Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow internet connection - have i Been hijacked?


  • Please log in to reply
62 replies to this topic

#1 Rickard G

Rickard G

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:05:54 PM

Posted 20 May 2009 - 02:20 PM

Hi
I'm experiencing extremely slow internet connection and would like to get some help understanding my hijack log.
By slow I mean that I get 147kb downlad and 2048kb upload on a 10mb/10mb fibre connection.
I've run Malwarebytes' Anti-Malware, blink, ccleaner, spybot and glary utilities without finding anything.
Grateful for any help.
Best regards, Rickard

Attached Files


Edited by Rickard G, 20 May 2009 - 04:23 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,942 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:54 PM

Posted 01 June 2009 - 11:12 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Rickard G

Rickard G
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:05:54 PM

Posted 02 June 2009 - 12:44 PM

Hello
I ran dds and here is the result. A also attach attach.txt.
Cheers Rickard


DDS (Ver_09-05-14.01) - NTFSx86
Run by Sluttbruker at 19:17:39,69 on 02.06.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2047.1023 [GMT 2:00]

AV: eEye Digital Security Blink Anti-Virus *On-access scanning disabled* (Updated) {C4821238-EFD9-4B79-B2A5-40CE68D50E68}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: eEye Digital Security Blink AntiSpyware *disabled* (Updated) {10884AE1-E5DE-4DF5-9E39-CF47F8736F04}
FW: eEye Digital Security Blink Firewall *disabled* {AC6BB248-92AF-4E26-A70A-6E5FDB75C144}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\2X\ApplicationServer Client\TUXCredProv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
D:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
C:\Windows\system32\WUDFHost.exe
d:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Windows\V0330Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
D:\Users\Rickard\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.no/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\program files\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Virtual Storage Mount Notification: {3cf560dc-dfcb-4737-82c2-9564ca8f733b} - c:\windows\system32\VSMntNtf.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\users\sluttbruker\appdata\roaming\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: InlineSearchHandleHotKeys Class: {b6ffe2ae-4d12-451f-b457-fe6125ffb1cf} - d:\program files\ieforge\inline search\InlineSearch.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\users\sluttbruker\appdata\roaming\lastpass\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRunOnce: [ypagerps] cmd.exe /C del "c:\program files\yahoo!\messenger\ypagerps.dll"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Gainward] c:\program files\vtune\TBPanel.exe /A
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [V0330Mon.exe] c:\windows\V0330Mon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [c:\windows\system32\v0330ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0330Ext.ax
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [Malwarebytes' Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blink.lnk - d:\program files\eeye digital security\blink\blink.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\jungle~1.lnk - d:\program files\jungle disk desktop\JungleDiskMonitor.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: LastPass - file://c:\users\sluttbruker\appdata\roaming\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\sluttbruker\appdata\roaming\lastpass\context.html?cmd=fillforms
IE: LastPass formulärifyllning - file://c:\users\sluttbruker\appdata\roaming\lastpass\context.html?cmd=fillforms
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: skandiabanken.no\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/nb-no/wlscctrl2.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210978360798
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://nettbank.fokus.no/html/activex/e-Safekey/FOK/e-Safekey.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.eurofoto.no/uploader/ImageUploader4.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
TCP: {0E232C95-3C82-4E34-83DB-84B20B8E907E} = 80.65.49.14,80.65.49.34
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

============= SERVICES / DRIVERS ===============

R0 eeyen;eEye NDIS driver;c:\windows\system32\drivers\eeyenv.sys [2009-5-12 42616]
R1 eeyeh;eeyeh;c:\windows\system32\drivers\eeyehv.sys [2009-5-12 77944]
R1 eeyet;eEye TDI driver;c:\windows\system32\drivers\eeyetv.sys [2009-5-12 48248]
R1 JDFS;JDFS;c:\windows\system32\drivers\jdfs.sys [2009-5-1 145680]
R2 2X SSO Service;2X SSO Service;c:\program files\2x\applicationserver client\TUXCredProv.exe [2008-8-21 260600]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-4-22 328752]
R2 JungleDiskService;JungleDiskService;d:\program files\jungle disk desktop\JungleDiskMonitor.exe [2009-4-28 5271824]
R2 SBSDWSCService;SBSD Security Center Service;d:\program files\spybot - search & destroy\SDWinSec.exe [2008-7-2 1153368]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-5-7 33256]
R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2009-3-14 157696]
S2 blinksvc;eEye Blink Engine;d:\program files\eeye digital security\blink\blinksvc.exe [2009-5-12 219512]
S2 gupdate1c9d60085cb572;Googles oppdateringstjeneste (gupdate1c9d60085cb572);c:\program files\google\update\GoogleUpdate.exe [2009-5-16 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-4 33752]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-4-22 34352]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-1-7 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-1-7 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-1-7 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-1-7 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-1-7 98568]
S3 SMCWGU;SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\drivers\SMCWGU.sys [2007-2-5 449536]

=============== Created Last 30 ================

2009-06-01 23:01 <DIR> --d----- C:\x
2009-05-17 03:18 <DIR> --d----- c:\programdata\Yahoo! Companion
2009-05-12 22:04 96,376 a------- c:\windows\system32\drivers\eeyehv64.sys
2009-05-12 22:04 95,600 a------- c:\windows\system32\drivers\eeyeh.sys
2009-05-12 22:04 77,944 a------- c:\windows\system32\drivers\eeyehv.sys
2009-05-12 22:04 71,024 a------- c:\windows\system32\drivers\eeyet.sys
2009-05-12 22:04 60,024 a------- c:\windows\system32\drivers\eeyetv64.sys
2009-05-12 22:04 52,592 a------- c:\windows\system32\drivers\eeyen.sys
2009-05-12 22:04 49,784 a------- c:\windows\system32\drivers\eeyenv64.sys
2009-05-12 22:04 48,248 a------- c:\windows\system32\drivers\eeyetv.sys
2009-05-12 22:04 42,616 a------- c:\windows\system32\drivers\eeyenv.sys
2009-05-12 21:48 320,912 a------- c:\windows\system32\seccomm.dll
2009-05-12 21:48 299,904 a------- c:\windows\system32\EMSAgent.dll
2009-05-12 21:48 236,984 a------- c:\windows\system32\FileStore.dll
2009-05-12 21:48 200,120 a------- c:\windows\system32\eEyePKI.dll
2009-05-12 21:48 186,784 a------- c:\windows\system32\eevtc.dll
2009-05-12 21:48 176,584 a------- c:\windows\system32\DeploySupport.dll
2009-05-12 21:48 89,520 a------- c:\windows\system32\seccommutil.dll
2009-05-12 21:46 1,078,720 a------- c:\windows\system32\elic.dll
2009-05-12 21:46 284,016 a------- c:\windows\system32\DebugRpt.dll
2009-05-12 21:46 252,272 a------- c:\windows\system32\LocalStorage.dll
2009-05-12 21:44 136 a------- c:\windows\system32\winsusrm.dll
2009-05-07 23:12 33,256 a------- c:\windows\system32\drivers\hssdrv.sys
2009-05-07 23:11 <DIR> --d----- c:\program files\Hotspot Shield

==================== Find3M ====================

2009-06-02 17:28 454,712 a------- c:\windows\system32\perfh014.dat
2009-06-02 17:28 77,486 a------- c:\windows\system32\perfc014.dat
2009-05-13 22:36 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-13 22:36 51,200 a------- c:\windows\inf\infpub.dat
2009-05-13 22:36 86,016 a------- c:\windows\inf\infstor.dat
2009-05-01 20:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-08 16:52 145,680 a------- c:\windows\system32\drivers\jdfs.sys
2009-04-08 16:52 97,792 a------- c:\windows\system32\VSMntNtf.dll
2009-04-08 16:52 74,752 a------- c:\windows\system32\VSNetRdr.dll
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-17 05:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 05:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 05:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-12 17:51 119,296 a------- c:\windows\system32\zlibwapi.dll
2009-03-12 17:51 119,296 a------- c:\windows\system32\zlib.dll
2009-03-08 13:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 13:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 13:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 13:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 13:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 13:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 13:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 13:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 13:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 13:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 13:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 13:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 13:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 13:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 13:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 13:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 13:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 13:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 00:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2008-06-12 17:19 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-01 23:24 56 a---h--- c:\programdata\ezsidmv.dat
2008-06-01 23:24 56 a---h--- c:\progra~2\ezsidmv.dat
2008-04-18 07:40 174 a--sh--- c:\program files\desktop.ini
2008-03-31 23:26 32 a------- c:\programdata\ezsid.dat
2008-03-31 23:26 32 a------- c:\progra~2\ezsid.dat
2006-11-21 07:12 294,254 a------- c:\windows\inf\perflib\0414\perfi.dat
2006-11-21 07:12 294,254 a------- c:\windows\inf\perflib\0414\perfh.dat
2006-11-21 07:12 35,166 a------- c:\windows\inf\perflib\0414\perfd.dat
2006-11-21 07:12 35,166 a------- c:\windows\inf\perflib\0414\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:18:46,08 ===============

Attached Files



#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:54 AM

Posted 03 June 2009 - 10:11 AM

Hello Rickard G :thumbup2: Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





Please perform the following:



Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please post both both logs fromRSIT as well as the one from Kaspersky.

Please do not post any logs as an attachment unless asked to do so.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 Rickard G

Rickard G
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:05:54 PM

Posted 03 June 2009 - 11:31 PM

Hello and thanks for the quick reply. I ran Kaspersky but it didn't generate a report since it didn't find any malware. So i'll just enclose the other two files from RSIT.

_________________________________________________________________________________________________________________________________________

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sluttbruker at 2009-06-04 06:23:26
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 16 GB (32%) free of 50 GB
Total RAM: 2047 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:23:31, on 04.06.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\V0330Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\eEye Digital Security\Blink\blink.exe
D:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
d:\Users\Rickard\Desktop\RSIT.exe
D:\Users\Rickard\Downloads\Sluttbruker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Virtual Storage Mount Notification - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\Windows\system32\VSMntNtf.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\Sluttbruker\AppData\Roaming\LastPass\LPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - d:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\Sluttbruker\AppData\Roaming\LastPass\LPBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [WinampAgent] "d:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [C:\Windows\system32\V0330Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0330Ext.ax
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-4195254563-3926793971-489629327-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Rickard')
O4 - HKUS\S-1-5-21-4195254563-3926793971-489629327-1001\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background (User 'Rickard')
O4 - HKUS\S-1-5-21-4195254563-3926793971-489629327-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Rickard')
O4 - S-1-5-21-4195254563-3926793971-489629327-1001 Startup: 2X ApplicationServer Client.lnk = C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe (User 'Rickard')
O4 - S-1-5-21-4195254563-3926793971-489629327-1001 User Startup: 2X ApplicationServer Client.lnk = C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe (User 'Rickard')
O4 - Global Startup: Blink.lnk = D:\Program Files\eEye Digital Security\Blink\blink.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Jungle Disk Desktop.lnk = D:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\Sluttbruker\AppData\Roaming\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Sluttbruker\AppData\Roaming\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: LastPass formulärifyllning - file://C:\Users\Sluttbruker\AppData\Roaming\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...o/wlscctrl2.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1210978360798
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://nettbank.fokus.no/html/activex/e-Sa...K/e-Safekey.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.eurofoto.no/uploader/ImageUploader4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15107/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E232C95-3C82-4E34-83DB-84B20B8E907E}: NameServer = 80.65.49.14,80.65.49.34
O18 - Filter hijack: text/html - {72D50253-BE71-4c85-9B38-6331E5AD1499} - D:\Program Files\eEye Digital Security\Blink\IEMimeFilter.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\Windows\system32\VSMntNtf.dll
O23 - Service: 2X SSO Service - 2X Software Ltd. - C:\Program Files\2X\ApplicationServer Client\\TUXCredProv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: eEye Blink Engine (blinksvc) - eEye Digital Security - D:\Program Files\eEye Digital Security\Blink\blinksvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eEye Application Bus (eeyeevnt) - eEye Digital Security - C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Googles oppdateringstjeneste (gupdate1c9d60085cb572) (gupdate1c9d60085cb572) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JungleDiskService - Jungle Disk, Inc. - D:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - d:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 15845 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{02A45357-3BDC-457C-B923-9DD03D93A41C}.job
C:\Windows\tasks\User_Feed_Synchronization-{B46D759D-6334-450E-8D95-09F7CEEE226A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-06 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - D:\Program Files\realplayer\rpbrowserrecordplugin.dll [2008-07-22 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CF560DC-DFCB-4737-82C2-9564CA8F733B}]
Virtual Storage Mount Notification - C:\Windows\system32\VSMntNtf.dll [2009-04-08 97792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}]
LastPass Browser Helper Object - C:\Users\Sluttbruker\AppData\Roaming\LastPass\LPBar.dll [2009-05-04 900808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-29 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6FFE2AE-4D12-451F-B457-FE6125FFB1CF}]
InlineSearchHandleHotKeys Class - d:\Program Files\IEForge\Inline Search\InlineSearch.dll [2006-11-07 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-05-07 204248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - LastPass Toolbar - C:\Users\Sluttbruker\AppData\Roaming\LastPass\LPBar.dll [2009-05-04 900808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Gainward"=C:\Program Files\Vtune\TBPanel.exe [2007-06-26 2158592]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-15 136600]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2007-11-21 405504]
"WinampAgent"=d:\Program Files\Winamp\winampa.exe [2009-04-10 37888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2008-11-17 827904]
"V0330Mon.exe"=C:\Windows\V0330Mon.exe [2007-04-30 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"C:\Windows\system32\V0330Ext.ax"=C:\Windows\system32\RegSvr32.exe [2006-11-02 14336]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-28 13687328]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-28 92704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-23 39408]
"SpybotSD TeaTimer"=d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-13 4351216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ypagerps"=cmd.exe /C del C:\Program Files\Yahoo!\Messenger\ypagerps.dll []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Blink.lnk - D:\Program Files\eEye Digital Security\Blink\blink.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Jungle Disk Desktop.lnk - D:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\Windows\system32\VSMntNtf.dll [2009-04-08 97792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97379618-d413-11dc-8578-0019213fdc85}]
shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d907a75f-e7de-11dd-8378-0019213fdc85}]
shell\AutoRun\command - J:\setupSNK.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-04 06:17:14 ----D---- C:\rsit
2009-06-03 21:40:14 ----D---- C:\Windows\Sun
2009-06-03 21:29:27 ----D---- C:\Program Files\WIDCOMM
2009-06-03 18:23:14 ----D---- C:\Windows\LastGood
2009-06-03 18:07:06 ----D---- C:\Program Files\Western Digital Corporation
2009-06-03 18:06:56 ----A---- C:\Windows\jestertb.dll
2009-06-01 23:01:57 ----D---- C:\x
2009-05-17 03:18:59 ----D---- C:\ProgramData\Yahoo! Companion
2009-05-12 21:48:24 ----A---- C:\Windows\system32\seccommutil.dll
2009-05-12 21:48:24 ----A---- C:\Windows\system32\seccomm.dll
2009-05-12 21:48:24 ----A---- C:\Windows\system32\FileStore.dll
2009-05-12 21:48:24 ----A---- C:\Windows\system32\EMSAgent.dll
2009-05-12 21:48:24 ----A---- C:\Windows\system32\eEyePKI.dll
2009-05-12 21:48:24 ----A---- C:\Windows\system32\eevtc.dll
2009-05-12 21:48:24 ----A---- C:\Windows\system32\DeploySupport.dll
2009-05-12 21:46:24 ----A---- C:\Windows\system32\LocalStorage.dll
2009-05-12 21:46:24 ----A---- C:\Windows\system32\elic.dll
2009-05-12 21:46:24 ----A---- C:\Windows\system32\DebugRpt.dll
2009-05-12 21:44:15 ----A---- C:\Windows\system32\winsusrm.dll
2009-05-07 23:11:56 ----D---- C:\Program Files\Hotspot Shield

======List of files/folders modified in the last 1 months======

2009-06-04 06:23:32 ----D---- C:\Windows\Temp
2009-06-04 06:17:55 ----D---- C:\Windows\Prefetch
2009-06-03 23:00:18 ----A---- C:\Windows\ODBC.INI
2009-06-03 21:40:14 ----D---- C:\Windows
2009-06-03 21:36:34 ----SHD---- C:\Windows\Installer
2009-06-03 21:35:35 ----D---- C:\Windows\system32\drivers
2009-06-03 21:34:27 ----D---- C:\Windows\System32
2009-06-03 21:34:19 ----D---- C:\Windows\inf
2009-06-03 21:34:12 ----SHD---- C:\System Volume Information
2009-06-03 21:29:52 ----SD---- C:\Windows\system32\Microsoft
2009-06-03 21:29:27 ----RD---- C:\Program Files
2009-06-03 18:29:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-03 18:23:15 ----D---- C:\Windows\system32\catroot
2009-05-27 23:21:52 ----D---- C:\Windows\winsxs
2009-05-27 23:21:52 ----D---- C:\Program Files\Internet Explorer
2009-05-27 17:35:17 ----D---- C:\Windows\system32\catroot2
2009-05-26 22:28:41 ----D---- C:\PerfLogs
2009-05-20 23:21:57 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-05-18 23:36:05 ----D---- C:\Windows\system32\config
2009-05-17 03:18:59 ----HD---- C:\ProgramData
2009-05-17 03:18:57 ----D---- C:\Program Files\Yahoo!
2009-05-16 10:37:41 ----D---- C:\Program Files\Google
2009-05-16 10:26:39 ----D---- C:\Windows\system32\Tasks
2009-05-16 10:26:38 ----D---- C:\Windows\Tasks
2009-05-15 00:35:21 ----D---- C:\ProgramData\NVIDIA
2009-05-13 22:26:34 ----D---- C:\Program Files\Windows Mail
2009-05-12 22:27:14 ----D---- C:\Windows\system32\spool
2009-05-12 22:27:14 ----D---- C:\Windows\system32\Msdtc
2009-05-12 22:27:12 ----D---- C:\Windows\system32\wbem
2009-05-12 22:27:12 ----D---- C:\Windows\registration
2009-05-12 21:42:05 ----D---- C:\Program Files\Common Files\eEye Digital Security
2009-05-07 09:16:29 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeyeh;eeyeh; C:\Windows\system32\DRIVERS\eeyehv.sys [2009-05-12 77944]
R1 eeyet;eEye TDI driver; C:\Windows\system32\Drivers\eeyetv.sys [2009-05-12 48248]
R1 JDFS;JDFS; \??\C:\Windows\system32\drivers\jdfs.sys [2009-04-08 145680]
R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]
R2 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys [2007-03-16 12256]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2008-01-25 44384]
R3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 btaudio;Bluetooth-lydenhet; C:\Windows\system32\drivers\btaudio.sys [2006-08-18 329901]
R3 BTDriver;Bluetooth-driver for virtuell kommunikasjon; C:\Windows\system32\DRIVERS\btport.sys [2006-08-18 30459]
R3 BTKRNL;Bluetooth-bussenumerator; C:\Windows\system32\DRIVERS\btkrnl.sys [2006-08-18 860058]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\Windows\system32\DRIVERS\btwdndis.sys [2006-08-18 149028]
R3 btwhid;btwhid; C:\Windows\system32\DRIVERS\btwhid.sys [2006-08-18 47875]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys [2006-08-18 67384]
R3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2009-01-31 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2009-04-03 33256]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-03-28 7738816]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-24 50688]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-11-21 348160]
R3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
R3 V0330VID;WebCam Vista/Live! Cam Chat; C:\Windows\system32\DRIVERS\V0330Vid.sys [2007-08-08 157696]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 61883;61883-typeenhet; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 Avc;AVC-enhet; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 BthEnum;Bluetooth Request Block-driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Bluetooth-enhet (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port-driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB-driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Tjenesteproxy for Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Klokkeproxy for Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Kvalitetsbehandlingsproxy for Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Tee/Sink-to-Sink-konverterer for Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SMCWGU;SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC); C:\Windows\system32\DRIVERS\SMCWGU.sys [2007-02-05 449536]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\System32\Drivers\tosrfusb.sys [2004-12-21 34816]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-06 36864]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 2X SSO Service;2X SSO Service; C:\Program Files\2X\ApplicationServer Client\\TUXCredProv.exe [2008-08-21 260600]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 blinksvc;eEye Blink Engine; D:\Program Files\eEye Digital Security\Blink\blinksvc.exe [2009-05-12 219512]
R2 Bonjour Service;Bonjour-tjeneste; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-08-18 266295]
R2 eeyeevnt;eEye Application Bus; C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe [2009-05-12 989128]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-04-22 88624]
R2 HssSrv;Hotspot Shield Helper Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-22 328752]
R2 JungleDiskService;JungleDiskService; D:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe [2009-04-28 5271824]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-28 207392]
R2 SBSDWSCService;SBSD Security Center Service; d:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 STacSV;Audio Service; C:\Windows\system32\STacSV.exe [2007-11-21 204800]
R3 iPod Service;iPod-tjeneste; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 gupdate1c9d60085cb572;Googles oppdateringstjeneste (gupdate1c9d60085cb572); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-16 133104]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-04-22 34352]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-06-04 06:18:04

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->d:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
2X ApplicationServer and LoadBalancer Client-->MsiExec.exe /X{7BDCE432-1DD3-46DC-A5EB-C9D97D9A5EFE}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.1 - Svenska-->MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A91000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo WinOptimizer 5.12-->"d:\Program Files\Ashampoo\Ashampoo WinOptimizer 5\unins000.exe"
Bluetooth Stack for Windows by Billionton-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Caesar IV-->C:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
CamfrogWEB Advanced ActiveX Plugin (remove only)-->"C:\Program Files\CFWebAdvancedU\Uninstall.exe"
Canon EOS Kiss_N REBEL_XT 350D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon PhotoRecord-->MsiExec.exe /X{862983D7-FA08-493E-A9ED-6B7859E069D3}
Canon RAW Codec-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\RAWCodec120\CRCUnInstall.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Digital Photo Professional 3.2-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\DPP\Uninst.ini"
Canon Utilities EOS Capture 1.3-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{16480125-0428-4097-9A2A-74464004D169}
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cerberus FTP Server-->MsiExec.exe /I{DAFA857D-1E2F-49FD-86DB-7D6B30D6BC36}
CodeStuff Starter-->"d:\Program Files\CodeStuff\Starter\unStarter.exe"
Compatibility Pack for 2007 Office-->MsiExec.exe /X{90120000-0020-0414-0000-0000000FF1CE}
Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative WebCam Vista User's Guide (English)-->C:\Windows\IsUninst.exe -f"d:\Program Files\Creative\Creative WebCam Vista\Creative WebCam Vista User's Guide\English\CTManual.isu"
Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0330.uns -unsext NT -plugin V0330Pin.dll -pluginres CtCamPin.crl
Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{E40CE517-0D42-4198-96B4-C8232B257EB5}
DeepBurner v1.9.0.228-->"d:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "d:\Program Files\Astonsoft\DeepBurner\install.log" -u
DivX Codec-->d:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->d:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->d:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->d:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"d:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"d:\Program Files\DVD Shrink\unins000.exe"
DVD43 v4.4.0-->"C:\Program Files\dvd43\unins000.exe"
eEye Digital Security Blink-->MsiExec.exe /I{2AA5B60C-A775-416A-9867-4C0DF3450C30}
Elias Demo-->C:\Windows\unvise32.exe d:\Program Files\Pan Vision\Elias Demo\uninstal.log
eMule-->"d:\Program Files\eMule\Uninstall.exe"
EOS USB WIA Driver-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS USB WIA Driver\Uninst.ini"
Free DVD Ripper 1.5-->C:\Program Files\Free DVD Ripper\Uninst.exe
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Glary Utilities 2.12.0.658-->"d:\Program Files\Glary Utilities\unins000.exe"
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"D:\Users\Rickard\Downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotspot Shield 1.15-->C:\Program Files\Hotspot Shield\Uninstall.exe
iArtwork-->MsiExec.exe /I{A8E95F3D-9BAC-49F9-BDF2-9381FE8B18D0}
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x14 -remove -removeonly
Indeo® Software-->C:\Windows\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Inline Search v1.3 for Internet Explorer (remove only)-->"d:\Program Files\IEForge\Inline Search\uninstall.exe"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
IZArc 3.7-->"C:\Program Files\IZArc\unins000.exe"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jungle Disk Desktop-->MsiExec.exe /X{4837C529-3700-5555-95FC-70C653002611}
Kaspersky Online Scanner-->C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
K-Lite Codec Pack 4.1.6 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LærSelv Word 2003 - Ekspert-->"d:\Program Files\Bonnier Business Forum AS\LærSelv Word 2003 - Ekspert\Uninstall.exe" "d:\Program Files\Bonnier Business Forum AS\LærSelv Word 2003 - Ekspert\install.log" -u
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"d:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mamut daTax Software-->D:\PROGRA~1\daTax\UNWISE.EXE D:\PROGRA~1\daTax\INSTALL.LOG
Microsoft .NET Framework 3.5 Language Pack SP1 - nor-->MsiExec.exe /I{2ADD2892-255C-34C2-AE90-5EF603273DFF}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120414-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Min CeWe Fotoverden-->"D:\Program Files\CeWe Color\Min CeWe Fotoverden\uninstall.exe"
MobileMe-kontrollpanel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.3)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{0A77B7A0-B953-4E39-B4B2-A0181AB9AB06}
OpenOffice.org 3.0-->MsiExec.exe /I{161B3AC6-593F-4AC7-BBBF-88B72012A94E}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Picasa 3-->"d:\Program Files\Google\Picasa3\Uninstall.exe"
Påloggingsassistent for Windows Live-->MsiExec.exe /I{B965A150-17AB-4EB1-AD98-33149DDBD928}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Språkpakke for Microsoft .NET Framework 3.5 SP1 - NOR-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nor\setup.exe
Spybot - Search & Destroy-->"d:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TestDrive Client-->MsiExec.exe /X{36C9E08A-BE2B-40A0-83C5-576748F7B777}
Uniblue ProcessScanner-->"d:\Program Files\Uniblue\ProcessScanner\unins000.exe"
Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vtune 5.3-->"C:\Program Files\Vtune\unins000.exe"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Firefox-->"C:\Users\Sluttbruker\AppData\Roaming\Mozilla\Firefox\Profiles\fqjpv7am.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"d:\Program Files\Winamp\UninstWA.exe"
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: eEye Digital Security Blink Anti-Virus
FW: eEye Digital Security Blink Firewall
AS: Spybot - Search and Destroy
AS: Windows Defender (disabled)
AS: eEye Digital Security Blink AntiSpyware

======System event log======

Computer Name: Sluttbruker-PC
Event Code: 104
Message: Tjenesten publiserer på nettverket.
Record Number: 144375
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20090604040542.822800-000
Event Type: Informasjon
User: NT-MYNDIGHET\LOKAL TJENESTE

Computer Name: Sluttbruker-PC
Event Code: 102
Message: Tjenesten stoppet publisering midlertidig på grunn av en strømhendelse.
Record Number: 144376
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20090604041016.235800-000
Event Type: Informasjon
User: NT-MYNDIGHET\LOKAL TJENESTE

Computer Name: Sluttbruker-PC
Event Code: 104
Message: Tjenesten publiserer på nettverket.
Record Number: 144377
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20090604041119.890800-000
Event Type: Informasjon
User: NT-MYNDIGHET\LOKAL TJENESTE

Computer Name: Sluttbruker-PC
Event Code: 102
Message: Tjenesten stoppet publisering midlertidig på grunn av en strømhendelse.
Record Number: 144378
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20090604041554.494800-000
Event Type: Informasjon
User: NT-MYNDIGHET\LOKAL TJENESTE

Computer Name: Sluttbruker-PC
Event Code: 104
Message: Tjenesten publiserer på nettverket.
Record Number: 144379
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20090604041658.604800-000
Event Type: Informasjon
User: NT-MYNDIGHET\LOKAL TJENESTE

=====Application event log=====

Computer Name: Sluttbruker-PC
Event Code: 103
Message: eEye Auto-Updater succesfully completed. No updates applied . ApplicationBus remained at version 2.4.5.
Record Number: 60691
Source Name: eEye Auto-Update
Time Written: 20090604012256.000000-000
Event Type: Informasjon
User:

Computer Name: Sluttbruker-PC
Event Code: 103
Message: eEye Auto-Updater succesfully completed. No updates applied . SyncIt remained at version 2.4.31.
Record Number: 60692
Source Name: eEye Auto-Update
Time Written: 20090604024818.000000-000
Event Type: Informasjon
User:

Computer Name: Sluttbruker-PC
Event Code: 103
Message: eEye Auto-Updater succesfully completed. No updates applied . ApplicationBus remained at version 2.4.5.
Record Number: 60693
Source Name: eEye Auto-Update
Time Written: 20090604024822.000000-000
Event Type: Informasjon
User:

Computer Name: Sluttbruker-PC
Event Code: 103
Message: eEye Auto-Updater succesfully completed. No updates applied . SyncIt remained at version 2.4.31.
Record Number: 60694
Source Name: eEye Auto-Update
Time Written: 20090604041703.000000-000
Event Type: Informasjon
User:

Computer Name: Sluttbruker-PC
Event Code: 103
Message: eEye Auto-Updater succesfully completed. No updates applied . ApplicationBus remained at version 2.4.5.
Record Number: 60695
Source Name: eEye Auto-Update
Time Written: 20090604041708.000000-000
Event Type: Informasjon
User:

=====Security event log=====

Computer Name: Sluttbruker-PC
Event Code: 5038
Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil.

Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 58632
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090604041757.420800-000
Event Type: Overvåking mislykket
User:

Computer Name: Sluttbruker-PC
Event Code: 5038
Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil.

Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 58633
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090604041757.463800-000
Event Type: Overvåking mislykket
User:

Computer Name: Sluttbruker-PC
Event Code: 5038
Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil.

Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 58634
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090604041757.506800-000
Event Type: Overvåking mislykket
User:

Computer Name: Sluttbruker-PC
Event Code: 5038
Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil.

Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 58635
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090604041757.546800-000
Event Type: Overvåking mislykket
User:

Computer Name: Sluttbruker-PC
Event Code: 5038
Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil.

Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 58636
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090604041757.586800-000
Event Type: Overvåking mislykket
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:54 AM

Posted 04 June 2009 - 08:46 AM

Your first post was on May 20th. On May 12th it looks like you may have installed a new anti-virus/firwall called eEye Digital Security. Is this correct and can you pinpoint whether some of your slow-down problems occurred about the same time?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 Rickard G

Rickard G
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:05:54 PM

Posted 04 June 2009 - 09:31 AM

That is correct. And actually the problems began around that time even though I'm not absolutely sure if it the problem began in direct connection with the installation.

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:54 AM

Posted 04 June 2009 - 09:58 AM

I am unfamiliar with eEye security which doesn't mean it's not a good system just that I am not familiar with it. Do you know how to temporarily disable it? I tried to find some info on it and didn't have any luck. If you can(disable it) what I would suggest is doing so and then trying to navigate around our site or one another that you have trust in to see if it seems to be faster. Of course I am not advising for you to go Web Surfing with your anti-virus turned off as that wouldn't be a good idea. :thumbup2: What I am trying to do is a process of elimination to see if we can pinpoint the problem.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 Rickard G

Rickard G
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:05:54 PM

Posted 04 June 2009 - 02:46 PM

I closed down the whole program (blink) and went to a few safe pages, and I also tried the surfometer at this address http://www.dinside.no/91179/dinsides-surfometer-(med-java).
It looks as if there is no change although the download rate varied and in a few cases went up to 8mb. The last runs I made the download rate ended up quite stable around 150kb/s. As before in other words.

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:54 AM

Posted 04 June 2009 - 04:16 PM

I am going to go back through your logs. So far I am not seeing anything that is Malware related but I'll take another look. In the meantime your Java needs to be updated as this can be a source of infections. If you will take care of that and let me know when you get it done I will be looking at the logs once more.



Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 Rickard G

Rickard G
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:05:54 PM

Posted 05 June 2009 - 12:06 AM

I have removed the old Java and installed the new version. Before installing i rebooted the system.
Rickard

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:54 AM

Posted 05 June 2009 - 09:24 AM

I want you to disable both Windows Defender and TeaTimer and see if it makes a difference.


SPYBOT TEATIMER
  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done and reboot your computer.
    (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]


WINDOWS DEFENDER
  • Click Start > Programs > Windows Defender or launch from the system tray icon.
  • Click on Tools & Settings > Options.
  • Under Real-time protection options, uncheck the "Real-time protection" check box.
  • Click Save.
  • Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
  • (When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.)

Let me know if that helps.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 Rickard G

Rickard G
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:05:54 PM

Posted 06 June 2009 - 06:05 PM

I did what you said with Spybot but I have a problem stopping Windows Defender since I can't find the option Real Time Protection. Also I can't find the uncheck 'use Windows Defender'. I enclose a file where you can see what it looks like. Even though it's in norwegian I guess the user interface picture is the same.

Another thing I found out, and I don't know if it has anything to do with the original problem, is that Amazon Jungle disk monitor eats up almost 50 % of the processor capacity constantly. The strange thing is that it does so even after I have closed it down.

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:54 AM

Posted 07 June 2009 - 09:19 AM

Let Defender go for now. The log shows it as being disabled but the processes show it is still running.


Let's use msconfig and stop Amazon then see how things are running. It should be D:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe


Using msconfig for Vista
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 Rickard G

Rickard G
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:05:54 PM

Posted 07 June 2009 - 01:12 PM

No change unfortunately. Still slow.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users