Net iD\iid.exe (SecMaker AB)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VoddlerNet Manager] C:\Program Files (x86)\Voddler\service\VNetManager.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\DerArne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\..Trusted Domains: garmin.com ([buy] https in Trusted sites)
O15 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\..Trusted Domains: garmin.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\..Trusted Domains: garmin.com ([mygarmin] https in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-06-28 20:31:03 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\DerArne\Desktop\OTL.exe
[2010-06-27 12:42:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010-06-27 12:24:44 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2010-06-27 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010-06-27 12:22:04 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010-06-27 11:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010-06-27 11:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-06-27 11:18:43 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2010-06-27 11:18:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2010-06-27 11:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010-06-26 20:05:13 | 000,000,000 | ---D | C] -- C:\Users\DerArne\AppData\Roaming\Malwarebytes
[2010-06-26 20:05:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-06-26 20:05:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-06-26 20:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-06-26 20:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-06-26 19:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-06-26 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010-06-23 19:34:37 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010-06-23 19:34:37 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010-06-23 19:34:37 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010-06-23 19:34:37 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010-06-23 19:34:37 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010-06-23 19:34:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010-06-23 19:34:37 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010-06-23 19:34:37 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010-06-18 15:04:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010-06-18 15:04:03 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010-06-18 15:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010-06-13 18:50:27 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010-06-13 18:50:26 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010-06-13 18:50:26 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010-06-13 18:50:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010-06-13 18:50:21 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010-06-13 18:50:20 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010-06-13 18:50:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010-06-13 18:50:20 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010-06-13 18:50:20 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010-06-13 18:50:19 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010-06-13 18:50:19 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010-06-13 18:50:19 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-06-13 18:50:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-06-13 18:50:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-06-13 18:50:19 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010-06-13 18:50:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010-06-13 18:50:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010-06-13 18:50:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010-06-13 18:50:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010-06-13 18:50:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-06-13 18:50:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010-06-13 18:50:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010-06-13 18:50:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010-06-13 18:50:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010-06-13 18:50:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010-06-13 18:50:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-06-13 18:50:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010-06-01 15:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Levande Böcker
[2010-06-01 15:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Knowledge Adventure
[2010-06-01 15:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Knowledge Adventure

========== Files - Modified Within 30 Days ==========

[2010-06-28 20:31:23 | 002,359,296 | -HS- | M] () -- C:\Users\DerArne\NTUSER.DAT
[2010-06-28 20:31:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\DerArne\Desktop\OTL.exe
[2010-06-28 20:28:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-28 20:22:16 | 000,704,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-06-28 20:22:16 | 000,595,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-06-28 20:22:16 | 000,105,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-06-28 20:16:11 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-28 20:16:09 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-06-28 20:16:08 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-06-28 20:16:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-06-28 20:16:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-06-27 22:46:22 | 000,524,288 | -HS- | M] () -- C:\Users\DerArne\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010-06-27 22:46:22 | 000,065,536 | -HS- | M] () -- C:\Users\DerArne\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010-06-27 18:19:16 | 002,400,192 | -H-- | M] () -- C:\Users\DerArne\AppData\Local\IconCache.db
[2010-06-27 12:42:01 | 000,001,964 | ---- | M] () -- C:\Users\DerArne\Desktop\HiJackThis.lnk
[2010-06-27 11:15:18 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-06-26 20:38:20 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010-06-26 18:51:48 | 000,000,650 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010-06-18 15:04:03 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010-06-15 19:21:19 | 000,006,144 | ---- | M] () -- C:\Users\DerArne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-13 18:56:05 | 000,252,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-06-13 18:48:00 | 000,000,680 | ---- | M] () -- C:\Users\DerArne\AppData\Local\d3d9caps.dat
[2010-06-01 17:10:39 | 000,054,560 | ---- | M] () -- C:\Users\DerArne\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-06-01 15:01:16 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\Lek och Lär Andra klass.lnk
[2010-06-01 15:01:16 | 000,000,088 | ---- | M] () -- C:\Windows\ka.ini

========== Files Created - No Company Name ==========

[2010-06-27 12:42:01 | 000,001,964 | ---- | C] () -- C:\Users\DerArne\Desktop\HiJackThis.lnk
[2010-06-26 20:40:10 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-06-26 20:38:20 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010-06-01 15:01:16 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\Lek och Lär Andra klass.lnk
[2010-06-01 15:01:16 | 000,000,088 | ---- | C] () -- C:\Windows\ka.ini
[2010-05-29 21:47:28 | 000,012,810 | ---- | C] () -- C:\Users\DerArne\AppData\Local\dd_vcredistUI4BA3.txt
[2010-05-29 21:16:43 | 000,000,680 | ---- | C] () -- C:\Users\DerArne\AppData\Local\d3d9caps.dat
[2010-05-26 23:08:28 | 000,712,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-03-03 02:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010-03-03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010-03-03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-03-03 02:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010-03-03 02:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010-03-03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010-03-03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010-03-03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010-03-03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010-03-03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010-03-03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010-03-03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010-03-03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010-03-03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010-03-03 02:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010-03-03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010-03-03 02:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010-01-24 16:03:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010-01-24 16:03:16 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010-01-22 23:57:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-01-22 23:57:11 | 000,033,790 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009-11-14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009-11-14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009-11-14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009-11-14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009-11-14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009-11-14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009-11-14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009-11-14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009-11-14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009-11-14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009-06-07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009-04-02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009-01-11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009-01-05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008-11-06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008-01-21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007-10-13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
< End of report >

and the second one..

OTL Extras logfile created on: 2010-06-28 20:32:11 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\DerArne\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 88,10 Gb Free Space | 60,14% Space Free | Partition Type: NTFS
Drive D: | 785,03 Gb Total Space | 673,85 Gb Free Space | 85,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DERARNE-PC
Current User Name: DerArne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 73 0C 5D D5 FF 9C CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{238F1663-7964-4C06-9D0C-760422677883}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C36D5D4-5616-47A0-A3E6-932B231316D7}" = lport=445 | protocol=6 | dir=in | app=system |
"{34EE62BC-EB4D-4E99-BC2E-A115206B6CE3}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{388D6331-BED3-4F59-8198-2455B5E987A5}" = lport=58193 | protocol=17 | dir=in | name=pando media booster |
"{3DF360D7-EE97-43BE-9DF7-03334257B41E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6BBDC5B6-1708-49AD-88D7-A725F08D41A4}" = lport=139 | protocol=6 | dir=in | app=system |
"{71E60347-7F56-4DEB-B1D2-F5A2B48AC6CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{79473D43-9C09-4F41-AD67-DAE0F2163FE6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{91431AD2-E4E9-42FB-909B-D09630087537}" = lport=58193 | protocol=6 | dir=in | name=pando media booster |
"{9E7EE4BF-A47F-485B-A265-44E8D08529B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{B639D690-8D60-4D4D-86B4-FD1DCBAD2B2D}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2214CC1-764A-4858-915E-1397FC3B84CC}" = lport=58193 | protocol=17 | dir=in | name=pando media booster |
"{DE5C0DE6-53B7-48F9-98BB-B6633CDA7EBC}" = rport=138 | protocol=17 | dir=out | app=system |
"{E123C95E-E0DD-4C08-98C2-29FF7A830AF6}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB5B0CFB-0D4D-4E48-8486-34DC4EF29A19}" = lport=58193 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21DBB8A2-C3E2-4CCD-88E0-C73EEBB18EA2}" = protocol=6 | dir=in | app=d:\spel\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{4C5A84EF-464A-42E3-8614-C24E20DC6949}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{553250DE-53B4-4E9A-9069-9408A9AC3851}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{59826B0E-89F0-46DE-8103-C56530E14413}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{60FB9370-CB02-425E-8B2A-656F750D74F7}" = protocol=17 | dir=in | app=d:\spel\world of warcraft\backgrounddownloader.exe |
"{66167AC5-EF1A-4C15-B5A0-4E5D063292A2}" = protocol=17 | dir=in | app=c:\program files (x86)\voddler\service\voddler.exe |
"{75418AA0-FA5C-42E7-BE8D-C98992181CEA}" = protocol=17 | dir=in | app=d:\filer\spotify\spotify.exe |
"{7960A10A-FF41-4D89-86EB-39D518E23C31}" = protocol=6 | dir=in | app=c:\program files (x86)\voddler\service\voddler.exe |
"{7B01E08E-7A2A-4F34-BE00-0BB5810CF910}" = protocol=17 | dir=in | app=d:\spel\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{8F0F15DB-18DD-493F-8657-BDE1EAE86103}" = protocol=6 | dir=in | app=d:\filer\spotify\spotify.exe |
"{90D064CB-0069-4932-B849-978B1E8602F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C0BFA6F0-18A0-4031-B044-982D7106DFFD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CE1453D7-6AAD-4DCF-A6C7-22BEDBD6DAFB}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D0BF7251-CF74-45C1-9B94-7EB955FE7BEC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D9D49F30-3000-4E00-B8C2-029804F3C3E8}" = protocol=6 | dir=in | app=d:\spel\world of warcraft\backgrounddownloader.exe |
"{DFBFCA43-794A-4C0E-9B1C-49D6E177FAAB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E476BFE1-6A80-4416-AD04-75EC2E0B54C0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E94186ED-28D1-4EBF-A956-7356978CAAF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FE6C4B15-10D2-45AD-9E28-5EDF738B52C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{188F1644-C08C-44C4-BF4C-63E5C6A2D901}D:\spel\darkfall\lobby.exe" = protocol=6 | dir=in | app=d:\spel\darkfall\lobby.exe |
"TCP Query User{5E070BD5-C262-4635-98F1-8DB985968E2D}D:\spel\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\spel\runes of magic\client.exe |
"TCP Query User{724C992D-1091-4314-B787-C4F4F33EF840}D:\spel\ddo\ddo\dndclient.exe" = protocol=6 | dir=in | app=d:\spel\ddo\ddo\dndclient.exe |
"TCP Query User{91BF5616-7C0F-4A52-8766-9477977ED25A}D:\spel\darkfall\lobby.exe" = protocol=6 | dir=in | app=d:\spel\darkfall\lobby.exe |
"TCP Query User{95DCBB26-20D3-47DB-8540-59DEFB3B2DDF}D:\spel\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spel\world of warcraft\launcher.exe |
"TCP Query User{9B6F477A-B3AF-4BB0-9ACF-97A8DEC0F83D}D:\spel\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\spel\runes of magic\client.exe |
"UDP Query User{3EF518D9-83A5-4DE5-A02C-B65C5C739556}D:\spel\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spel\world of warcraft\launcher.exe |
"UDP Query User{5BCE86D9-5A78-4E56-AE56-42CAB881B5BF}D:\spel\darkfall\lobby.exe" = protocol=17 | dir=in | app=d:\spel\darkfall\lobby.exe |
"UDP Query User{9A91774A-EDCE-4266-9199-7A4623668983}D:\spel\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\spel\runes of magic\client.exe |
"UDP Query User{B02EED74-F3E5-454B-B786-60F1DABBD6D1}D:\spel\ddo\ddo\dndclient.exe" = protocol=17 | dir=in | app=d:\spel\ddo\ddo\dndclient.exe |
"UDP Query User{C5834C97-F178-40FF-AE69-4B701A182F9F}D:\spel\darkfall\lobby.exe" = protocol=17 | dir=in | app=d:\spel\darkfall\lobby.exe |
"UDP Query User{EB98CD2E-D4BB-47CD-847E-93C85B56A608}D:\spel\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\spel\runes of magic\client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F94D3B9-2B02-9C37-740B-A59C7B8D17CC}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A5DAE9E-DD2A-40D1-9AEB-06F31133A9DE}" = OpenOffice.org 3.2
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{18C15B50-19A3-4F25-8916-D7453B5D75F0}" = Darkfall
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{63AD9C5C-A4E4-43A2-BBB7-B16B4E20AE27}" = Garmin Training Center
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1053-7B44-A93000000001}" = Adobe Reader 9.3.2 - Svenska
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2CE8D52-BD18-4D4B-A3B0-4FDFD7CCC34F}" = Garmin ANT Agent
"{C3847366-B0A5-7444-8E71-F49ED092F486}" = VoddlerPlayer
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Apselut spunk" = Apselut spunk
"avast5" = avast! Free Antivirus
"Big City Adventure - Vancouver Deluxe" = Big City Adventure - Vancouver Deluxe
"Cake Mania Main Street Deluxe" = Cake Mania Main Street Deluxe
"CCleaner" = CCleaner
"Hotel Dash - Suite Success Deluxe" = Hotel Dash - Suite Success Deluxe
"iid" = Net iD 5.3 (32-bit Edition)
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform för enhetshanterare
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Lek och Lär Andra klass" = Lek och Lär Andra klass
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mumble" = Mumble and Murmur
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.3
"uTorrent" = µTorrent
"Voddler" = VoddlerNet
"VoddlerPlayer.22AA32E1C519F8FB77514A36DC6C2AE2C623240F.1" = VoddlerPlayer
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-05-24 13:52:57 | Computer Name = DerArne-PC | Source = Application Error | ID = 1000
Description = Faulting application Apselut spunk.exe, version 10.1.0.11, time stamp
0x413ffc3a, faulting module Apselut spunk.exe, version 10.1.0.11, time stamp 0x413ffc3a,
exception code 0xc0000005, fault offset 0x00003d70, process id 0xd8, application
start time 0x01cafb69f1240540.

Error - 2010-05-24 13:54:21 | Computer Name = DerArne-PC | Source = Application Error | ID = 1000
Description = Faulting application Apselut spunk.exe, version 10.1.0.11, time stamp
0x413ffc3a, faulting module Apselut spunk.exe, version 10.1.0.11, time stamp 0x413ffc3a,
exception code 0xc0000005, fault offset 0x00003737, process id 0x13f0, application
start time 0x01cafb6a23318ee0.

Error - 2010-05-24 14:04:34 | Computer Name = DerArne-PC | Source = Application Error | ID = 1000
Description = Faulting application Apselut spunk.exe, version 10.1.0.11, time stamp
0x413ffc3a, faulting module Apselut spunk.exe, version 10.1.0.11, time stamp 0x413ffc3a,
exception code 0xc0000005, fault offset 0x00003737, process id 0xc1c, application
start time 0x01cafb6b908d3470.

Error - 2010-05-24 14:04:48 | Computer Name = DerArne-PC | Source = Application Error | ID = 1000
Description = Faulting application Apselut spunk.exe, version 10.1.0.11, time stamp
0x413ffc3a, faulting module Apselut spunk.exe, version 10.1.0.11, time stamp 0x413ffc3a,
exception code 0xc0000005, fault offset 0x00003737, process id 0x1014, application
start time 0x01cafb6b98c573f0.

Error - 2010-05-29 08:09:58 | Computer Name = DerArne-PC | Source = Application Error | ID = 1000
Description = Faulting application googleearth.exe, version 5.1.3535.3218, time
stamp 0x4bc68e0b, faulting module googleearth.exe, version 5.1.3535.3218, time stamp
0x4bc68e0b, exception code 0xc0000005, fault offset 0x00004041, process id 0x494,
application start time 0x01caff275a558d20.

Error - 2010-06-01 11:12:54 | Computer Name = DerArne-PC | Source = Application Error | ID = 1000
Description = Faulting application googleearth.exe, version 5.1.3535.3218, time
stamp 0x4bc68e0b, faulting module googleearth.exe, version 5.1.3535.3218, time stamp
0x4bc68e0b, exception code 0xc0000005, fault offset 0x00004041, process id 0x390,
application start time 0x01cb019cb275f17f.

Error - 2010-06-16 03:19:19 | Computer Name = DerArne-PC | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.200.2, time stamp 0x4bc398b3,
faulting module java.dll, version 6.0.200.2, time stamp 0x4bc3c8dc, exception code
0xc0000005, fault offset 0x00005875, process id 0xacc, application start time 0x01cb0d243c7c41c9.

Error - 2010-06-17 12:43:42 | Computer Name = DerArne-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18928 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 738 Start Time: 01cb0e372c2aea0e Termination Time: 0

Error - 2010-06-18 09:01:43 | Computer Name = DerArne-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2010-06-19 13:58:09 | Computer Name = DerArne-PC | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.200.2, time stamp 0x4bc398b3,
faulting module java.dll, version 6.0.200.2, time stamp 0x4bc3c8dc, exception code
0xc0000005, fault offset 0x00005875, process id 0x12ec, application start time 0x01cb0fd8f9d29840.

[ Media Center Events ]
Error - 2010-04-21 12:05:34 | Computer Name = DerArne-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 2010-04-04 09:43:57 | Computer Name = DerArne-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:41:58 on 2010-04-04 was unexpected.

Error - 2010-04-07 15:49:15 | Computer Name = DerArne-PC | Source = DCOM | ID = 10010
Description =

Error - 2010-04-08 12:49:49 | Computer Name = DerArne-PC | Source = DCOM | ID = 10005
Description =

Error - 2010-04-08 12:49:49 | Computer Name = DerArne-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2010-04-08 12:49:49 | Computer Name = DerArne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-04-12 13:30:16 | Computer Name = DerArne-PC | Source = DCOM | ID = 10010
Description =

Error - 2010-04-16 13:21:09 | Computer Name = DerArne-PC | Source = DCOM | ID = 10005
Description =

Error - 2010-04-16 13:21:09 | Computer Name = DerArne-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2010-04-16 13:21:09 | Computer Name = DerArne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-04-16 13:59:03 | Computer Name = DerArne-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:57:00 on 2010-04-16 was unexpected.


< End of report >

Ok think that was it.. thanks again for trying to help.. I will do my best to follow your instructions though I am not that good at stuff like this.

/DerArne
 
Hi. :)

First of all thank you for trying to help me..!
Click to expand...
You're most welcome and thanks for the update/answering my question!

P2P Advice:

I would like for you to read this forum topic please:-

File Sharing, otherwise known as Peer To Peer. (P2P)

My only condition before I continue assisting you is that you please uninstall uTorrent. If you have used this, you can be fairly confident this is a principal reason your computer is infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

So please let myself know if you are willing to uninstall uTorrent or not, thank you.
 
Hi. :)

No problem..

I have not used it that much.

It is unistalled.
Click to expand...
A prudent course of action I assure you and do I suggest you never use such again.

I will do my best to follow your instructions though I am not that good at stuff like this.
Click to expand...
Fine and any problems what so ever merely inform myself as I mentioned in my first post. :bigthumb:

I notice you are a gamer and fair play. I am not myself but I am aware of the say friendly rivalry that may ensue between such and that you sometimes swap tips and files pertaining to a game. Someone you may think trustworthy may not be above planting a hidden executable in what you may think is something useful and thus that way gain access to your relevant Email and Gaming accounts.

I will be asking you to uninstall Spybot - Search & Destroy shortly because the registry Guard feature is active and this will actually hinder the malware removal process. Also it will be in conflict with the active Windows Defender and lesson overall online protection. By all means re-install Spybot once I give the all clear but do keep as a on-demand scanner only or if you prefer to use its real time protection features I will advise how to disable Windows Defender correctly.

Windows defender is a dire application in my humble opinion and far from effective, unfortunately it cannot be uninstalled as it is a integral part of the Vista Operating System.

Also some of the online scans you have used are not really ideal for a 64bit operating system regardless the fact they state they are.

Next:

Now please go to Start >> Control Panel >> Programs and Features and remove the following (if present):

Java(TM) 6 Update 18
HiJackThis
Spybot - Search & Destroy

To do so click once on each of the above and click on Uninstall/Change and follow the prompts.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by right clicking on the desktop icon and selecting Run as Administrator or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:
  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: 
:OTL
O15 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\..Trusted Domains: garmin.com ([buy] https in Trusted sites)
O15 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\..Trusted Domains: garmin.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\..Trusted Domains: garmin.com ([mygarmin] https in Trusted 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
[2010-06-18 15:04:03 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010-06-18 15:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

:Files
c:\program files (x86)\utorrent

:Commands
[Purity]
[ResetHosts]
[EmptyTemp]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.
  • Launch the application, Check for Updates >> Perform a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following:
  • Inform myself how your computer is running. Any problems encountered?
  • OTL Log.
  • Malwarebytes Anti-Malware Log.
 
Last edited:
Hi again...

I think I was able to follow all your instructions.

The computer is running ok but I still have not dared to log in to my mail account or my game, I am afraid I have to reset all again.

I have mostly been playing games with real-life friends and I dont think anyone would attack my computer.. but you can never be sure.

I uninstalled the 3 things you told me to.
I backed up the registry.

Here are the 2 logs:

OTL:

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\garmin.com\buy\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\garmin.com\connect\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\garmin.com\mygarmin\ deleted successfully.
Starting removal of ActiveX control {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
C:\Windows\Downloaded Program Files\oscan8.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Starting removal of ActiveX control {9191F686-7F0A-441D-8A98-2FE3AC1BD913}
C:\Windows\Downloaded Program Files\as2stubie.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9191F686-7F0A-441D-8A98-2FE3AC1BD913}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9191F686-7F0A-441D-8A98-2FE3AC1BD913}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9191F686-7F0A-441D-8A98-2FE3AC1BD913}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9191F686-7F0A-441D-8A98-2FE3AC1BD913}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
C:\Windows\SysNative\drivers\SBREDrv.sys moved successfully.
C:\ProgramData\Lavasoft\License folder moved successfully.
C:\ProgramData\Lavasoft folder moved successfully.
========== FILES ==========
File\Folder c:\program files (x86)\utorrent not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DerArne
->Temp folder emptied: 840958 bytes
->Temporary Internet Files folder emptied: 59940348 bytes
->Java cache emptied: 9278133 bytes
->Flash cache emptied: 43422 bytes

User: Gabriel
->Temp folder emptied: 2126756 bytes
->Temporary Internet Files folder emptied: 46695102 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 13425 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3242 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 114,00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 06302010_183918

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\DerArne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DFB738.tmp not found!
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DFB742.tmp not found!
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DFB7BD.tmp not found!
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DFB7C7.tmp not found!
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DFB956.tmp not found!
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DFB9BF.tmp not found!
C:\Users\DerArne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5QJOUNAJ\showthread[1].htm moved successfully.
C:\Users\DerArne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\DerArne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4261

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

2010-06-30 18:47:45
mbam-log-2010-06-30 (18-47-45).txt

Scan type: Quick scan
Objects scanned: 129675
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Think that was it this time..

Thanks again for trying to help..

/DerArne
 
Hi. :)

I am afraid I have to reset all again.
Click to expand...
Actually it would be prudent once I give the all clear to change both the secret questions(plus answers) and passwords associated. Also if a Router is in use it would be advisable to reset that and apply a admin password.

How to create a secure password:

When creating a new password use a series of both random upper/lower case letters and include some random alpha numerics also.

A example would be: THi85S13IsA7Eg4u2tWMg4r <---Do not use this one DerArne, merely a invented example for yourself. ;)

This is a good test for the strength of any passwords created: Password Checker

Note: Remember do not reset anything until I give the all clear.

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run...(or the Windows key and R together)and cut/paste in the following and click on OK
Code: 
firewall.cpl
Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select On(recommended) >> Apply >> OK.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:
    EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    Click to expand...
  • Select the option YES, I accept the Terms of Use then click on:
    EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  1. Scan for potentially unwanted applications
  2. Scan for potentially unsafe applications
  3. Enable Anti-Stealth Technology
  • Now click on:
    EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
    EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following:
  • Inform myself how your computer is running. Any problems encountered and or further symptoms?
  • Eset results.
  • A new OTL Log. <-- Only one log will be produced this time.
 
Hey!

I reseted the firewall.

I ran the eset scan.. but I managed to get rid of the log.. It did not find anything though., but if you need the log I will run it again.
It took about 50minutes and checked about 130000 files but did not find anything wrong.

Here are the new OTL log:

OTL logfile created on: 2010-07-01 19:11:42 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\DerArne\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 89,88 Gb Free Space | 61,36% Space Free | Partition Type: NTFS
Drive D: | 785,03 Gb Total Space | 673,85 Gb Free Space | 85,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DERARNE-PC
Current User Name: DerArne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Users\DerArne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
PRC - C:\Program Files (x86)\Voddler\service\voddler.exe (Voddler)
PRC - C:\Program Files (x86)\Voddler\service\VNetManager.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Net iD\iid.exe (SecMaker AB)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\DerArne\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VoddlerNet) -- C:\Program Files (x86)\Voddler\service\voddler.exe (Voddler)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006-11-02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\DRIVERS\wg111v3.sys (NETGEAR Inc. )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (DSI_SiUSBXp_3_1) -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys (Silicon Laboratories)
DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (CSC) -- C:\Windows\CSC [2010-01-23 04:57:50 | 000,000,000 | ---D | M]
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 56 DD C1 AC 9B CA 01 [binary data]
IE - HKU\S-1-5-21-778161406-3291420809-1624410804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-06-30 18:39:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Net iD] C:\Program Files (x86)\Net iD\iid.exe (SecMaker AB)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VoddlerNet Manager] C:\Program Files (x86)\Voddler\service\VNetManager.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-778161406-3291420809-1624410804-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\DerArne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-07-01 18:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010-06-30 18:39:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-06-30 18:37:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-06-30 18:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010-06-30 18:16:56 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010-06-28 20:31:03 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\DerArne\Desktop\OTL.exe
[2010-06-27 12:42:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010-06-27 12:24:44 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2010-06-27 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010-06-27 12:22:04 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010-06-27 11:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010-06-27 11:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-06-27 11:18:43 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2010-06-27 11:18:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2010-06-27 11:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010-06-26 20:05:13 | 000,000,000 | ---D | C] -- C:\Users\DerArne\AppData\Roaming\Malwarebytes
[2010-06-26 20:05:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-06-26 20:05:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-06-26 20:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-06-26 20:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-06-26 19:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-06-26 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010-06-23 19:34:37 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010-06-23 19:34:37 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010-06-23 19:34:37 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010-06-23 19:34:37 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010-06-23 19:34:37 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010-06-23 19:34:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010-06-23 19:34:37 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010-06-23 19:34:37 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010-06-18 15:04:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010-06-13 18:50:27 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010-06-13 18:50:26 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010-06-13 18:50:26 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010-06-13 18:50:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010-06-13 18:50:21 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010-06-13 18:50:20 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010-06-13 18:50:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010-06-13 18:50:20 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010-06-13 18:50:20 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010-06-13 18:50:19 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010-06-13 18:50:19 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010-06-13 18:50:19 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-06-13 18:50:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-06-13 18:50:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-06-13 18:50:19 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010-06-13 18:50:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010-06-13 18:50:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010-06-13 18:50:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010-06-13 18:50:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010-06-13 18:50:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-06-13 18:50:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010-06-13 18:50:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010-06-13 18:50:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010-06-13 18:50:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010-06-13 18:50:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010-06-13 18:50:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-06-13 18:50:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

========== Files - Modified Within 30 Days ==========

[2010-07-01 19:11:02 | 002,359,296 | -HS- | M] () -- C:\Users\DerArne\NTUSER.DAT
[2010-07-01 18:28:15 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-07-01 17:33:09 | 000,704,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-07-01 17:33:09 | 000,595,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-07-01 17:33:09 | 000,105,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-07-01 17:25:55 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-07-01 17:25:54 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-07-01 17:25:54 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-07-01 17:25:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-07-01 17:25:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-06-30 23:06:12 | 000,524,288 | -HS- | M] () -- C:\Users\DerArne\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010-06-30 23:06:12 | 000,065,536 | -HS- | M] () -- C:\Users\DerArne\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010-06-30 23:06:05 | 002,483,427 | -H-- | M] () -- C:\Users\DerArne\AppData\Local\IconCache.db
[2010-06-30 18:36:30 | 000,000,744 | ---- | M] () -- C:\Users\DerArne\Desktop\ERUNT.lnk
[2010-06-30 18:16:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010-06-28 22:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010-06-28 22:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010-06-28 22:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010-06-28 22:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010-06-28 22:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010-06-28 20:31:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\DerArne\Desktop\OTL.exe
[2010-06-27 11:15:18 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-06-26 20:38:20 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010-06-26 18:51:48 | 000,000,650 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010-06-15 19:21:19 | 000,006,144 | ---- | M] () -- C:\Users\DerArne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-13 18:56:05 | 000,252,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-06-13 18:48:00 | 000,000,680 | ---- | M] () -- C:\Users\DerArne\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010-06-30 18:36:30 | 000,000,744 | ---- | C] () -- C:\Users\DerArne\Desktop\ERUNT.lnk
[2010-06-26 20:40:10 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-06-26 20:38:20 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010-06-01 15:01:16 | 000,000,088 | ---- | C] () -- C:\Windows\ka.ini
[2010-05-26 23:08:28 | 000,712,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-03-03 02:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010-03-03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010-03-03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-03-03 02:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010-03-03 02:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010-03-03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010-03-03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010-03-03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010-03-03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010-03-03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010-03-03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010-03-03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010-03-03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010-03-03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010-03-03 02:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010-03-03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010-03-03 02:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010-01-24 16:03:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010-01-24 16:03:16 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010-01-22 23:57:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-01-22 23:57:11 | 000,033,790 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009-11-14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009-11-14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009-11-14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009-11-14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009-11-14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009-11-14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009-11-14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009-11-14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009-11-14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009-11-14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009-06-07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009-04-02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009-01-11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009-01-05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008-11-06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008-01-21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007-10-13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

Think that was it.. beside the log sorry about that..

/DerArne
 
Hi. :)

I ran the eset scan.. but I managed to get rid of the log.. It did not find anything though., but if you need the log I will run it again.
It took about 50minutes and checked about 130000 files but did not find anything wrong.
Click to expand...
OK not ideal because as a rule I would prefer to review a report but I am sure if anything would have been flagged you would have informed me. So no further action will be required on your behalf.

Think that was it.. beside the log sorry about that..
Click to expand...
Not a problem I assure you.

Next:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: 
:OTL
[2010-06-27 12:24:44 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2010-06-27 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010-06-27 12:22:04 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010-06-26 19:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-06-26 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

:Commands
[EmptyTemp]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

When completed the above, please post back the following:
  • Inform myself how your computer is running. Any problems encountered and or further issues?
  • OTL Log.
 
Hi!

The computer is working fine.

I ran the fix in OTL here are the log:

All processes killed
========== OTL ==========
C:\Windows\SysNative\drivers\pavboot64.sys moved successfully.
C:\Program Files (x86)\Panda Security\ActiveScan 2.0\psqstore folder moved successfully.
C:\Program Files (x86)\Panda Security\ActiveScan 2.0 folder moved successfully.
C:\Program Files (x86)\Panda Security folder moved successfully.
C:\Windows\BDOSCAN8 folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DerArne
->Temp folder emptied: 158610 bytes
->Temporary Internet Files folder emptied: 49825009 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1169 bytes

User: Gabriel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3262 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48,00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07022010_143107

Files\Folders moved on Reboot...
C:\Users\DerArne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DF2C21.tmp not found!
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DF2C2B.tmp not found!
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DF2C8B.tmp not found!
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DF2C95.tmp not found!
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DF2CC5.tmp not found!
File\Folder C:\Users\DerArne\AppData\Local\Temp\~DF2CCF.tmp not found!
C:\Users\DerArne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NHOXIJD4\showthread[1].htm moved successfully.
C:\Users\DerArne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\DerArne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Ok.. fine so far.. looking forward to the next step!

/DerArne
 
Hi. :)

The computer is working fine.
Click to expand...
Good to know.

Ok.. fine so far.. looking forward to the next step!
Click to expand...
I am going to ask your good-self to install what is known as a Host-File and lock it to prevent malware from compromising it as follows.

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

The Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Host File Reset/Replace:

Please Download HostsXpert and unzip it to your computer, somewhere where you can find it.

The root of the system drive would be a ideal location EG: C:\

Note: This is Vista 64bit compatible and have used the exact same methodology on my own Vista 64bit machine.
  • Right click on HostsXpert.exe and select Run as Administrator to launch the programme.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.
Next:

Now reboot(restart) your machine and let myself know when completed the above and if any further issues remaining, thank you.
 
Hi again..

The computer seems fine..

I went through the hosts file section and everything went ok.


But here comes a hard part..
I think I might have left out a important information to you..

I am running on a wireless network and I have one more computer on it.. It is a laptop.. mainly used by my girlfriend.. but sometimes I use it as well.

I never thought to question it.. but now I have started to make some protection on it as well.. right now I am running The eset scan on it.. and so far it has found 3 threats.

I am sorry if this causes problems for us.. I just did not think about it.

I do hope you will continue your work anyway..
If possible can it include the other computer as well!?

I do understand if you have not got the time or stamina to stay with me but I hope you will!

/DerArne
 
Here are the 3 files the esetscan found on the laptop

I still cant find that log but this time I managed to paste them into a textdocument.

C:\Program Files\myphotobook\xtras\process.exe Win32/PrcView application
C:\Users\Anders\AppData\Local\Temp\NERO14399\Toolbar.exe Win32/Toolbar.AskSBar application
C:\Users\Anders\Documents\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar application
 
Hi. :)

The computer seems fine..

I went through the hosts file section and everything went ok.
Click to expand...
OK.

But here comes a hard part..
I think I might have left out a important information to you..

I am running on a wireless network and I have one more computer on it.. It is a laptop.. mainly used by my girlfriend.. but sometimes I use it as well.

I never thought to question it.. but now I have started to make some protection on it as well.. right now I am running The eset scan on it.. and so far it has found 3 threats.

I am sorry if this causes problems for us.. I just did not think about it.

I do hope you will continue your work anyway..
If possible can it include the other computer as well!?

I do understand if you have not got the time or stamina to stay with me but I hope you will!
Click to expand...
As I mentioned in a prior post it would be prudent to reset a Router if in use and based upon this information I am surmising it is a wireless Router.

So this should be done and a new Admin password created/changed and the same for the Pre-shared Key (PSK) if used as in created/changed. However do not do so yet until I specify otherwise. If not sure how to do so merely inform myself the exact make/modal of wireless router in use and I will gladly provide instructions to do so.

Normally I would say create a new topic for the extra assistance. However in this instance I am prepared to check your girlfriends computer but please be aware from the 7th July I will be unavailable but hopefully I will have no need to ask for cover. We can do so in this topic, so no need to create a new one.

With regard to your girlfriends computer I will need to know which operating system is in use and if it is a 64 bit version. Easy way to do so is:

Depress the Windows and R key together to bring up the Run... box and type in the following:-

winver

And click on OK. Make a note of the relevant information and post that in your next reply.

From a preliminary research of what the Eset scan flagged on your girlfriends computer, all three flagged may be what as known as a false positive detection but we can verify such in due course.

--------------

The below pertains to your computer only we have been working on:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Clean up with OTL:
  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-
  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When done, click Apply >> OK.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-
  • Right click on Computer and select Properties >> System protection.
  • (untick) Vista C system box an click Turn off system restore then Apply >> OK.
  • Restart your computer.
  • Navigate back to System protection >> (tick) Vista C system box >> Apply >> OK
Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, avast! Free Antivirus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:
  • Click on Start(Vista Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Now change all the passwords etc for your various email/gaming accounts as I outlined here prior.
 
Hi!

First of all..

Thank you very much for sticking with me.

I have added your post of tips to my favourites.. I have read some and will read more later.. by the way my computer is now faster since you helped me clean it up.

I have cleaned up with OTL

I have reset the system restore point and emptied and put it up again.

I will keep the programs I had with the new ones you suggested (downloaded and installed) and try to remember to run all once a week.

Now to the problems..

Someone had been into my gmail account again .. from china 17 hours ago..
I dont know how but I guess it must come from my girlfriends computer.. I hope.. I used that one when I thought it was safe then I reset last time..

I got my gmail account back using another email.. and reseted both passwords on those account added new questions as well.

Do you think it is safe to reset my gaming account from my computer as well.. it is much harder to get back then the email accounts?

I could not find out how to chnge pass on my router..
It is a thomson tg787.

Here are the info you wanted from my girfriends laptop..
Thank you for trying that as well.

The windows version is:

Microsoft windows vista home premium
version 6.0 (build 6002 servicepack 2)
Licenced to Ulrika, Toshiba
2gb memory.

Hope I am not taking up all your time..
I actually think I am learning some stuff as we go along.
And I will never download weird stuff again if the computers make their way out of this alive.

Best Regards DerArne
 
Hi. :)

First of all..

Thank you very much for sticking with me.
Click to expand...
You're welcome!

Someone had been into my gmail account again .. from china 17 hours ago..
I dont know how but I guess it must come from my girlfriends computer.. I hope.. I used that one when I thought it was safe then I reset last time..

I got my gmail account back using another email.. and reseted both passwords on those account added new questions as well.
Click to expand...
Hmmm not good at all that, as far as I could tell your actual machine is not the source for this continued problem.

I highly suggest you consider contacting Google anyway via this explain the situation and they may just be able to identify the source. Though unfortunately if based from China I doubt if anything could be done but worth a try non the less.

A thought though do you use a secondary email address for the account? If so and this has been changed to what ever the hacker wants, will always gain access again unless you either change it or delete the option.

If you do use any form of social networking sites, say like Facebook for example with the accounts in question it would be prudent to change all password associated etc as a precaution.

Do you think it is safe to reset my gaming account from my computer as well.. it is much harder to get back then the email accounts?
Click to expand...
From your machine yes I do and I would do so soon as possible.

I could not find out how to chnge pass on my router..
It is a thomson tg787.
Click to expand...
Is this the Router you have? If so I can research exactly how to access the router etc as pointless myself posting the most common methodology for accessing in-case it is completely different as some do have.

Hope I am not taking up all your time..
Click to expand...
Not at all. I genuinely enjoy assisting people with malware related issues.

I actually think I am learning some stuff as we go along.
And I will never download weird stuff again if the computers make their way out of this alive.
Click to expand...
Good.

OK the below pertains too your girlfriends machine:-

Please download OTL and save it to the Desktop.

Note: When you run OTL if there is a option for Include 64bit Scans make sure it is selected before scanning.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:
  • How is your girlfriends computer performing now, any further symptoms and or problems encountered?
  • Answer to my router query.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
 
Hey!

The laptop is very slow.. but it has been for a while.
Otherwise no big problems.

I wrote google a message, we will se what happens.. right now I seem to have control of everything but they had been in both my gmail and wow account at the time I told you before..

I think it can be like you said they came from the backupemail.. the backup is a hotmailaccount.. is that safe enough? I have chnanged that accounts pass and questions as well.

That link you gave me helped I have changed the pass for my router and added the best cryptation I know works.

Here are the logs from the laptop:

OTL logfile created on: 2010-07-03 10:04:46 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Anders\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 23,86 Gb Free Space | 32,02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73,06 Gb Total Space | 37,99 Gb Free Space | 52,00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ULRIKA-DATOR
Current User Name: Anders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Anders\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Net iD\iid.exe (SecMaker AB)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Anders\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2002946825-3677852132-797418189-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKU\S-1-5-21-2002946825-3677852132-797418189-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2002946825-3677852132-797418189-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-07-02 18:11:16 | 000,411,423 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14218 more lines...
O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2002946825-3677852132-797418189-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Net iD] C:\Program Files\Net iD\iid.exe (SecMaker AB)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2002946825-3677852132-797418189-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2002946825-3677852132-797418189-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2002946825-3677852132-797418189-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2002946825-3677852132-797418189-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2002946825-3677852132-797418189-1001..\Run: [TOSCDSPD] File not found
O4 - Startup: C:\Users\Ulrika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Tradera - Köp och sälj - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab (IfolorUploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldsv-se.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujidirekt.se/aurigma/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.fujidirekt.se/aurigma/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game03.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.fujidirekt.se/aurigma2/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{84f7d4ee-306b-11df-97b8-001b383fab7f}\Shell - "" = AutoRun
O33 - MountPoints2\{84f7d4ee-306b-11df-97b8-001b383fab7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{84f7d4fd-306b-11df-97b8-001b383fab7f}\Shell - "" = AutoRun
O33 - MountPoints2\{84f7d4fd-306b-11df-97b8-001b383fab7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-07-03 10:03:36 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Anders\Desktop\OTL.exe
[2010-07-03 09:40:34 | 000,000,000 | ---D | C] -- C:\Users\Anders\AppData\Roaming\Malwarebytes
[2010-07-03 09:40:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-07-03 09:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-07-03 09:40:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-07-03 09:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-07-02 18:06:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010-07-02 18:06:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207000.034
[2010-07-02 18:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010-07-02 18:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010-07-02 18:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010-07-02 18:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-07-02 18:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-07-02 15:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-07-01 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Artifex Mundi
[2010-06-29 20:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kristanix Games
[2010-06-26 20:08:14 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010-06-26 20:08:13 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010-06-26 20:08:13 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010-06-26 19:24:31 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010-06-26 19:24:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010-06-21 21:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2010-06-14 13:17:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010-06-14 13:17:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010-06-14 13:17:02 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010-06-14 13:17:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010-06-14 13:17:01 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010-06-14 13:17:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010-06-14 13:17:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010-06-14 13:17:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010-06-14 13:17:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010-06-14 13:17:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010-06-14 13:17:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010-06-14 13:17:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010-06-14 13:17:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010-06-14 13:17:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010-06-14 13:16:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010-06-14 13:16:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010-06-14 13:16:47 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010-06-14 13:16:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010-06-14 13:16:38 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010-06-09 20:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BanzaiInteractive
[2010-06-09 11:28:32 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010-06-09 11:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Josefin - Expedition Sverige
[2010-06-08 20:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\rionix
[2010-06-07 18:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\GOA
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-07-03 10:04:57 | 005,505,024 | -HS- | M] () -- C:\Users\Anders\NTUSER.DAT
[2010-07-03 10:03:43 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Anders\Desktop\OTL.exe
[2010-07-03 09:57:43 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-07-03 09:56:41 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-07-03 09:56:41 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-07-03 09:56:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-07-03 09:56:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-07-03 09:56:26 | 2145,435,648 | -HS- | M] () -- C:\hiberfil.sys
[2010-07-03 09:55:16 | 000,524,288 | -HS- | M] () -- C:\Users\Anders\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010-07-03 09:55:16 | 000,065,536 | -HS- | M] () -- C:\Users\Anders\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010-07-03 09:54:56 | 003,051,707 | -H-- | M] () -- C:\Users\Anders\AppData\Local\IconCache.db
[2010-07-03 09:40:29 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-07-03 09:15:03 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-07-02 18:57:24 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Anders.job
[2010-07-02 18:11:16 | 000,411,423 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-07-02 18:06:29 | 000,001,353 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010-07-02 18:06:26 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207000.034\isolate.ini
[2010-07-02 18:00:22 | 000,001,084 | ---- | M] () -- C:\Users\Anders\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-07-02 18:00:22 | 000,001,060 | ---- | M] () -- C:\Users\Anders\Desktop\Spybot - Search & Destroy.lnk
[2010-06-16 22:14:47 | 000,315,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-03 09:40:29 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-07-02 19:30:59 | 000,000,120 | ---- | C] () -- C:\Users\Anders\fupp.txt
[2010-07-02 18:06:26 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207000.034\isolate.ini
[2010-07-02 18:04:44 | 000,000,560 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Anders.job
[2010-07-02 18:00:22 | 000,001,084 | ---- | C] () -- C:\Users\Anders\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-07-02 18:00:22 | 000,001,060 | ---- | C] () -- C:\Users\Anders\Desktop\Spybot - Search & Destroy.lnk
[2010-06-09 11:28:32 | 000,007,794 | ---- | C] () -- C:\Program Files\uninstal.log
[2009-07-12 21:42:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-04-27 20:01:18 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008-11-29 17:10:05 | 000,000,023 | ---- | C] () -- C:\Windows\Disney.ini
[2007-10-30 19:46:33 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007-10-30 19:46:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007-10-30 19:46:33 | 000,010,161 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007-10-30 19:46:33 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007-06-06 17:19:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007-06-06 17:19:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007-06-06 17:19:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007-06-06 17:19:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007-06-06 17:19:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007-06-06 17:19:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007-06-06 17:09:50 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007-06-06 16:57:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007-06-06 16:33:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007-06-06 16:27:41 | 000,000,291 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007-06-06 16:26:35 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006-12-05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005-11-23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005-07-22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:949483BD
< End of report >
 
and here are the second log:

OTL Extras logfile created on: 2010-07-03 10:04:46 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Anders\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 23,86 Gb Free Space | 32,02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73,06 Gb Total Space | 37,99 Gb Free Space | 52,00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ULRIKA-DATOR
Current User Name: Anders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0036315A-731B-463B-8041-8A30B7CD815E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{011FCBE0-2F50-4D36-A73E-41E68B9B1983}" = lport=137 | protocol=17 | dir=in | app=system |
"{0B18DCE7-7F46-4932-B6F2-DDC6AD1C1883}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{1A084919-9E86-4AE9-8116-ECFA0461EA92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{349C533E-257B-4CF2-950B-6E831EE5EFCD}" = rport=137 | protocol=17 | dir=out | app=system |
"{438E732A-14ED-4361-919B-966B6434A732}" = lport=139 | protocol=6 | dir=in | app=system |
"{532B5240-9230-4006-B674-A174A02B4C5C}" = rport=445 | protocol=6 | dir=out | app=system |
"{650304E1-2B54-4905-9A25-CD552F2D9401}" = rport=139 | protocol=6 | dir=out | app=system |
"{CB1C1C63-5645-4B82-B34D-D2E5D91437CB}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8E65E42-BF8A-4FA8-95EA-B27E28AB19CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EFB2C22E-6022-4F13-91BA-7E850062D52E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F96A5B94-2478-4344-88B8-6326EF63F393}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA771E45-AEAF-4EE0-97E7-C3548E604802}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{181F844F-CD7A-4797-9838-97CFBFBFA44A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{263B7E4E-D237-4241-8564-43CEB17182A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2B354393-0FE5-4A38-817A-8C224E67A9E5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{2D45A087-1EDF-4590-9D9F-310CCB414B17}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{31F89A00-E62E-479C-BA9D-C67420C50F9E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{35529235-A8B0-43CE-8EC1-FE26D8B0DD88}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{3C72368C-BC76-4752-8BEE-7879CA51CED6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{62B1D891-A257-48FE-A668-D2DCCAE51C70}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{723DD7B4-4840-4431-A6FE-6A7622A99FD9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{7B014DFA-EE65-4B0F-AB8B-18C395EC01C7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{8A3468DD-D905-43E2-9739-FDEED783D541}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9078D6C3-6D62-4338-87DF-C2E3A535863D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{95C0BA6D-2215-46A5-8A70-07DE5E11465C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{983963C0-A717-411A-AADC-CFF0CB66B7E4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A984C585-375E-4488-B6DA-5E8131239A4C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{C4ED8513-5EE5-432C-A38D-3F6C134F66DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DDF6C202-D5E1-4DF1-9BBE-1911F5ADABC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE36136B-1CAA-479E-AF41-7A6BF7E65369}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"TCP Query User{41266F7B-8D18-4CAF-9A94-E0E73A5DCDD0}E:\spel\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-engb-downloader.exe" = protocol=6 | dir=in | app=e:\spel\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-engb-downloader.exe |
"TCP Query User{6B364D11-968A-46DD-A668-081197E6E4DC}E:\spel\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=6 | dir=in | app=e:\spel\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe |
"TCP Query User{775A584D-E560-440D-8794-CDC51BF9C728}E:\spel\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\spel\world of warcraft\launcher.exe |
"TCP Query User{9AF5C77E-64C6-401C-9FCA-4D599F294AF8}E:\spel\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\spel\world of warcraft\launcher.exe |
"TCP Query User{A64901D7-06AF-46D9-BB88-7C02E079D3ED}E:\spel\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=6 | dir=in | app=e:\spel\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |
"TCP Query User{A64E4AED-BBFF-4368-B631-96A3F15419DD}E:\spel\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe" = protocol=6 | dir=in | app=e:\spel\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe |
"TCP Query User{B7B18C33-E8CB-4246-A93F-04418786D666}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CA63D75D-ADCD-4F18-B9DE-B47FB1C90A3D}E:\spel\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=6 | dir=in | app=e:\spel\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe |
"UDP Query User{0752B633-04F9-47DA-9860-43A8F9E4A775}E:\spel\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\spel\world of warcraft\launcher.exe |
"UDP Query User{07738ACE-B374-4E93-93FF-6DB266B17634}E:\spel\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=17 | dir=in | app=e:\spel\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |
"UDP Query User{39560D0F-DFA1-4575-ABE6-F850006C6C6B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{433B9046-BAAB-4942-BDC3-65563BE280A4}E:\spel\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=17 | dir=in | app=e:\spel\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe |
"UDP Query User{9151213F-E1E2-46F8-8077-964FB50F21B8}E:\spel\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-engb-downloader.exe" = protocol=17 | dir=in | app=e:\spel\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-engb-downloader.exe |
"UDP Query User{93AF98F3-5FA4-4D15-8667-6D63FD548B86}E:\spel\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=17 | dir=in | app=e:\spel\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe |
"UDP Query User{EB271040-FE0A-424E-BE23-2C1263426A52}E:\spel\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\spel\world of warcraft\launcher.exe |
"UDP Query User{FE11AD28-AA0F-4793-9C57-93F1EB748669}E:\spel\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe" = protocol=17 | dir=in | app=e:\spel\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0323731F-5EFF-C9AE-B398-6077AE9C67D9}" = Catalyst Control Center Localization Chinese Standard
"{084D94A9-D67E-D41B-6B4E-B6A481384D27}" = CCC Help Finnish
"{08A247F5-E34F-4D17-8731-0906DF56947E}" = Windows Live Sync
"{0A8DA20B-1F01-D1C5-A24F-91EEE7A94A59}" = Catalyst Control Center Localization Korean
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{0FEBE468-714C-9191-D5D0-9D117BAE0A55}" = Skins
"{10004416-C81D-E8DB-5E92-5990D66F0B6D}" = Catalyst Control Center Localization Danish
"{11D49772-0D06-0B31-DC09-CE413F9B0C93}" = CCC Help Chinese Traditional
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{169F0C17-F535-4C59-AFCD-719B248A8383}" = TOSHIBA-handböcker
"{17C253E6-1A31-45CC-8A1D-CBBCC8D1E8AE}" = OpenOffice.org 3.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C570C5E-FC8A-9BCD-10EA-ADA2AD35A513}" = ATI Catalyst Install Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22721B8E-8D36-C102-8C79-925C221DD9B4}" = Catalyst Control Center Localization Russian
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24A9C9A9-9749-0206-1E7E-BD32AA946D35}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2D1B9BD2-C430-C5D6-6A40-BD00956F9CA4}" = Catalyst Control Center Graphics Previews Vista
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34E2872D-1493-25E6-FBD8-98FCC1A96645}" = CCC Help Portuguese
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BF34856-1A5F-2AD8-7D50-66BE8A82B5C1}" = CCC Help Spanish
"{45F00029-0A50-43AA-497A-67EFFF1E06F7}" = CCC Help Swedish
"{478A4948-C6E9-E3BE-6353-ECCA1DD65CF4}" = Catalyst Control Center Localization Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5034E4E7-A8E7-7BCA-0014-1534C77A7A5C}" = Catalyst Control Center Localization Turkish
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52EC92CA-771A-F8C8-95A2-37AFB43798B7}" = Catalyst Control Center Localization Spanish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCCD531-1B38-4A94-924C-127F722F1053}" = Nero 8
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64FA2F4C-F61D-9A7C-318D-711C63308A61}" = CCC Help German
"{65F6D25C-2B2B-4673-A81D-E7D7D72B29E4}" = Windows Live Family Safety
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{72E710CD-51E2-D3BA-108C-F00C54E5B7B0}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788064B6-AF54-4E8A-BB76-971D762FEB16}" = Backpacker 3 Mediterraneo
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{796A8F45-C24A-F0C7-2114-FAABC5DA8367}" = Catalyst Control Center Graphics Full Existing
"{79A4C5D0-EF1A-752A-43F9-C4E79341628A}" = Catalyst Control Center Localization Italian
"{7AC09EE2-08B0-7C97-B8ED-961C58AA9E96}" = Catalyst Control Center Localization Greek
"{7BD5E0A6-DB75-B763-CE09-0D883E97F5DF}" = Catalyst Control Center Localization Thai
"{7CF70E3E-BDC7-5F46-F806-49D8D104A0E3}" = CCC Help Danish
"{7D61830A-1867-6DFA-11FE-A64752B4658D}" = CCC Help Greek
"{7D7152AF-581B-316F-8CA4-15342C3EFA4B}" = Microsoft .NET Framework 3.5 Language Pack SP1 - sve
"{80FEE630-084D-50F6-9FC8-75757A87F015}" = Catalyst Control Center Localization Polish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8BA42EAE-19AD-4bf2-88C0-0232B1FBFDE2}" = Microsoft Works
"{8E8780B8-2924-B51D-976B-59EE97713659}" = CCC Help Russian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95AEBA1F-23F4-3751-73FA-CFCFB962F789}" = CCC Help Polish
"{977D59F6-C638-B0AC-5CE4-D6A615D62033}" = Catalyst Control Center Localization Dutch
"{98FB128F-1462-6AF5-471C-4512232E9478}" = ccc-core-static
"{9954B400-AEB7-638D-E753-BB4ECE1064EE}" = CCC Help English
"{9A1EFCBB-5E3C-7E13-2AAD-7AFA4FD9DBD9}" = Catalyst Control Center Localization Swedish
"{9BBE7AA1-AFA8-4D76-8FC2-1FDFD9BD3371}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A73730D7-1D88-3DAB-9A3B-3959093347CC}" = CCC Help Chinese Standard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD49C89-CA9D-911E-0407-8EE0521EA24D}" = CCC Help Dutch
"{AC76BA86-7AD7-1053-7B44-A81000000003}" = Adobe Reader 8.1.1 - Svenska
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BBF8FA9C-23D9-4310-9AC7-A3A9AE7EE4D7}" = Backpacker 3
"{BF49AD34-C4F3-115A-CACE-E06EA0B59EDC}" = CCC Help Korean
"{C3075CFB-4EFE-AD80-587A-3FB74338A44D}" = Catalyst Control Center Localization Finnish
"{C3FE3DD5-92E1-4EC3-BD6B-822DD99E8991}" = Windows Live Photo Gallery
"{C705D235-051D-B65E-DAF2-E4D104F640A6}" = CCC Help Norwegian
"{C985DD31-E62E-E121-D918-E7CDE78B523B}" = Catalyst Control Center Core Implementation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEDFF4EA-DFCF-312A-773A-4F743AAF78E2}" = Catalyst Control Center Localization Japanese
"{D55BA1E9-0517-C325-00BD-B68087923AE9}" = CCC Help Hungarian
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD3D3F5A-BFB9-CEC4-1A86-619E7FF83300}" = Catalyst Control Center Localization Chinese Traditional
"{DE64DACB-B8EA-BF73-EB87-67C22FFA0C52}" = ccc-utility
"{E1B530E5-3515-AC68-CA75-0932BA837A1A}" = CCC Help Thai
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E54F065A-4DCB-1875-222D-CF27620AF646}" = Catalyst Control Center Localization Portuguese
"{E6802BDF-0F93-6DB7-E542-B1B36BAA9FFF}" = Catalyst Control Center Localization French
"{E858ECF5-7644-33F3-EBE5-1A6D4E606F5B}" = CCC Help Turkish
"{EA6DCFC6-BCA2-D901-7417-19261C50802A}" = Catalyst Control Center Localization Hungarian
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A77E14-33CE-438D-BBF9-DDF41FFC6FE5}" = Backpacker 3 Americana
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6527F8D-F203-CD41-7D39-2C6FBB91DCAD}" = CCC Help Italian
"{FBB22939-6AAD-A6EB-5AA1-BAA166F2D032}" = CCC Help Czech
"{FDC08E4B-F82B-6183-D0B5-A5F89678AB82}" = Catalyst Control Center Graphics Light
"{FE890808-EE76-63DF-6D0E-4609D2520DF0}" = Catalyst Control Center Localization German
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEDD8B8B-6EA0-A35C-6CB4-06F1AF4D7769}" = Catalyst Control Center Localization Norwegian
"{FF62A079-FE47-C34A-AB88-C61CA838B007}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"avast!" = avast! Antivirus
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Ifolor-Designer21" = ifolor Designer
"iid" = Net iD 5.3
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Administratörslösenord
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBAs maskinvaruinstallningar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Josefin - Expedition Sverige" = Josefin - Expedition Sverige
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - sve" = Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"myphotobook" = myphotobook 3.1
"NSS" = Norton Security Scan
"PhotoStitch" = Canon Utilities PhotoStitch
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2002946825-3677852132-797418189-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC Media Center

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-05-16 16:28:40 | Computer Name = Ulrika-dator | Source = EventSystem | ID = 4621
Description =

Error - 2010-05-23 04:46:20 | Computer Name = Ulrika-dator | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet javaw.exe, version 6.0.200.2, tidsstämpel
0x4bc398b3, felet uppstod i modulen java.dll, version 6.0.200.2, tidsstämpel 0x4bc3c8dc,
undantagskod 0xc0000005, felförskjutning 0x00005875, process-ID 0x1d4, programmets
starttid 0x01cafa5466d7d4ed.

Error - 2010-05-24 08:40:24 | Computer Name = Ulrika-dator | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet Apselut spunk.exe, version 10.1.0.11, tidsstämpel
0x413ffc3a, felet uppstod i modulen Apselut spunk.exe, version 10.1.0.11, tidsstämpel
0x413ffc3a, undantagskod 0xc0000005, felförskjutning 0x00003d70, process-ID 0x1464,
programmets starttid 0x01cafb3e46ba2970.

Error - 2010-05-24 08:40:44 | Computer Name = Ulrika-dator | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet Apselut spunk.exe, version 10.1.0.11, tidsstämpel
0x413ffc3a, felet uppstod i modulen Apselut spunk.exe, version 10.1.0.11, tidsstämpel
0x413ffc3a, undantagskod 0xc0000005, felförskjutning 0x00003d70, process-ID 0x14b0,
programmets starttid 0x01cafb3e5235eb90.

Error - 2010-05-24 08:41:27 | Computer Name = Ulrika-dator | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet Apselut spunk.exe, version 10.1.0.11, tidsstämpel
0x413ffc3a, felet uppstod i modulen Apselut spunk.exe, version 10.1.0.11, tidsstämpel
0x413ffc3a, undantagskod 0xc0000005, felförskjutning 0x00003d70, process-ID 0x10fc,
programmets starttid 0x01cafb3e6ad1b1c0.

Error - 2010-05-24 08:41:41 | Computer Name = Ulrika-dator | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet Inställningar.exe, version 10.1.0.11, tidsstämpel
0x413ffc3a, felet uppstod i modulen Inställningar.exe, version 10.1.0.11, tidsstämpel
0x413ffc3a, undantagskod 0xc0000005, felförskjutning 0x00003e6f, process-ID 0xa04,
programmets starttid 0x01cafb3e73692840.

Error - 2010-05-24 08:42:50 | Computer Name = Ulrika-dator | Source = EventSystem | ID = 4621
Description =

Error - 2010-06-07 14:27:32 | Computer Name = Ulrika-dator | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet javaw.exe, version 6.0.200.2, tidsstämpel
0x4bc398b3, felet uppstod i modulen java.dll, version 6.0.200.2, tidsstämpel 0x4bc3c8dc,
undantagskod 0xc0000005, felförskjutning 0x00005875, process-ID 0xb14, programmets
starttid 0x01cb066f15757183.

Error - 2010-06-09 03:48:05 | Computer Name = Ulrika-dator | Source = EventSystem | ID = 4621
Description =

Error - 2010-06-14 07:06:42 | Computer Name = Ulrika-dator | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 2008-04-18 10:31:57 | Computer Name = Ulrika-dator | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: det gick inte att hämta paketet
MCESpotlight.

[ System Events ]
Error - 2010-07-02 09:30:42 | Computer Name = Ulrika-dator | Source = BROWSER | ID = 8032
Description =

Error - 2010-07-02 12:55:49 | Computer Name = Ulrika-dator | Source = DCOM | ID = 10010
Description =

Error - 2010-07-02 12:57:30 | Computer Name = Ulrika-dator | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-07-02 13:29:43 | Computer Name = Ulrika-dator | Source = BROWSER | ID = 8032
Description =

Error - 2010-07-02 18:41:31 | Computer Name = Ulrika-dator | Source = BROWSER | ID = 8032
Description =

Error - 2010-07-02 19:35:38 | Computer Name = Ulrika-dator | Source = DCOM | ID = 10010
Description =

Error - 2010-07-03 02:38:30 | Computer Name = Ulrika-dator | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-07-03 02:39:43 | Computer Name = Ulrika-dator | Source = netbt | ID = 4321
Description = Namnet WORKGROUP :1d kunde inte registreras på det gränssnitt
som har IP-adressen 192.168.1.67. Den dator som har IP-adressen 192.168.1.64 tillät
inte att den här datorn använder namnet.

Error - 2010-07-03 03:55:11 | Computer Name = Ulrika-dator | Source = DCOM | ID = 10010
Description =

Error - 2010-07-03 03:56:47 | Computer Name = Ulrika-dator | Source = Service Control Manager | ID = 7000
Description =


< End of report >


and a malewarebyteslog:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databasversion: 4269

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

2010-07-03 09:54:08
mbam-log-2010-07-03 (09-54-08).txt

Skanningstyp: Snabbskanning
Antal skannade objekt: 150044
Förfluten tid: 11 minut(er), 11 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 1
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> Quarantined and deleted successfully.

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)
 
Hi. :)

The laptop is very slow.. but it has been for a while.
Otherwise no big problems.
Click to expand...
OK, no problem and we can address this in due course.

I think it can be like you said they came from the backupemail.. the backup is a hotmailaccount.. is that safe enough? I have chnanged that accounts pass and questions as well.
Click to expand...
Hotmail is fine to use and as long as you have used a strong password as I mentioned prior and the secret question is not something obvious and the answer pertaining is completely random should be fine.

That link you gave me helped I have changed the pass for my router and added the best cryptation I know works.
Click to expand...
Good. I use a wireless router myself and you would be surprised how many individuals in my locale used a unprotected network, it is very unsafe to say the least. Plus when I do not need the wireless mode I deactivate it as my main machine is connected directly to the router.

Did you also set a Pre-shared Key (PSK) password so no machine can join your wireless network without such?

Next:

Now please go to Start >> Control Panel >> Programs and Features and remove the following (if present):

DAEMON Tools Toolbar
Spybot - Search & Destroy <-- This may be reinstalled when I give the all clear.
Java(TM) SE Runtime Environment 6
LiveUpdate 3.2 (Symantec Corporation)

To do so click once on each of the above and click on Uninstall/Change and follow the prompts.

Next:

Please download DeFogger to your desktop.

Right click DeFogger and select Run as Administrator to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:
  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: 
:OTL
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2002946825-3677852132-797418189-1001..\Run: [TOSCDSPD] File not found
O9 - Extra Button: Tradera - Köp och sälj - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} http://fika-web.ifolor.net/OrderingG...oader_fika.cab  (IfolorUploader Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
O33 - MountPoints2\{84f7d4ee-306b-11df-97b8-001b383fab7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{84f7d4fd-306b-11df-97b8-001b383fab7f}\Shell - "" = AutoRun
O33 - MountPoints2\{84f7d4fd-306b-11df-97b8-001b383fab7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
[2010-07-02 18:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010-07-02 18:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010-07-02 18:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010-07-02 18:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-07-02 18:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-06-09 20:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BanzaiInteractive
[2010-06-09 11:28:32 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010-07-02 18:57:24 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Anders.job
[2010-07-02 18:06:29 | 000,001,353 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
2010-07-02 18:00:22 | 000,001,060 | ---- | M] () -- C:\Users\Anders\Desktop\Spybot - Search & Destroy.lnk
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:949483BD

:Files
C:\Program Files\DAEMON Tools Lite

:Commands
[Purity]
[ResetHosts]
[EmptyTemp]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Scan with GMER:

Please download GMER Rootkit Scanner from here.
  • Right-click on the .exe file . and select Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO



    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

When completed the above, please post back the following:
  • Inform myself how your girlfriends computer is running. Any problems encountered?
  • OTL Log.
  • GMER Log.
 
Status
Not open for further replies.
Back
Top