Malware problem

[derarne]

Hi again!


Yes I reset the password you need to log into the router as well.

I unistalled the programs you said..

I got this log from defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:35 on 03/07/2010 (Anders)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


I saved the registry and ran the OTL fix..

The computer seems ok.. it is already a bit faster.

Here are the OTL log:

All processes killed
========== OTL ==========
Error: No service named LiveUpdate Notice Ex was found to stop!
Service\Driver key LiveUpdate Notice Ex not found.
File File not found not found.
Error: No service named LiveUpdate was found to stop!
Service\Driver key LiveUpdate not found.
File C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HWSetup not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec PIF AlertEng not found.
File C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe not found.
Registry value HKEY_USERS\S-1-5-21-2002946825-3677852132-797418189-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
Starting removal of ActiveX control {3B36B017-7E49-426B-95B0-B5CECD83C2E2}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3B36B017-7E49-426B-95B0-B5CECD83C2E2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B36B017-7E49-426B-95B0-B5CECD83C2E2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3B36B017-7E49-426B-95B0-B5CECD83C2E2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B36B017-7E49-426B-95B0-B5CECD83C2E2}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f7d4ee-306b-11df-97b8-001b383fab7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84f7d4ee-306b-11df-97b8-001b383fab7f}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f7d4fd-306b-11df-97b8-001b383fab7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84f7d4fd-306b-11df-97b8-001b383fab7f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f7d4fd-306b-11df-97b8-001b383fab7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84f7d4fd-306b-11df-97b8-001b383fab7f}\ not found.
File G:\AutoRun.exe not found.
Folder C:\ProgramData\Norton\ not found.
Folder C:\ProgramData\NortonInstaller\ not found.
Folder C:\Program Files\NortonInstaller\ not found.
Folder C:\ProgramData\Spybot - Search & Destroy\ not found.
Folder C:\Program Files\Spybot - Search & Destroy\ not found.
Folder C:\ProgramData\BanzaiInteractive\ not found.
File C:\Windows\unvise32.exe not found.
File C:\Windows\tasks\Norton Security Scan for Anders.job not found.
File C:\Users\Public\Desktop\Norton Security Scan.lnk not found.
Unable to delete ADS C:\ProgramData\TEMP:949483BD .
========== FILES ==========
File\Folder C:\Program Files\DAEMON Tools Lite not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Anders
->Temp folder emptied: 152557 bytes
->Temporary Internet Files folder emptied: 4813749 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gabriel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 283094218 bytes
->Java cache emptied: 37606889 bytes
->Flash cache emptied: 62814 bytes

User: Public

User: Ulrika
->Temp folder emptied: 1773391166 bytes
->Temporary Internet Files folder emptied: 1315520988 bytes
->Java cache emptied: 50872974 bytes
->Flash cache emptied: 58228 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66106 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3*305,00 mb

Error: Unable to interpret <[Reboot]Return to OTL, right-click in the Custom Scans/Fixes window (under the > in the current context!

OTL by OldTimer - Version 3.2.7.0 log created on 07032010_140049

Files\Folders moved on Reboot...
C:\Users\Anders\AppData\Local\Temp\Low\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
File\Folder C:\Users\Anders\AppData\Local\Temp\~DF221D.tmp not found!
File\Folder C:\Users\Anders\AppData\Local\Temp\~DF222C.tmp not found!
File\Folder C:\Users\Anders\AppData\Local\Temp\~DF228B.tmp not found!
File\Folder C:\Users\Anders\AppData\Local\Temp\~DF229A.tmp not found!
File\Folder C:\Users\Anders\AppData\Local\Temp\~DF22D9.tmp not found!
File\Folder C:\Users\Anders\AppData\Local\Temp\~DF22E8.tmp not found!
C:\Users\Anders\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BD2JGTFM\showthread[1].htm moved successfully.
C:\Users\Anders\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


and the gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-03 14:48:02
Windows 6.0.6002 Service Pack 2
Running: kbw31mtj.exe; Driver: C:\Users\Anders\AppData\Local\Temp\pwtdqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88159000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x881A2000, 0x510, 0x40000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3004] ntdll.dll!DbgBreakPoint 770A8B2E 1 Byte [90]
.text C:\Program Files\Internet Explorer\iexplore.exe[4300] USER32.dll!CreateWindowExW 76091305 5 Bytes JMP 6AE2DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4300] USER32.dll!DialogBoxParamW 760B10B0 5 Bytes JMP 6AD554C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4300] USER32.dll!DialogBoxIndirectParamW 760B2EF5 5 Bytes JMP 6AF2480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4300] USER32.dll!DialogBoxParamA 760C8152 5 Bytes JMP 6AF247AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4300] USER32.dll!DialogBoxIndirectParamA 760C847D 5 Bytes JMP 6AF24872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4300] USER32.dll!MessageBoxIndirectA 760DD4D9 5 Bytes JMP 6AF24741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4300] USER32.dll!MessageBoxIndirectW 760DD5D3 5 Bytes JMP 6AF246D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4300] USER32.dll!MessageBoxExA 760DD639 5 Bytes JMP 6AF24674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4300] USER32.dll!MessageBoxExW 760DD65D 5 Bytes JMP 6AF24612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!CreateDialogParamW 760872A2 5 Bytes JMP 6AE2DEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!GetAsyncKeyState 7608863C 5 Bytes JMP 6AD48EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!SetWindowsHookExW 760887AD 5 Bytes JMP 6AE29AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!CallNextHookEx 76088E3B 5 Bytes JMP 6AE1D0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!UnhookWindowsHookEx 760898DB 5 Bytes JMP 6AD9467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!EnableWindow 7608CD8B 5 Bytes JMP 6AE2DD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!CreateWindowExW 76091305 5 Bytes JMP 6AE2DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!GetKeyState 76098CB1 5 Bytes JMP 6AE2D2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!IsDialogMessageW 760A0745 5 Bytes JMP 6AD559D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!CreateDialogParamA 760A17AA 5 Bytes JMP 6AF2547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!IsDialogMessage 760A1847 5 Bytes JMP 6AF24D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!CreateDialogIndirectParamA 760A26F1 5 Bytes JMP 6AF254B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!CreateDialogIndirectParamW 760A9A62 5 Bytes JMP 6AF254E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!SetKeyboardState 760B0987 5 Bytes JMP 6AF25086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!DialogBoxParamW 760B10B0 5 Bytes JMP 6AD554C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!DialogBoxIndirectParamW 760B2EF5 5 Bytes JMP 6AF2480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!SendInput 760B2F75 5 Bytes JMP 6AF25C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!EndDialog 760B326E 5 Bytes JMP 6AD57E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!SetCursorPos 760C6FB2 5 Bytes JMP 6AF25C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!DialogBoxParamA 760C8152 5 Bytes JMP 6AF247AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!DialogBoxIndirectParamA 760C847D 5 Bytes JMP 6AF24872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!MessageBoxIndirectA 760DD4D9 5 Bytes JMP 6AF24741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!MessageBoxIndirectW 760DD5D3 5 Bytes JMP 6AF246D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!MessageBoxExA 760DD639 5 Bytes JMP 6AF24674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!MessageBoxExW 760DD65D 5 Bytes JMP 6AF24612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!keybd_event 760DD972 5 Bytes JMP 6AF25FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] SHELL32.dll!SHRestricted + D95 761A8988 4 Bytes [4D, 30, 6A, 63] {DEC EBP; XOR [EDX+0x63], CH}
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] SHELL32.dll!SHRestricted + D9D 761A8990 8 Bytes [57, 2F, 6A, 63, 9C, 5B, 69, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ole32.dll!OleLoadFromStream 759D1E12 5 Bytes JMP 6AF24B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ole32.dll!CoCreateInstance 75A09EA6 5 Bytes JMP 6AE2DB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x0C 0xE5 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDE 0x47 0x58 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x68 0xD6 0x98 0x44 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x0C 0xE5 0xA6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDE 0x47 0x58 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x68 0xD6 0x98 0x44 ...

---- EOF - GMER 1.0.15 ----

Ok..

Have a nice day..

Best Regards DerArne

 

[Dakeyras]

Hi.

Check Hard Disk For Errors:

• Open Notepad.
• Copy and Paste everything from the Code Box below into Notepad: <-- Start(Vista Orb) >> Run... (or depress the Windows and R key together) type in notepad and select OK

@Echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

• Go to File >> Save As
• Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
• Change Save as Type to All Files and save the file to your Desktop.
• It should look similar to this:
  

Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK

firewall.cpl

Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select On(recommended) >> Apply >> OK.

When completed the above, please post back the following:

• checkhd.txt.
• A new OTL Log. <-- Only one log will be produced this time.

 

[derarne]

Hi!

First you got a thanks coming from my girlfriend hehe..
The computer is starting much faster now.

I reseted the firewall.

Here are the 2 new logs:

sorry for the first one being in swedish dont know how to get it in english..

Filsystemet „r av typen NTFS.
Volymetiketten „r Vista.

Varning! Parametern /F har inte angetts.
CHKDSK k”rs i skrivskyddat l„ge.

CHKDSK verifierar filer (steg 1 av 3)...
0 procent klart. (0 av 194112 filposter har behandlats)
0 procent klart. (1807 av 194112 filposter har behandlats)
0 procent klart. (4225 av 194112 filposter har behandlats)
0 procent klart. (8868 av 194112 filposter har behandlats)
1 procent klart. (19412 av 194112 filposter har behandlats)
1 procent klart. (36070 av 194112 filposter har behandlats)
2 procent klart. (38823 av 194112 filposter har behandlats)
2 procent klart. (40070 av 194112 filposter har behandlats)
3 procent klart. (58234 av 194112 filposter har behandlats)
3 procent klart. (75009 av 194112 filposter har behandlats)
4 procent klart. (77645 av 194112 filposter har behandlats)
4 procent klart. (92673 av 194112 filposter har behandlats)
5 procent klart. (97056 av 194112 filposter har behandlats)
6 procent klart. (116468 av 194112 filposter har behandlats)
6 procent klart. (129822 av 194112 filposter har behandlats)
6 procent klart. (135200 av 194112 filposter har behandlats)
7 procent klart. (135879 av 194112 filposter har behandlats)
7 procent klart. (149991 av 194112 filposter har behandlats)
7 procent klart. (155265 av 194112 filposter har behandlats)
8 procent klart. (155290 av 194112 filposter har behandlats)
8 procent klart. (163585 av 194112 filposter har behandlats)
9 procent klart. (174701 av 194112 filposter har behandlats)
9 procent klart. (187496 av 194112 filposter har behandlats)
194112 filposter har behandlats.

Filverifieringen „r klar.
906 stora filposter har behandlats.

0 skadade filposter har behandlats.

0 EA-poster har behandlats.

101 referensposter har behandlats.

CHKDSK verifierar index (steg 2 av 3)...
10 procent klart. (1808 av 247552 indexposter har behandlats)
11 procent klart. (5055 av 247552 indexposter har behandlats)
12 procent klart. (10446 av 247552 indexposter har behandlats)
13 procent klart. (15837 av 247552 indexposter har behandlats)
14 procent klart. (21227 av 247552 indexposter har behandlats)
15 procent klart. (26618 av 247552 indexposter har behandlats)
16 procent klart. (32008 av 247552 indexposter har behandlats)
16 procent klart. (37040 av 247552 indexposter har behandlats)
17 procent klart. (37399 av 247552 indexposter har behandlats)
17 procent klart. (39686 av 247552 indexposter har behandlats)
18 procent klart. (42790 av 247552 indexposter har behandlats)
19 procent klart. (48180 av 247552 indexposter har behandlats)
20 procent klart. (53571 av 247552 indexposter har behandlats)
21 procent klart. (58962 av 247552 indexposter har behandlats)
22 procent klart. (64352 av 247552 indexposter har behandlats)
23 procent klart. (69743 av 247552 indexposter har behandlats)
24 procent klart. (75133 av 247552 indexposter har behandlats)
25 procent klart. (80524 av 247552 indexposter har behandlats)
26 procent klart. (85915 av 247552 indexposter har behandlats)
27 procent klart. (91305 av 247552 indexposter har behandlats)
28 procent klart. (96696 av 247552 indexposter har behandlats)
29 procent klart. (102086 av 247552 indexposter har behandlats)
30 procent klart. (107477 av 247552 indexposter har behandlats)
31 procent klart. (112868 av 247552 indexposter har behandlats)
32 procent klart. (118258 av 247552 indexposter har behandlats)
33 procent klart. (123649 av 247552 indexposter har behandlats)
34 procent klart. (129039 av 247552 indexposter har behandlats)
34 procent klart. (133506 av 247552 indexposter har behandlats)
35 procent klart. (134430 av 247552 indexposter har behandlats)
36 procent klart. (139821 av 247552 indexposter har behandlats)
37 procent klart. (145211 av 247552 indexposter har behandlats)
38 procent klart. (150602 av 247552 indexposter har behandlats)
39 procent klart. (155992 av 247552 indexposter har behandlats)
40 procent klart. (161383 av 247552 indexposter har behandlats)
41 procent klart. (166774 av 247552 indexposter har behandlats)
42 procent klart. (172164 av 247552 indexposter har behandlats)
43 procent klart. (177555 av 247552 indexposter har behandlats)
44 procent klart. (182945 av 247552 indexposter har behandlats)
45 procent klart. (188336 av 247552 indexposter har behandlats)
46 procent klart. (193727 av 247552 indexposter har behandlats)
46 procent klart. (194115 av 247552 indexposter har behandlats)
46 procent klart. (194123 av 247552 indexposter har behandlats)
46 procent klart. (194311 av 247552 indexposter har behandlats)
46 procent klart. (194427 av 247552 indexposter har behandlats)
46 procent klart. (194600 av 247552 indexposter har behandlats)
46 procent klart. (194998 av 247552 indexposter har behandlats)
46 procent klart. (195122 av 247552 indexposter har behandlats)
46 procent klart. (195445 av 247552 indexposter har behandlats)
46 procent klart. (195719 av 247552 indexposter har behandlats)
46 procent klart. (196377 av 247552 indexposter har behandlats)
46 procent klart. (196688 av 247552 indexposter har behandlats)
46 procent klart. (196824 av 247552 indexposter har behandlats)
46 procent klart. (196943 av 247552 indexposter har behandlats)
46 procent klart. (197210 av 247552 indexposter har behandlats)
46 procent klart. (197268 av 247552 indexposter har behandlats)
46 procent klart. (197380 av 247552 indexposter har behandlats)
46 procent klart. (197467 av 247552 indexposter har behandlats)
46 procent klart. (197617 av 247552 indexposter har behandlats)
46 procent klart. (197694 av 247552 indexposter har behandlats)
46 procent klart. (197744 av 247552 indexposter har behandlats)
46 procent klart. (197748 av 247552 indexposter har behandlats)
46 procent klart. (198380 av 247552 indexposter har behandlats)
46 procent klart. (199050 Indexverifieringen „r klar.
0 oindexerade filer har behandlats.

CHKDSK verifierar s„kerhetsbeskrivare (steg 3 av 3)...
55 procent klart. (0 av 194112 beskrivare har behandlats)
56 procent klart. (241 av 194112 beskrivare har behandlats)
56 procent klart. (12033 av 194112 beskrivare har behandlats)
57 procent klart. (16413 av 194112 beskrivare har behandlats)
58 procent klart. (32585 av 194112 beskrivare har behandlats)
59 procent klart. (48757 av 194112 beskrivare har behandlats)
60 procent klart. (64929 av 194112 beskrivare har behandlats)
61 procent klart. (81100 av 194112 beskrivare har behandlats)
62 procent klart. (97272 av 194112 beskrivare har behandlats)
63 procent klart. (113444 av 194112 beskrivare har behandlats)
64 procent klart. (129616 av 194112 beskrivare har behandlats)
65 procent klart. (145788 av 194112 beskrivare har behandlats)
66 procent klart. (161960 av 194112 beskrivare har behandlats)
67 procent klart. (178131 av 194112 beskrivare har behandlats)
194112 s„kerhetsbeskrivare har behandlats.

Verifieringen av s„kerhetsbeskrivare „r klar.
26721 datafiler har behandlats.

CHKDSK verifierar USN-journalen...
99 procent klart. (0 av 34281320 USN-byte har behandlats)
99 procent klart. (11997184 av 34281320 USN-byte har behandlats)
99 procent klart. (22142976 av 34281320 USN-byte har behandlats)
99 procent klart. (30871552 av 34281320 USN-byte har behandlats)
100 procent klart. (34275328 av 34281320 USN-byte har behandlats)
34281320 USN-byte har behandlats.

Verifieringen av USN-journalen „r klar.
Filsystemet har kontrollerats. Inga problem p†tr„ffades.

78144511 kB diskutrymme totalt.
49700960 kB i 120831 filer.
68432 kB i 26722 index.
0 kB i skadade sektorer.
308587 kB anv„nds av operativsystemet.
65536 kB h†rddisksutrymme anv„nds av loggfilen.
28066532 kB ledigt utrymme.

4096 byte i varje allokeringsenhet.
19536127 allokeringsenheter finns totalt p† disken.
7016633 allokeringsenheter „r tillg„ngliga p† disken.


and the otl log:

OTL logfile created on: 2010-07-03 22:42:33 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Anders\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 27,91 Gb Free Space | 37,45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73,06 Gb Total Space | 37,99 Gb Free Space | 52,00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ULRIKA-DATOR
Current User Name: Anders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Anders\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Net iD\iid.exe (SecMaker AB)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Anders\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Service) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2002946825-3677852132-797418189-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKU\S-1-5-21-2002946825-3677852132-797418189-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2002946825-3677852132-797418189-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-07-03 14:00:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2002946825-3677852132-797418189-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Net iD] C:\Program Files\Net iD\iid.exe (SecMaker AB)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2002946825-3677852132-797418189-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2002946825-3677852132-797418189-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Ulrika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldsv-se.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujidirekt.se/aurigma/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.fujidirekt.se/aurigma/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game03.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.fujidirekt.se/aurigma2/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-07-03 13:46:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-07-03 13:44:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-07-03 13:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-07-03 13:42:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Anders\erunt-setup.exe
[2010-07-03 10:03:36 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Anders\Desktop\OTL.exe
[2010-07-03 09:40:34 | 000,000,000 | ---D | C] -- C:\Users\Anders\AppData\Roaming\Malwarebytes
[2010-07-03 09:40:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-07-03 09:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-07-03 09:40:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-07-03 09:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-07-02 18:06:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010-07-02 18:06:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207000.034
[2010-07-02 15:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-07-01 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Artifex Mundi
[2010-06-29 20:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kristanix Games
[2010-06-26 20:08:14 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010-06-26 20:08:13 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010-06-26 20:08:13 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010-06-26 19:24:31 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010-06-26 19:24:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010-06-21 21:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2010-06-14 13:17:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010-06-14 13:17:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010-06-14 13:17:02 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010-06-14 13:17:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010-06-14 13:17:01 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010-06-14 13:17:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010-06-14 13:17:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010-06-14 13:17:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010-06-14 13:17:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010-06-14 13:17:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010-06-14 13:17:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010-06-14 13:17:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010-06-14 13:17:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010-06-14 13:17:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010-06-14 13:16:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010-06-14 13:16:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010-06-14 13:16:47 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010-06-14 13:16:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010-06-14 13:16:38 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010-06-09 11:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Josefin - Expedition Sverige
[2010-06-08 20:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\rionix
[2010-06-07 18:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\GOA

========== Files - Modified Within 30 Days ==========

[2010-07-03 22:42:20 | 005,505,024 | -HS- | M] () -- C:\Users\Anders\NTUSER.DAT
[2010-07-03 22:30:20 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-07-03 22:30:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-07-03 22:30:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-07-03 22:30:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-07-03 22:30:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-07-03 22:29:59 | 2145,435,648 | -HS- | M] () -- C:\hiberfil.sys
[2010-07-03 15:02:39 | 000,524,288 | -HS- | M] () -- C:\Users\Anders\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010-07-03 15:02:39 | 000,065,536 | -HS- | M] () -- C:\Users\Anders\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010-07-03 15:02:32 | 003,236,098 | -H-- | M] () -- C:\Users\Anders\AppData\Local\IconCache.db
[2010-07-03 14:15:02 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-07-03 14:14:55 | 000,293,376 | ---- | M] () -- C:\Users\Anders\kbw31mtj.exe
[2010-07-03 14:00:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010-07-03 13:43:11 | 000,000,698 | ---- | M] () -- C:\Users\Anders\Desktop\NTREGOPT.lnk
[2010-07-03 13:43:11 | 000,000,679 | ---- | M] () -- C:\Users\Anders\Desktop\ERUNT.lnk
[2010-07-03 13:42:21 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Anders\erunt-setup.exe
[2010-07-03 13:36:16 | 000,000,176 | ---- | M] () -- C:\Users\Anders\defogger_reenable
[2010-07-03 13:35:23 | 000,050,477 | ---- | M] () -- C:\Users\Anders\Desktop\Defogger.exe
[2010-07-03 10:03:43 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Anders\Desktop\OTL.exe
[2010-07-03 09:40:29 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-07-02 18:06:26 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207000.034\isolate.ini
[2010-06-16 22:14:47 | 000,315,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010-07-03 14:14:52 | 000,293,376 | ---- | C] () -- C:\Users\Anders\kbw31mtj.exe
[2010-07-03 13:43:11 | 000,000,698 | ---- | C] () -- C:\Users\Anders\Desktop\NTREGOPT.lnk
[2010-07-03 13:43:11 | 000,000,679 | ---- | C] () -- C:\Users\Anders\Desktop\ERUNT.lnk
[2010-07-03 13:35:51 | 000,000,176 | ---- | C] () -- C:\Users\Anders\defogger_reenable
[2010-07-03 13:35:22 | 000,050,477 | ---- | C] () -- C:\Users\Anders\Desktop\Defogger.exe
[2010-07-03 09:40:29 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-07-02 19:30:59 | 000,000,120 | ---- | C] () -- C:\Users\Anders\fupp.txt
[2010-07-02 18:06:26 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207000.034\isolate.ini
[2010-06-09 11:28:32 | 000,007,794 | ---- | C] () -- C:\Program Files\uninstal.log
[2009-07-12 21:42:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008-11-29 17:10:05 | 000,000,023 | ---- | C] () -- C:\Windows\Disney.ini
[2007-10-30 19:46:33 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007-10-30 19:46:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007-10-30 19:46:33 | 000,010,161 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007-10-30 19:46:33 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007-06-06 17:19:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007-06-06 17:19:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007-06-06 17:19:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007-06-06 17:19:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007-06-06 17:19:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007-06-06 17:19:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007-06-06 17:09:50 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007-06-06 16:57:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007-06-06 16:33:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007-06-06 16:27:41 | 000,000,291 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007-06-06 16:26:35 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006-12-05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005-11-23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005-07-22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
< End of report >

 

[Dakeyras]

Hi.

First you got a thanks coming from my girlfriend hehe..
The computer is starting much faster now.

Good and she is most welcome!

sorry for the first one being in swedish dont know how to get it in english..

Not a problem actually, a few of my colleagues here in Safer Networking could translate if the need and my own wife is a linguist by profession. Plus I myself am trilingual(English/German & Irish).

OK the below will most probably take some time but I assure you it is worth it. I did notice from the first custom OTL script I asked your good self to run on your girlfriends computers that a distinct lack of system maintenance was evident. Basically every time a computer is used it creates a series of temporary files to enable quick loading of the most used applications and if used online similar for say the most visited sites in the form of what is known as cookies. A lot more is created also but to keep it simple rule of thumb after every session a machine is used regardless the purpose it is prudent to run some form system maintenance, the windows in-built utilities are fine to a extent but fairly basic to be honest. Performing such though may be tedious will actually go a long way to-wards keeping the health if you will of a machines hard-drive optimal and overall performance at its best within the the actual specifications of a individual machine. What I posted here explains it far better to be perfectly honest as I am far from any form of say a word smith(Importance of Regular System Maintenance).

The below as mentioned may take some time and will involve a series of system reboots:-

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Right-click TFC.exe and select Run as Administrator to run the program.
• Click the Start button in the bottom left of TFC
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Vista Check-Disk:

I am sorry I do not have a specific set of instructions for this but I do have a tutorial here pertaining to XP and the overall process is quite similar.

Please visit this webpage and scroll down to:

METHOD ONE:
Run Check Disk from within Vista

Then follow the instructions through 1 - 10 and then reboot your computer and let the Check-Disk perform its tasks. This may take some time.

Note: Please make sure you do carry out the above as it is vital!

Run Kaspersky Online AV Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable the current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

This online tuturial will help explain how to use the aforementioned online scan.

Note: Do not forget to re-enable the Anti-Virus application after running the above scan!

When completed the above, please post back the following:

• Inform myself how the computer is running. Any problems encountered and or further symptoms?
• Kaspersky results.

 

[derarne]

Hi!

I ran the temp cleaner

I did the checkdisk took about 1.5 hours.

But I dont manage to run the kaspersky online scanner..
says something about the key is expired at the end of the update and wont run..

The computer runs ok..

/DerArne

 

[Dakeyras]

Hi.

I did the checkdisk took about 1.5 hours.

Good, far quicker than I was anticipating to be honest.

But I dont manage to run the kaspersky online scanner..
says something about the key is expired at the end of the update and wont run..

OK not a problem and though I would have preferred the log from that scan as a second opinion if you will regarding the initial results from the Eset scan you ran. Plus unfortunately the Kaspersky online scan can be temperamental and does not always work as it should and sometimes just down to Murphy's law which basically means the unexpected can and will happen were anything online is concerned.

OK please run the ESET online scan instead as follows and if the same files are flagged again we can actually check them if I deem it necessary.

Note: You will however need to disable the current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the Internet Explorer icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here then click on:
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

• Now click on:
  
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
  
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable the Anti-Virus application after running the above scan!

 

[derarne]

Hi!

Ran the eset scanner..

still cant find those logs.. but I created a textfile:

C:\Program Files\myphotobook\xtras\process.exe Win32/PrcView application

Only one thing left.. I think I must have gotten rid of the other 2 when I through away utorrent and some downloaded stuff.

/Best regards Anders

 

[Dakeyras]

Hi.

One question before we proceed any further. Did you actually right-click on the IE executable and run as administrator for the scan?

 

[derarne]

Hi

Yes,at least I think I have all the time but some times I have had this window up first without administrator.. does that matter?

 

[Dakeyras]

Hi.

Thank you for answering my query, should be fine.

Next:

I would like a second opinion about what was flagged by the ESET online scan. I actually suspect this is what as known as a false positive.

However to err on the side of caution I would like for it to be checked again.

Please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:-

http://forums.spybot.info/showthread.php?t=58270

Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\Program Files\myphotobook\xtras\process.exe

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

Host File Reset/Replace:

Please Download HostsXpert and unzip it to the computer, somewhere where you can find it.

The root of the system drive would be a ideal location EG: C:\

• Right-click on HostsXpert.exe and select Run as Administrator to launch the programme.
• Check to see if top button on left hand side says Make Writable?
  • If it does. click on it then proceed to next instruction.
  • If not, just proceed to next instruction
• Click on Restore MS Hosts File to restore your Hosts file to its default condition
• When prompted to confirm, click OK.
• Click on the Download button (lower left hand side)
  • Click on MVPs Hosts... button.
  • Click on Replace button.
  • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
• When finished.
  • Click on File Handling button.
  • Click on Make Read Only? to secure it against infection.
• Exit the programme.

 

[derarne]

Hey!

Submitted the file.

Ran the hostexpert program.

/Best Regards DerArne

 

[Dakeyras]

Hi.

I have checked the file submission and further analysed the file myself. It appears to be a false positive detection so no further action will be required.

Any other issues remaining with your girlfriends machine and or any instances of the original problems overall?

 

[derarne]

Hi!

I have not dared to log in on any of the applications from my girlfriends computer so far, but I have logged in a couple of times from mine without finding anything weird.

My girlfriends computer seems to run ok.. faster than before.

The only thing that worries me a bit is that we have not really found anything to know that we have gotten rid of the problem or have we!?

But things seems fine at the moment .. not intrusions for a couple of days.

Which programs should I ad to the laptop!?

/DerArne

 

[Dakeyras]

Hi.

I have not dared to log in on any of the applications from my girlfriends computer so far, but I have logged in a couple of times from mine without finding anything weird.

OK.

My girlfriends computer seems to run ok.. faster than before.

:bigthumb:

The only thing that worries me a bit is that we have not really found anything to know that we have gotten rid of the problem or have we!?

We have removed very minor malware related files from both machines but overall I suspect it was your Router not being secure at the time coupled with the fact someone had gained access to your accounts and not necessarily via actually accessing either machines persay. Though also the distinct possibility that this infection on your girlfriends machine was the culprit also.

You have changed all passwords associated and when completed my instructions below both machines should be both safe and secure to use online. As long as you follow my advice there may always be chance of infection but as long as you observe safe online practises and both update and scan regularly this will go a long way towards overall online security.

I cannot advise strongly enough though steer clear of absolutely anything P2P related in future. I have dealt with so many infected machines that the use of the aforementioned applications was a major conduit for malware to gain a foothold.

Next:

Congratulations your girlfriends computer appears to be malware free!

Most of the advice below is quite similar to what I posted prior here for yourself but basically just clean up advice pertaining to your girlfriends machine as you mentioned you did bookmark my original advice.

Clean up with OTL:

• Right-click OTL and select Run as Administrator to start the program.
• Close all other programs apart from OTL as this step will require a reboot.
• On the OTL main screen, depress the CleanUp button.
• Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-

• Right click on Computer and select Properties >> System protection >> Create.
• Give this restore point a descriptive name and click Create.
• When done, click Apply >> OK.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

• Right click on Computer and select Properties >> System protection.
• (untick) Vista C system box an click Turn off system restore then Apply >> OK.
• Restart your computer.
• Navigate back to System protection >> (tick) Vista C system box >> Apply >> OK

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

The presently installed security application, avast! Antivirus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

• Click on Start(Vista Orb) >> All Programs >> Windows Update.
• In the navigation pane, click Check for updates.
• After Windows Update has finished checking for updates, click View available updates.
• Click to select the check box for any found, then click Install.
• When completed Reboot(restart) your computer if not prompted to do so.

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Any questions? Feel free to ask, if not stay safe!

 

[derarne]

Hi!

Ok .. cleaned up the system with otl.

Made a new system restorepoint.. dumped the old ones.

Installed the programs I did not have.

Which real-time malware program should I have besides doing my weekly checks? spybot?

How long will this thread stay if I want to go back and read some stuff once again!?

And once again.. thankyou,thankyou,thankyou..

It has been an honour.

Best regards DerArne

 

[Dakeyras]

Hi.

And once again.. thankyou,thankyou,thankyou..

It has been an honour.

You're most welcome!

How long will this thread stay if I want to go back and read some stuff once again!?

Actually once it is archived here you will be able to access it for quite some time, probably not indefinitely but for the foreseeable future anyway and the oldest topic in that part of the forum is nigh on five years old now.

Which real-time malware program should I have besides doing my weekly checks? spybot?

You could actually consider purchasing a licence for Malwarebytes' Anti-Malware. I use the Real Time protection feature myself on all my machines that have a active internet connection and on my Wife's laptop. Though you would need to actually disable the in-built Windows Defender. How to exactly can be read here.

Now if you have opted to re-install Spybot Search & Destroy my advice would be keep as a on-demand scanner only and do not use either the immunisation feature or registry guard as both of these features are actual covered by the Host-File I advised and WinPatrol. If you do a system conflict will occur and overall online protection will be compromised.

This topic here in Safer Networking is worth reading:-

So how did I get infected in the first place? and is updated periodically, so worth bookmarking/add to favourites.

This is also a good resource:- How to prevent Malware.

 

[Dakeyras]

In the event you have not re-enabled the CD Emulation drivers on your girlfriends computer, do so as outlined here. The same procedure pertains except select the option Disable.

--------------

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of the requested logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.