Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSN virus/trjoan


  • This topic is locked This topic is locked
8 replies to this topic

#1 BraKe

BraKe

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 07 January 2010 - 04:05 PM

Check this log and plz help me, if its in the wrong forum just move it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:35, on 2010-01-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\acs.exe
E:\Program\Avira\AntiVir Desktop\sched.exe
E:\WINDOWS\system32\svchost.exe
E:\Program\Avira\AntiVir Desktop\avguard.exe
E:\Program\IObit\IObit Security 360\IS360srv.exe
E:\Program\Java\jre6\bin\jqs.exe
E:\Program\CDBurnerXP\NMSAccessU.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\WINDOWS\system32\TPSMain.exe
E:\Program\Toshiba\Windows Utilities\Hotkey.exe
E:\Program\Avira\AntiVir Desktop\avgnt.exe
E:\Program\IObit\IObit Security 360\IS360tray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program\Vidalia Bundle\Vidalia\vidalia.exe
E:\Program\Personal\bin\Personal.exe
E:\WINDOWS\system32\TPSBattM.exe
E:\Program\Vidalia Bundle\Tor\tor.exe
E:\Program\Vidalia Bundle\Polipo\polipo.exe
E:\Program\IObit\IObit Security 360\is360.exe
E:\Program\Windows Live\Messenger\msnmsgr.exe
E:\Program\Windows Live\Contacts\wlcomm.exe
E:\WINDOWS\System32\svchost.exe
E:\Program\Mozilla Firefox\firefox.exe
C:\Casino\Svenska Spels Poker\poker.exe
C:\Casino\Svenska Spels Poker\browserhost.exe
E:\Program\Windows Media Player\wmplayer.exe
C:\Casino\Svenska Spels Poker\poker.exe
E:\Program\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "E:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ACU] E:\Program\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "E:\Program\Toshiba\Windows Utilities\Hotkey.exe" /lang SE
O4 - HKLM\..\Run: [avgnt] "E:\Program\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IObit Security 360] "E:\Program\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "E:\Program\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BankID säkerhetsprogram.lnk = E:\Program\Personal\bin\Personal.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros konfigurationstjänst (ACS) - Atheros - E:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - E:\Program\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - E:\Program\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:42 PM

Posted 14 January 2010 - 11:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 BraKe

BraKe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 15 January 2010 - 12:11 PM

People get spam messages from my MSN Messenger. And lately the computer has been acting really slow, this is the log from DDS:

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2005-05-07 17:24:05
System Uptime: 2010-01-15 10:30:09 (8 hours ago)

Motherboard: TOSHIBA | | Equium L30
Processor: Intel® Celeron® M CPU 410 @ 1.46GHz | U23 | 1466/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 165 GiB total, 53,72 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 68 GiB total, 58,076 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modemenhet på High Definition Audio-buss
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_11790001&REV_1002\4&165E4D3D&0&0101
Manufacturer:
Name: Modemenhet på High Definition Audio-buss
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_11790001&REV_1002\4&165E4D3D&0&0101
Service:

==== System Restore Points ===================

RP62: 2010-01-15 16:29:40 - Systemkontrollpunkt

==== Installed Programs ======================

3100_3200_3300_Help
3100_3200_3300trb
3300
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AiO_Scan_CDA
AiOSoftwareNPI
Atheros Client Utility
Atheros Driver Installation Program
ATI - Hjälp för avinstallation av program
ATI Display Driver
ATI Kontrollpanel
BankID säkerhetsprogram 4.10.4
BitTorrent
BufferChm
CDBurnerXP
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DivX Web Player
DocProc
DocumentViewer
DocumentViewerQFolder
eSupportQFolder
Everest Casino (Remove Only)
EVEREST Home Edition v2.20
Everest Poker (Remove Only)
EZ MPEG TO AVI Converter 3.00
Fax_CDA
Foxit Reader
Full Tilt Poker
FullDPAppQFolder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
InstantShareDevices
IObit Security 360
Java™ 6 Update 13
Java™ 6 Update 17
K-Lite Codec Pack 5.5.1 (Basic)
LiveUpdate 3.2 (Symantec Corporation)
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - SVE
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - SVE
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MZ Manager 2
NewCopy_CDA
OpenOffice.org 3.1
PanoStandAlone
PhotoGallery
Poker at bet365
PokerStars
Polipo 1.0.4
ProductContextNPI
RandMap
Readme
REALTEK GbE & FE Ethernet NIC Driver
Realtek High Definition Audio Driver
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Segoe UI
SkinsHP1
Skype web features
Skype™ 4.1
Snabbkorrigering för Windows Media Player 11 (KB939683)
Snabbkorrigering för Windows XP (KB952287)
Snabbkorrigering för Windows XP (KB961118)
Snabbkorrigering för Windows XP (KB976098-v2)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB971961)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB976325)
Säkerhetsuppdatering för Windows Media Player (KB952069)
Säkerhetsuppdatering för Windows Media Player (KB954155)
Säkerhetsuppdatering för Windows Media Player (KB968816)
Säkerhetsuppdatering för Windows Media Player (KB973540)
Säkerhetsuppdatering för Windows Media Player 11 (KB954154)
Säkerhetsuppdatering för Windows XP (KB923561)
Säkerhetsuppdatering för Windows XP (KB923789)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952004)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB954459)
Säkerhetsuppdatering för Windows XP (KB955069)
Säkerhetsuppdatering för Windows XP (KB956572)
Säkerhetsuppdatering för Windows XP (KB956744)
Säkerhetsuppdatering för Windows XP (KB956802)
Säkerhetsuppdatering för Windows XP (KB956803)
Säkerhetsuppdatering för Windows XP (KB956844)
Säkerhetsuppdatering för Windows XP (KB957097)
Säkerhetsuppdatering för Windows XP (KB958644)
Säkerhetsuppdatering för Windows XP (KB958687)
Säkerhetsuppdatering för Windows XP (KB958869)
Säkerhetsuppdatering för Windows XP (KB959426)
Säkerhetsuppdatering för Windows XP (KB960225)
Säkerhetsuppdatering för Windows XP (KB960803)
Säkerhetsuppdatering för Windows XP (KB960859)
Säkerhetsuppdatering för Windows XP (KB961371-v2)
Säkerhetsuppdatering för Windows XP (KB961501)
Säkerhetsuppdatering för Windows XP (KB969059)
Säkerhetsuppdatering för Windows XP (KB969947)
Säkerhetsuppdatering för Windows XP (KB970238)
Säkerhetsuppdatering för Windows XP (KB970430)
Säkerhetsuppdatering för Windows XP (KB971486)
Säkerhetsuppdatering för Windows XP (KB971557)
Säkerhetsuppdatering för Windows XP (KB971633)
Säkerhetsuppdatering för Windows XP (KB971657)
Säkerhetsuppdatering för Windows XP (KB971961)
Säkerhetsuppdatering för Windows XP (KB972270)
Säkerhetsuppdatering för Windows XP (KB973354)
Säkerhetsuppdatering för Windows XP (KB973507)
Säkerhetsuppdatering för Windows XP (KB973525)
Säkerhetsuppdatering för Windows XP (KB973869)
Säkerhetsuppdatering för Windows XP (KB973904)
Säkerhetsuppdatering för Windows XP (KB974112)
Säkerhetsuppdatering för Windows XP (KB974318)
Säkerhetsuppdatering för Windows XP (KB974392)
Säkerhetsuppdatering för Windows XP (KB974571)
Säkerhetsuppdatering för Windows XP (KB975025)
Säkerhetsuppdatering för Windows XP (KB975467)
Säkerhetsuppdatering för Windows XP (KB976325)
SolutionCenter
Sonic_PrimoSDK
Spotify
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Status
Svenska Spels Poker
Symantec AntiVirus
Texas Calculatem 4 with "AutoRead"
Tor 0.2.1.20
Toshiba Hotkey Utility
TOSHIBA Power Saver
Toshiba Utility
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Uppdatering för Windows Internet Explorer 8 (KB975364)
Uppdatering för Windows XP (KB898461)
Uppdatering för Windows XP (KB951978)
Uppdatering för Windows XP (KB955759)
Uppdatering för Windows XP (KB961503)
Uppdatering för Windows XP (KB967715)
Uppdatering för Windows XP (KB968389)
Uppdatering för Windows XP (KB971737)
Uppdatering för Windows XP (KB973687)
Uppdatering för Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
WebReg
Vidalia 0.2.5
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR
VLC media player 1.0.3
XML Paper Specification Shared Components Language Pack 1.0
YouTube Downloader 2.5.3

==== End Of File ===========================

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:42 PM

Posted 16 January 2010 - 10:23 AM

Hi BraKe,


Welcome to BleepingComputer HijackThis Logs and Malware Removal, welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.

I also notice there are some unwanted programs installed in your system. Those unwanted programs are sometimes malware related or potential hazard to your security. You're well advised to remove them.

Click Start > Settings > Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight


Full Tilt Poker
PokerStars
Java™ 6 Update 13
MarketResearch

and click on Change/Remove to remove it.


Step1

Please download GMER Rootkit Scanner from Here or Here.
  1. Extract the contents of the zipped file to desktop.
  2. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  3. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  4. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  5. Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  6. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3
  1. Please download OTL and save it to your desktop.
  2. Double click on the icon on your desktop.
  3. Click the "Scan All Users" checkbox.
  4. Click the "Quick Scan" button.
  5. The scan should take just a few minutes.
  6. Copy and paste both logs back here in your next reply.

In your next reply, please post back:


1.GMER log
2.MBAM log
3.OTListIt.txt and Extra.txt Thanks.



#5 BraKe

BraKe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 19 January 2010 - 09:54 PM

Hi and thanks for the help so far.

Couldn't find MarketResearch in add or remove programs.

Here is the logs:

Malware:
Malwarebytes' Anti-Malware 1.44
Databasversion: 3600
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-01-20 02:56:27
mbam-log-2010-01-20 (02-56-27).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 105751
Förfluten tid: 9 minute(s), 11 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)

OTL:
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

894,00 Mb Total Physical Memory | 226,00 Mb Available Physical Memory | 25,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): E:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program
Drive C: | 164,51 Gb Total Space | 54,70 Gb Free Space | 33,25% Space Free | Partition Type: NTFS
Drive D: | 611,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 68,36 Gb Total Space | 56,16 Gb Free Space | 82,15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDITION-15A9876
Current User Name: Administratör
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-01-20 02:51:17 | 00,547,328 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Administratör\Mina dokument\Hämtade filer\OTL.exe
PRC - [2010-01-06 19:37:36 | 00,908,248 | ---- | M] (Mozilla Corporation) -- E:\Program\Mozilla Firefox\firefox.exe
PRC - [2009-12-12 14:16:23 | 00,939,920 | ---- | M] (Technology Nexus AB) -- E:\Program\Personal\bin\Personal.exe
PRC - [2009-12-10 18:40:25 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program\Java\jre6\bin\jqs.exe
PRC - [2009-12-10 18:40:25 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program\Java\jre6\bin\jusched.exe
PRC - [2009-11-14 11:57:00 | 03,426,064 | ---- | M] (IObit) -- E:\Program\IObit\IObit Security 360\is360.exe
PRC - [2009-11-14 11:51:24 | 01,278,736 | ---- | M] (IObit) -- E:\Program\IObit\IObit Security 360\is360tray.exe
PRC - [2009-11-14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- E:\Program\IObit\IObit Security 360\is360srv.exe
PRC - [2009-10-26 01:23:44 | 05,329,085 | ---- | M] () -- E:\Program\Vidalia Bundle\Tor\tor.exe
PRC - [2009-10-15 02:28:40 | 05,238,258 | ---- | M] () -- E:\Program\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2009-09-30 19:58:42 | 00,026,464 | ---- | M] (Microsoft Corporation) -- E:\Program\Windows Live\Contacts\wlcomm.exe
PRC - [2009-09-06 12:38:06 | 00,071,096 | ---- | M] () -- E:\Program\CDBurnerXP\NMSAccessU.exe
PRC - [2009-03-06 03:26:38 | 00,479,320 | ---- | M] (Atheros Communications, Inc.) -- E:\Program\Atheros\ACU.exe
PRC - [2009-03-06 03:26:06 | 00,495,700 | ---- | M] (Atheros) -- E:\WINDOWS\system32\acs.exe
PRC - [2008-04-14 20:35:08 | 01,034,240 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2008-02-07 02:21:06 | 00,872,894 | ---- | M] () -- E:\Program\Vidalia Bundle\Polipo\polipo.exe
PRC - [2007-10-07 20:48:40 | 00,125,368 | ---- | M] (Symantec Corporation) -- E:\Program\Symantec AntiVirus\VPTray.exe
PRC - [2007-10-07 20:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) -- E:\Program\Symantec AntiVirus\Rtvscan.exe
PRC - [2007-10-07 20:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) -- E:\Program\Symantec AntiVirus\DefWatch.exe
PRC - [2007-07-26 19:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) -- E:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007-05-29 16:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) -- E:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
PRC - [2007-05-29 16:33:26 | 00,192,104 | ---- | M] (Symantec Corporation) -- E:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
PRC - [2007-05-29 16:33:22 | 00,052,840 | ---- | M] (Symantec Corporation) -- E:\Program\Delade filer\Symantec Shared\ccApp.exe
PRC - [2006-05-25 19:28:12 | 01,773,568 | ---- | M] (TOSHIBA Inc.) -- E:\Program\Toshiba\Windows Utilities\Hotkey.exe
PRC - [2006-02-08 15:02:08 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- E:\WINDOWS\system32\TPSMain.exe
PRC - [2006-02-08 15:01:56 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- E:\WINDOWS\system32\TPSBattM.exe
PRC - [2005-12-12 02:33:44 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- E:\WINDOWS\system32\ati2evxx.exe
PRC - [2005-12-11 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- E:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe


========== Modules (SafeList) ==========

MOD - [2010-01-20 02:51:17 | 00,547,328 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Administratör\Mina dokument\Hämtade filer\OTL.exe
MOD - [2008-04-14 20:34:42 | 00,586,240 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\mlang.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-12-10 18:40:25 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- E:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-11-14 11:51:22 | 00,312,592 | ---- | M] (IObit) [Auto | Running] -- E:\Program\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009-09-06 12:38:06 | 00,071,096 | ---- | M] () [Auto | Running] -- E:\Program\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009-03-06 03:26:06 | 00,495,700 | ---- | M] (Atheros) [Auto | Running] -- E:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007-10-07 20:48:36 | 00,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- E:\Program\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007-10-07 20:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Program\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007-10-07 20:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Program\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007-08-28 19:04:25 | 02,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- E:\Program\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007-08-27 17:14:00 | 00,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- E:\Program\Delade filer\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007-07-26 19:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007-05-29 16:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Program\Delade filer\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007-05-29 16:33:26 | 00,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005-12-12 02:33:44 | 00,393,216 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- E:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- E:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-09-29 12:14:36 | 00,069,632 | ---- | M] (HP) [Auto | Stopped] -- E:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1292428093-583907252-1606980848-500\S-1-5-21-1292428093-583907252-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: E:\Program\Mozilla Firefox\components [2010-01-09 15:31:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: E:\Program\Mozilla Firefox\plugins [2010-01-15 10:36:23 | 00,000,000 | ---D | M]

[2009-12-10 17:59:28 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\Mozilla\Extensions
[2010-01-19 17:28:56 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\ee0cgmju.default\extensions
[2010-01-08 12:56:43 | 00,000,000 | ---D | M] (Adblock Plus) -- E:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\ee0cgmju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-12-15 16:03:17 | 00,000,000 | ---D | M] (Torbutton) -- E:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\ee0cgmju.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010-01-20 02:38:58 | 00,000,000 | ---D | M] -- E:\Program\Mozilla Firefox\extensions
[2009-12-10 18:09:43 | 00,075,208 | ---- | M] (Foxit Software Company) -- E:\Program\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009-12-16 21:31:38 | 00,001,470 | ---- | M] () -- E:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
[2009-12-16 21:31:38 | 00,002,670 | ---- | M] () -- E:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
[2009-12-16 21:31:38 | 00,000,948 | ---- | M] () -- E:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
[2009-12-16 21:31:38 | 00,001,174 | ---- | M] () -- E:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
[2009-12-16 21:31:38 | 00,000,647 | ---- | M] () -- E:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2009-12-10 20:08:56 | 00,000,777 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ACU] E:\Program\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [ATIPTA] E:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] E:\Program\Delade filer\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IObit Security 360] E:\Program\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] E:\Program\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [vptray] E:\Program\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1292428093-583907252-1606980848-500..\Run: [Vidalia] E:\Program\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-583907252-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - E:\Program\Betway\Casino\casinogame.exe (Microgaming Systems)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - E:\Program\Betway\Poker\mppoker.exe (Microgaming)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.67.199.27 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - E:\WINDOWS\system32\NavLogon.dll - E:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: E:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-12-10 17:34:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005-06-03 06:47:38 | 00,167,649 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010-01-20 02:42:08 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administratör\Application Data\Malwarebytes
[2010-01-20 02:42:00 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-20 02:41:57 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-01-20 02:41:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010-01-20 02:41:56 | 00,000,000 | ---D | C] -- E:\Program\Malwarebytes' Anti-Malware
[2010-01-18 14:22:36 | 00,000,000 | ---D | C] -- E:\Program\Delade filer\Adobe
[2010-01-18 13:57:50 | 00,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Application Data\Foxit Software
[2010-01-16 19:10:53 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\MGS
[2010-01-16 19:09:57 | 00,000,000 | ---D | C] -- E:\Program\Betway
[2010-01-16 15:41:45 | 00,000,000 | ---D | C] -- E:\Program\Redbet Poker
[2010-01-15 20:12:58 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administratör\Application Data\Microgaming
[2010-01-15 20:10:32 | 00,000,000 | ---D | C] -- E:\MicroGaming
[2010-01-14 03:15:59 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administratör\Lokala inställningar\Application Data\FullTiltPoker
[2010-01-14 03:14:45 | 00,000,000 | ---D | C] -- E:\Program\Full Tilt Poker
[2010-01-13 23:31:02 | 00,000,000 | ---D | C] -- E:\Poker
[2010-01-12 23:24:05 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administratör\Skrivbord\POKER OSV
[2010-01-12 23:02:57 | 00,000,000 | ---D | C] -- E:\Program\Everest Casino
[2010-01-12 22:31:20 | 00,000,000 | ---D | C] -- E:\Program\Everest Poker
[2010-01-11 14:53:46 | 00,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft
[2010-01-11 12:41:28 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Symantec
[2010-01-11 12:40:27 | 00,110,952 | ---- | C] (Symantec Corporation) -- E:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010-01-11 12:40:27 | 00,048,768 | ---- | C] (Symantec Corporation) -- E:\WINDOWS\System32\S32EVNT1.DLL
[2010-01-11 12:39:48 | 00,000,000 | ---D | C] -- E:\Program\Symantec
[2010-01-11 12:39:30 | 00,000,000 | ---D | C] -- E:\Program\Delade filer\Symantec Shared
[2010-01-11 12:39:30 | 00,000,000 | ---D | C] -- E:\Program\Symantec AntiVirus
[2010-01-11 12:39:30 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Symantec
[2010-01-10 18:51:02 | 00,000,000 | ---D | C] -- E:\Program\PokerStars
[2010-01-07 21:57:14 | 00,000,000 | ---D | C] -- E:\Program\Trend Micro
[2010-01-07 16:28:03 | 00,000,000 | ---D | C] -- E:\WINDOWS\Logs
[2010-01-07 16:27:26 | 00,000,000 | ---D | C] -- E:\Program\Betfair
[2010-01-07 16:27:07 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Downloaded Installations
[2009-12-10 20:09:53 | 00,000,000 | --SD | M] -- E:\Documents and Settings\LocalService\Application Data\Microsoft
[2009-12-10 17:37:59 | 00,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft
[2009-12-10 17:34:01 | 00,000,000 | --SD | M] -- E:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005-05-11 23:36:48 | 00,012,288 | ---- | C] (Hewlett-Packard Co.) -- E:\WINDOWS\Fonts\RandFont.dll
[6 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010-01-20 02:42:03 | 00,000,671 | ---- | M] () -- E:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2010-01-20 02:34:53 | 00,000,868 | ---- | M] () -- E:\WINDOWS\win.ini
[2010-01-20 02:34:53 | 00,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2010-01-20 00:43:38 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010-01-20 00:43:33 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010-01-20 00:42:34 | 03,145,728 | -H-- | M] () -- E:\Documents and Settings\Administratör\NTUSER.DAT
[2010-01-19 18:17:38 | 00,061,952 | ---- | M] () -- E:\Documents and Settings\Administratör\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-18 23:01:51 | 00,000,192 | -HS- | M] () -- E:\Documents and Settings\Administratör\ntuser.ini
[2010-01-18 14:22:41 | 00,388,931 | ---- | M] () -- E:\Documents and Settings\Administratör\Mina dokument\SLUTBETYG.PDF
[2010-01-18 13:56:57 | 00,003,501 | ---- | M] () -- E:\Documents and Settings\Administratör\Mina dokument\Brage Hansen CV(1).rtf
[2010-01-17 20:21:15 | 00,000,017 | ---- | M] () -- E:\WINDOWS\pp.enc
[2010-01-17 17:29:53 | 00,002,227 | ---- | M] () -- E:\Documents and Settings\All Users\Skrivbord\Skype.lnk
[2010-01-13 11:49:09 | 00,002,228 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010-01-12 11:49:43 | 00,021,792 | ---- | M] () -- E:\Documents and Settings\Administratör\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT
[2010-01-11 14:54:04 | 00,000,000 | ---- | M] () -- E:\WINDOWS\vpc32.INI
[2010-01-11 12:40:34 | 00,110,952 | ---- | M] (Symantec Corporation) -- E:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010-01-11 12:40:34 | 00,048,768 | ---- | M] (Symantec Corporation) -- E:\WINDOWS\System32\S32EVNT1.DLL
[2010-01-11 12:40:34 | 00,008,014 | ---- | M] () -- E:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010-01-11 12:40:34 | 00,000,805 | ---- | M] () -- E:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010-01-08 23:15:08 | 00,014,126 | ---- | M] () -- E:\Documents and Settings\Administratör\Mina dokument\vi.JPG
[2010-01-07 21:57:15 | 00,001,685 | ---- | M] () -- E:\Documents and Settings\Administratör\Mina dokument\HijackThis.lnk
[2010-01-07 16:30:21 | 00,000,040 | ---- | M] () -- E:\WINDOWS\ujf635.bin
[2010-01-07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[6 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-01-20 02:42:02 | 00,000,671 | ---- | C] () -- E:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2010-01-20 00:27:45 | 00,293,376 | ---- | C] () -- E:\Documents and Settings\Administratör\Skrivbord\gmer.exe
[2010-01-18 14:23:51 | 00,388,931 | ---- | C] () -- E:\Documents and Settings\Administratör\Mina dokument\SLUTBETYG.PDF
[2010-01-18 13:56:57 | 00,003,501 | ---- | C] () -- E:\Documents and Settings\Administratör\Mina dokument\Brage Hansen CV(1).rtf
[2010-01-17 20:21:15 | 00,000,017 | ---- | C] () -- E:\WINDOWS\pp.enc
[2010-01-11 14:54:04 | 00,000,000 | ---- | C] () -- E:\WINDOWS\vpc32.INI
[2010-01-11 12:40:27 | 00,008,014 | ---- | C] () -- E:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010-01-11 12:40:27 | 00,000,805 | ---- | C] () -- E:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010-01-08 23:15:08 | 00,014,126 | ---- | C] () -- E:\Documents and Settings\Administratör\Mina dokument\vi.JPG
[2010-01-07 21:57:15 | 00,001,685 | ---- | C] () -- E:\Documents and Settings\Administratör\Mina dokument\HijackThis.lnk
[2010-01-07 16:30:21 | 00,000,040 | ---- | C] () -- E:\WINDOWS\ujf635.bin
[2009-12-31 20:59:05 | 00,237,568 | ---- | C] () -- E:\WINDOWS\System32\lame_enc.dll
[2009-12-30 12:49:33 | 00,000,142 | ---- | C] () -- E:\Documents and Settings\Administratör\Lokala inställningar\Application Data\fusioncache.dat
[2009-12-30 12:29:50 | 00,077,824 | R--- | C] () -- E:\WINDOWS\System32\hpzids01.dll
[2009-12-30 12:29:11 | 00,000,167 | ---- | C] () -- E:\WINDOWS\System32\AddPort.ini
[2009-12-30 12:28:26 | 00,000,735 | ---- | C] () -- E:\WINDOWS\hpntwksetup.ini
[2009-12-30 12:13:00 | 00,001,074 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009-12-16 21:31:59 | 00,178,176 | ---- | C] () -- E:\WINDOWS\System32\unrar.dll
[2009-12-13 22:35:05 | 00,007,168 | ---- | C] () -- E:\WINDOWS\System32\drivers\StarOpen.sys
[2009-12-11 18:59:55 | 00,061,952 | ---- | C] () -- E:\Documents and Settings\Administratör\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-10 17:50:05 | 00,012,310 | ---- | C] () -- E:\WINDOWS\HWSetupStr.ini
[2009-12-10 17:50:05 | 00,002,008 | ---- | C] () -- E:\WINDOWS\SVPW32Str.ini
[2009-12-10 17:47:49 | 00,262,216 | ---- | C] () -- E:\WINDOWS\System32\IPTests.dll
[2006-01-26 14:03:32 | 00,122,880 | ---- | C] () -- E:\WINDOWS\System32\TPeculiarity.dll
[2005-12-08 15:56:50 | 00,151,552 | ---- | C] () -- E:\WINDOWS\System32\tsbwls.dll
[2001-07-06 15:30:02 | 00,003,429 | ---- | C] () -- E:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010-01-19 18:07:54 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\BitTorrent
[2009-12-13 22:35:22 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\Canneverbe_Limited
[2009-12-10 18:09:51 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\Foxit
[2010-01-18 13:58:20 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\Foxit Software
[2010-01-17 20:20:26 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\Microgaming
[2010-01-02 16:36:21 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\OpenOffice.org
[2009-12-12 14:16:29 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\Personal
[2010-01-19 22:17:47 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\Spotify
[2009-12-10 17:48:17 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Administratör\Application Data\WinBatch
[2010-01-16 15:42:02 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Boss Media
[2009-12-13 22:35:19 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009-12-10 18:18:18 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\IObit
[2010-01-16 19:11:01 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MGS
[2010-01-18 13:57:50 | 00,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Application Data\Foxit Software

========== Purity Check ==========


< End of report >

OTL EXTRA:
OTL Extras logfile created on: 2010-01-20 02:57:30 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = E:\Documents and Settings\Administratör\Mina dokument\Hämtade filer
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

894,00 Mb Total Physical Memory | 226,00 Mb Available Physical Memory | 25,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): E:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program
Drive C: | 164,51 Gb Total Space | 54,70 Gb Free Space | 33,25% Space Free | Partition Type: NTFS
Drive D: | 611,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 68,36 Gb Total Space | 56,16 Gb Free Space | 82,15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDITION-15A9876
Current User Name: Administratör
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- E:\Program\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1292428093-583907252-1606980848-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "E:\Program\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "E:\Program\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "E:\Program\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "E:\Program\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "E:\Program\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "E:\Program\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program\BitTorrent\bittorrent.exe" = E:\Program\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"E:\Program\Spotify\spotify.exe" = E:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"E:\Program\Java\jre6\bin\java.exe" = E:\Program\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Program\Skype\Plugin Manager\skypePM.exe" = E:\Program\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"E:\Program\MzMgr by isvicare\MzMgr.exe" = E:\Program\MzMgr by isvicare\MzMgr.exe:*:Enabled:MzMgr -- File not found
"E:\Program\MzMgr by isvicare\MZALight.exe" = E:\Program\MzMgr by isvicare\MZALight.exe:*:Enabled:MZALight -- File not found
"E:\Program\MzMgr by isvicare\MZAToolbar.exe" = E:\Program\MzMgr by isvicare\MZAToolbar.exe:*:Enabled:MZAToolbar -- File not found
"E:\Program\MZ Manager 2\mzmanager.exe" = E:\Program\MZ Manager 2\mzmanager.exe:*:Enabled:mzmanager -- (Flemming Christensen)
"D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Co.)
"C:\Program\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program\HP\Digital Imaging\bin\hposid01.exe" = C:\Program\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"E:\Program\Skype\Phone\Skype.exe" = E:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Kontrollpanel
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{17C253E6-1A31-45CC-8A1D-CBBCC8D1E8AE}" = OpenOffice.org 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1FB1424F-2E8C-4A93-8BB1-D6A20805F633}" = Toshiba Hotkey Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{4ED47439-5232-4BBC-93F2-7BC895B56246}" = 3300
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D25F86-239B-459E-91BE-340F88CECCBD}" = MZ Manager 2
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{77701BFD-3A86-34B0-A9EC-0D7440C6D8AF}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - SVE
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7D7152AF-581B-316F-8CA4-15342C3EFA4B}" = Microsoft .NET Framework 3.5 Language Pack SP1 - sve
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}" = Microsoft .NET Framework 1.1 Swedish Language Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AA8CF3BD-6717-3B70-83BF-377426410A66}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - SVE
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet NIC Driver
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Hjälp för avinstallation av program
"ATI Display Driver" = ATI Display Driver
"bet365poker" = Poker at bet365
"Betway.com Casino" = Betway.com Casino
"Betway.com Poker" = Betway.com Poker
"BitTorrent" = BitTorrent
"Everest Casino" = Everest Casino (Remove Only)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Everest Poker" = Everest Poker (Remove Only)
"EZ MPEG TO AVI Converter_is1" = EZ MPEG TO AVI Converter 3.00
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"IObit Security 360_is1" = IObit Security 360
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Basic)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - sve" = Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nordicbet (Poker)" = NordicBet
"Personal" = Personal 4.10.4
"PokerStars" = PokerStars
"Polipo" = Polipo 1.0.4
"Power Saver" = TOSHIBA Power Saver
"Redbet Poker" = Redbet Poker
"Spotify" = Spotify
"Svenska Spels Poker" = Svenska Spels Poker
"Tor" = Tor 0.2.1.20
"unibetpoker (Poker)" = Unibet
"Vidalia" = Vidalia 0.2.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"VLC media player" = VLC media player 1.0.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1292428093-583907252-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-12-29 06:09:05 | Computer Name = EDITION-15A9876 | Source = crypt32 | ID = 131080
Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret
från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.
Fel: Åtgärden misslyckades eftersom tidsgränsen överskreds.

Error - 2009-12-29 09:45:42 | Computer Name = EDITION-15A9876 | Source = crypt32 | ID = 131080
Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret
från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.
Fel: Åtgärden misslyckades eftersom tidsgränsen överskreds.

Error - 2009-12-29 18:50:03 | Computer Name = EDITION-15A9876 | Source = crypt32 | ID = 131080
Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret
från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.
Fel: Åtgärden misslyckades eftersom tidsgränsen överskreds.

Error - 2009-12-30 04:54:58 | Computer Name = EDITION-15A9876 | Source = crypt32 | ID = 131080
Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret
från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.
Fel: Åtgärden misslyckades eftersom tidsgränsen överskreds.

Error - 2009-12-31 19:30:08 | Computer Name = EDITION-15A9876 | Source = Application Hang | ID = 1002
Description = Stoppat program hpqimzone.exe, version 53.0.13.0, stoppad modul hungapp,
version 0.0.0.0, stoppad adress 0x00000000.

Error - 2010-01-11 09:14:18 | Computer Name = EDITION-15A9876 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Pwdump in File: E:\Documents and Settings\Administratör\Mina
dokument\Hämtade filer\RockXP4.exe by: Manual scan. Action: Quarantine failed.
Action Description: The file was left unchanged.

Error - 2010-01-11 09:14:50 | Computer Name = EDITION-15A9876 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Pwdump in File: E:\Documents and Settings\Administratör\Mina
dokument\Hämtade filer\RockXP4.exe by: Manual scan. Action: Quarantine succeeded.
Action Description: The file was quarantined successfully.

Error - 2010-01-11 09:45:54 | Computer Name = EDITION-15A9876 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Pwdump in File: e:\documents and settings\administratör\mina
dokument\hämtade filer\RockXP4.exe by: Manual scan. Action: Quarantine succeeded.
Action Description: The file was quarantined successfully. Risk: in File: Internet
browser temporary file cache by: Manual scan. Action: Quarantine failed : Leave
Alone failed. Action Description: The file was deleted successfully.

Error - 2010-01-15 11:00:36 | Computer Name = EDITION-15A9876 | Source = Application Error | ID = 1000
Description = Felaktigt program skype.exe, version 4.1.0.179, felaktig modul skype.exe,
version 4.1.0.179, felaktig adress 0x003a6fa0.

Error - 2010-01-15 16:52:27 | Computer Name = EDITION-15A9876 | Source = Application Error | ID = 1000
Description = Felaktigt program everest poker.exe, version 0.0.0.0, felaktig modul
gvcrt.dll, version 1.0.0.0, felaktig adress 0x0000396b.


< End of report >

GMER:



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-20 03:49:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: E:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\uwniyfog.sys


---- System - GMER 1.0.15 ----

SSDT 8495FD00 ZwAlertResumeThread
SSDT 8495FC28 ZwAlertThread
SSDT 84555868 ZwAllocateVirtualMemory
SSDT 84BE07C8 ZwConnectPort
SSDT 84960378 ZwCreateMutant
SSDT 84557410 ZwCreateThread
SSDT \??\E:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEE497350]
SSDT 84959C08 ZwFreeVirtualMemory
SSDT 84960228 ZwImpersonateAnonymousToken
SSDT 8495FF60 ZwImpersonateThread
SSDT 849AF868 ZwMapViewOfSection
SSDT 849604E8 ZwOpenEvent
SSDT 84959A90 ZwOpenProcessToken
SSDT 84959FD0 ZwOpenThreadToken
SSDT 849772E0 ZwQueryValueKey
SSDT 84962938 ZwResumeThread
SSDT 8495A278 ZwSetContextThread
SSDT 84959EF8 ZwSetInformationProcess
SSDT 8495F1F8 ZwSetInformationThread
SSDT \??\E:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEE497580]
SSDT 84960670 ZwSuspendProcess
SSDT 8495FAB0 ZwSuspendThread
SSDT 84959758 ZwTerminateProcess
SSDT 8495F920 ZwTerminateThread
SSDT 84959D80 ZwUnmapViewOfSection
SSDT 84555638 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----



When i used the GMER program the computerscreen turned blue and showed som error message (and the computer restarted) twice before i could run the whole scan.

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:42 PM

Posted 19 January 2010 - 10:51 PM

Hi BraKe,



Step1
  1. Please start OTL on your desktop.
  2. Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.
    CODE
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O9 - Extra Button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - E:\Program\Betway\Casino\casinogame.exe (Microgaming Systems)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - E:\Program\Betway\Poker\mppoker.exe (Microgaming)


    :Files
    E:\WINDOWS\ujf635.bin
    E:\WINDOWS\vpc32.INI
    E:\Documents and Settings\Administratör\Lokala inställningar\Application Data\FullTiltPoker
    E:\Program\Full Tilt Poker
    E:\Program\Betway

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B622B7A-60FB-4630-B11D-F121D20BCCD6}]

    :Commands
    [resethosts]
    [emptytemp]
    [start explorer]
    [Reboot]
  3. Click Run Fix button on the top.
  4. Click OK and let it run unhindered.
  5. OTL will ask to reboot the machine. Please OK the prompt.
  6. A report will open. Copy and Paste that report in your next reply.


Step2

Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  1. Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  2. Click Accept button on the "Requirements and limitations".
  3. When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  4. It will be Downloading and installing the program and Updating the database.
  5. When Updating the database have finished, click on Settings.
  6. Make sure all boxes are checked. then click on the Save button.
  7. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  8. Once the scan is completed, Click on View Scan Report.
  9. You may see a list of infected items over there. Click on Save Report As.
  10. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  11. Please post the contents in your next reply.
  12. You can refer to this animation

Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

In your next reply, please post back:

1.OTL delete log
2.Kas Online Scanner report

Let me know if you still have any remaining issues on your pc.

#7 BraKe

BraKe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 20 January 2010 - 10:21 AM

I lost the OTL log, didn't remember to save it sad.gif

Kaspersky has been running all day and now it crashed.. Don't know if I have the patience to try it once more. Isn't my symantec antivirus enough?
I haven't heard anymore that I spam people on MSN Messenger but I still thinks the computer is acting slow.

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:42 PM

Posted 20 January 2010 - 11:54 AM

Hi BraKe,



QUOTE
I lost the OTL log, didn't remember to save it

Please navigate to the root of C:\_OTL\Moved Files. Open the Moved Files folder and the log should be there.

QUOTE
I still thinks the computer is acting slow.

It was likely your browsers were modified by the malware. Let's do some maintenance and hope to get those back to working order.

Step1

Click Start>Run>Type CMD>A command prompt DOS window will open. Type/Paste ipconfig /flushdns and then press Enter to purge the DNS resolver cache.

Please proceed to do some disk cleanup, disk defragmenter, and check disk as instructed in this thread .

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Open IE, select Tools > Internet Options. Select the Connections tab.
  1. If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  2. In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  3. Click OK.
  4. Click Advanced tab and click on Reset button
  5. In the Reset Internet Explorer Settings dialog box, click Reset to confirm.

After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.

If your Firefox can't work properly, you're well advised to uninstall FF completely and do a clean reinstall. You may backup Bookmark before proceeding. Please go to Here and Here .

Step2

Try the following instead if still not working for Kas Online Scanner:

Please run the ESET Online Scanner
Note: You will need to use Internet explorer for this scan
  1. Turn off the real time scanner of any existing antivirus program while performing the online scan
  2. Tick the box next to YES, I accept the Terms of Use.
  3. Click Start
  4. When asked, allow the activeX control to install
  5. Click Start
  6. Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  7. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  8. Click Scan
  9. Wait for the scan to finish
  10. Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt .
  11. Copy and paste that log as a reply to this topic and also let me know how things are now.


In your next reply, please post back:


1.OTL Move log
2.Eset Online Scanner report

Tell me if you have any remaining issues on your pc.

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:42 PM

Posted 25 January 2010 - 03:00 AM

Due to Lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users