Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • This topic is locked This topic is locked
17 replies to this topic

#1 osse666

osse666

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 06 October 2010 - 02:19 PM

Hi!

Today my explorer.exe started to crash all the time. It tells me to restart it and I do, but I keep getting the same crash. So I have to do everything with the process explorer. I usually manage to deal with most problems but I'm not quite sure what to do in this case.

Maleware bytes does not find anything and neither do spybot s&d.
Nod32 finds a file inside windowssyswow64wininit.exe which I had to remove manually.

Then a friend of mine told me about this site... thumbup2.gif
I would be very happy if you could try to help me out!
Thank you thumbup.gif

Here is the DDS report and I also attacthed the attatch.txt.

The GMER gives me a warning "C:windowssystem32configsystem: cannot find the file.

---------------------------------------------------------------------------------------------------------

DDS (Ver_10-10-05.01) - NTFS_AMD64
Run by Oscar at 21:02:34,20 on 2010-10-06
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4063.2479 [GMT 2:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k RPCSS
C:Windowssystem32atiesrxx.exe
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k LocalService
C:Program FilesRealtekAudioHDARtkAudioService64.exe
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32atieclxx.exe
C:Windowssystem32WLANExt.exe
C:Windowssystem32conhost.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32taskeng.exe
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Windowssystem32taskhost.exe
C:Program Files (x86)BonjourmDNSResponder.exe
C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
C:Program FilesESETESET Smart Securityx86ekrn.exe
C:Windowssystem32Dwm.exe
C:Program FilesIntelWiFibinEvtEng.exe
C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe
C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe
C:Program Files (x86)SonyVAIO Event ServiceVESMgr.exe
C:Program FilesSonyVAIO Power ManagementSPMService.exe
C:Windowssystem32taskeng.exe
C:Program FilesSonyVAIO Update 5VAIOUpdt.exe
C:WindowsSysWOW64DllHost.exe
C:Program Files (x86)SonyVAIO Event ServiceVESMgrSub.exe
C:Program FilesApointApoint.exe
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe
C:Program FilesApointApMsgFwd.exe
C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe
C:Program FilesSonyVAIO Smart NetworkVSNService.exe
C:Program FilesApointApntex.exe
C:Windowssystem32conhost.exe
C:Program FilesApointApvfb.exe
C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
C:WindowsSystem32svchost.exe -k secsvcs
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:Program Files (x86)SonyISB UtilityISBMgr.exe
C:Program Files (x86)Common FilesSony SharedSOHLibSOHDms.exe
C:Program Files (x86)AdobeReader 9.0Readerreader_sl.exe
C:Program Files (x86)Javajre6binjusched.exe
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe
C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe
C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe
C:Program FilesSonyVAIO Smart NetworkVSNClient.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesSonyVAIO Power ManagementSPMgr.exe
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe
C:Windowssystem32SearchIndexer.exe
C:WindowsservicingTrustedInstaller.exe
C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32taskmgr.exe
C:Program Files (x86)Mozilla Firefoxfirefox.exe
C:WindowsSysWOW64OBroker.exe
C:Program Files (x86)Mozilla Firefoxplugin-container.exe
C:Windowssystem32sppsvc.exe
B:Downloadsdds.scr
C:Windowssystem32conhost.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:PROGRA~2SPYBOT~1SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:Program Files (x86)Javajre6binssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:ProgramDataPartnerPartner.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:Program Files (x86)ekortEKortHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.4.4525.1752swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:Program Files (x86)ekortEKortToolbar.dll
uRun: [SpybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe
uRun: [RocketDock] "C:Program Files (x86)RocketDockRocketDock.exe"
uRun: [msnmsgr] "C:Program Files (x86)Windows LiveMessengermsnmsgr.exe" /background
mRun: [ISBMgr.exe] "C:Program Files (x86)SonyISB UtilityISBMgr.exe"
mRun: [StartCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:Program Files (x86)Javajre6binjusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableStatusMessages = 1 (0x1)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~1Office12EXCEL.EXE/3000
IE: Google Sidewiki... - C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Skicka bild till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: Skicka sida till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:Program Files (x86)Javajre6binssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:PROGRA~2MICROS~1Office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:PROGRA~2MICROS~1Office12REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: 2656C6B696E60227F657475627 = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll
{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe
mRun-x64: [Skytel] C:Program FilesRealtekAudioHDASkytel.exe
mRun-x64: [Apoint] %ProgramFiles%ApointApoint.exe
mRun-x64: [IAAnotif] C:Program Files (x86)IntelIntel Matrix Storage Manageriaanotif.exe
mRun-x64: [egui] "C:Program FilesESETESET Smart Securityegui.exe" /hide /waitservice
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:UsersOscarAppDataRoamingMozillaFirefoxProfilesoh49fzc4.default
FF - prefs.js: browser.startup.homepage - www.idg.se|hxxp://www.hundredpushups.com/week4.html
FF - component: C:Program Files (x86)ekortcomponentsSlimOrbAddonEkort.dll
FF - component: C:UsersOscarAppDataRoamingMozillaFirefoxProfilesoh49fzc4.defaultextensions{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}componentsnstidy.dll
FF - plugin: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll
FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpwachk.dll
FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:Program Files (x86)Mozilla Firefoxextensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:Program Files (x86)Mozilla Firefoxgreprefsall.js - pref("browser.visited_color", "#551A8B");
C:Program Files (x86)Mozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:Program Files (x86)Mozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:Program Files (x86)Mozilla Firefoxdefaultspreffirefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
C:Program Files (x86)Mozilla Firefoxdefaultspreffirefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:WindowsSystem32driversPxHlpa64.sys [2009-9-9 55856]
R1 vwififlt;Virtual WiFi Filter Driver;C:WindowsSystem32driversvwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:WindowsSystem32atiesrxx.exe [2009-8-19 203264]
R2 ekrn;ESET Service;C:Program FilesESETESET Smart Securityx86ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;C:WindowsSystem32driversepfwwfpr.sys [2009-12-18 123200]
R2 RtkAudioService;Realtek Audio Service;C:Program FilesRealtekAudioHDARtkAudioService64.exe [2009-8-19 189984]
R2 SOHCImp;VAIO Media plus Content Importer;C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe [2009-9-9 120104]
R2 SOHDBSvr;VAIO Media plus Database Manager;C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe [2009-9-9 70952]
R2 SOHDms;VAIO Media plus Digital Media Server;C:Program Files (x86)Common FilesSony SharedSOHLibSOHDms.exe [2009-9-9 427304]
R2 SOHDs;VAIO Media plus Device Searcher;C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe [2009-9-9 75048]
R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe [2009-9-9 91432]
R2 uCamMonitor;CamMonitor;C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe [2009-9-9 104960]
R2 VAIO Power Management;VAIO Power Management;C:Program FilesSonyVAIO Power ManagementSPMService.exe [2009-9-9 411496]
R2 VCFw;VAIO Content Folder Watcher;C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe [2009-7-23 642920]
R2 VSNService;VSNService;C:Program FilesSonyVAIO Smart NetworkVSNService.exe [2010-9-15 845312]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:WindowsSystem32driversArcSoftKsUFilter.sys [2009-9-9 19968]
R3 NETw5s64;Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link;C:WindowsSystem32driversNETw5s64.sys [2009-9-15 6952960]
R3 SFEP;Sony Firmware Extension Parser;C:WindowsSystem32driversSFEP.sys [2009-8-19 11392]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe [2010-4-29 480624]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:WindowsSystem32driversyk62x64.sys [2009-8-19 393216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]
S2 MySecurityCenter License Service;MySecurityCenter License Service;"C:Program Files (x86)MySecurityCenterProgramsservice.exe" --> C:Program Files (x86)MySecurityCenterProgramsservice.exe [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:Program Files (x86)RoxioDigital Home 10RoxioUpnpService10.exe [2009-6-26 362992]
S2 SBSDWSCService;SBSD Security Center Service;B:Program Files (x86)Spybot - Search & DestroySDWinSec.exe --> B:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [?]
S3 AF9035BDA;AF9035 BDA Devices;C:WindowsSystem32driversAF9035BDA.sys [2009-5-22 488832]
S3 btwl2cap;Bluetooth L2CAP Service;C:WindowsSystem32driversbtwl2cap.sys [2009-8-19 35104]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:WindowsSystem32driversIntcHdmi.sys [2009-8-19 139264]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:WindowsSystem32driversNETw5v64.sys [2009-6-8 5435904]
S3 Partner Service;Partner Service;C:ProgramDataPartnerPartner.exe [2009-9-9 332272]
S3 Revoflt;Revoflt;C:WindowsSystem32driversrevoflt.sys [2010-1-15 31800]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:Program Files (x86)RoxioDigital Home 10RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SrvHsfHDA;SrvHsfHDA;C:WindowsSystem32driversVSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:WindowsSystem32driversVSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:WindowsSystem32driversVSTCNXT6.SYS [2009-7-14 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:WindowsSystem32driversusbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:WindowsSystem32WatWatAdminSvc.exe [2010-6-5 1255736]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe [2010-3-9 361840]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper64.exe [2009-9-9 110888]
S3 VUAgent;VUAgent;C:Program FilesSonyVAIO Update 5VUAgent.exe [2009-12-28 1223024]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:WindowsSystem32driversvwifimp.sys [2009-7-14 17920]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;C:Program FilesMicrosoft Visual Studio 9.0Common7IDERemote Debuggerx64msvsmon.exe [2007-11-7 4466688]

=============== Created Last 30 ================

2010-10-06 18:58:55 20 ----a-w- C:UsersOscardefogger_reenable
2010-10-06 18:53:08 189520 ----a-w- C:WindowsSysWow64driverstmcomm.sys
2010-10-06 16:29:59 -------- d-----w- C:PROGRA~3Blizzard Entertainment
2010-10-06 16:29:58 -------- d-----w- C:Program Files (x86)StarCraft II
2010-09-30 19:10:01 -------- d-----w- C:UsersOscarAppDataRoaming8EA2A1B8E6C8D185C9107E13CDB88368
2010-09-30 14:22:03 243712 ----a-w- C:WindowsSystem32driversks.sys
2010-09-30 14:22:03 184832 ----a-w- C:WindowsSystem32driversusbvideo.sys
2010-09-29 19:45:01 2048 ----a-w- C:WindowsSysWow64tzres.dll
2010-09-29 19:45:01 2048 ----a-w- C:WindowsSystem32tzres.dll
2010-09-26 17:00:20 -------- d-----w- C:UsersOscarAppDataLocal2K Games
2010-09-26 16:50:20 -------- d-----w- C:Program Files (x86)NVIDIA Corporation
2010-09-26 16:42:13 -------- d-----w- C:Program Files (x86)2K Games
2010-09-25 21:49:31 -------- d-----w- C:Program Files (x86)Monte Cristo
2010-09-25 21:07:49 -------- d-----w- C:UsersOscarAppDataLocalMonte Cristo
2010-09-23 20:57:28 -------- d-----w- C:Program Files (x86)Common FilesSynEdit
2010-09-23 19:13:40 -------- d-----w- C:Program Files (x86)Sun
2010-09-23 19:00:36 -------- d-----w- C:Program Files (x86)Gel
2010-09-15 16:02:00 558592 ----a-w- C:WindowsSystem32spoolsv.exe

==================== Find3M ====================

2010-08-10 03:15:58 94208 ----a-w- C:WindowsSysWow64QuickTimeVR.qtx
2010-08-10 03:15:58 69632 ----a-w- C:WindowsSysWow64QuickTime.qts
2010-07-29 06:30:34 82944 ----a-w- C:WindowsSysWow64iccvid.dll

============= FINISH: 21:04:00,62 ===============

Here is a HijackThis log!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:15:13, on 2010-10-11
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe
C:Program Files (x86)SonyISB UtilityISBMgr.exe
C:Program Files (x86)Javajre6binjusched.exe
C:Program Files (x86)Spotifyspotify.exe
C:Program Files (x86)Mozilla Firefoxfirefox.exe
C:WindowsSysWOW64OBroker.exe
C:Program Files (x86)Mozilla Firefoxplugin-container.exe
B:DownloadsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...A&bmod=EU01
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:ProgramDataPartnerPartner.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: e-kort Helper Class - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:Program Files (x86)ekortEKortHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.4.4525.1752swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O3 - Toolbar: e-kort Toolbar - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:Program Files (x86)ekortEKortToolbar.dll
O4 - HKLM..Run: [ISBMgr.exe] "C:Program Files (x86)SonyISB UtilityISBMgr.exe"
O4 - HKLM..Run: [StartCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Javajre6binjusched.exe"
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [RocketDock] "C:Program Files (x86)RocketDockRocketDock.exe"
O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'Lokal tjänst')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'Nätverkstjänst')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~1Office12EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program Files (x86)Javajre6binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program Files (x86)Javajre6binssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~1Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~1Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~1Office12REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:Program FilesESETESET Smart Securityx86ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:Program FilesIntelWiFibinEvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: iPod Service - Unknown owner - C:Program FilesiPodbiniPodService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: MySecurityCenter License Service - Unknown owner - C:Program Files (x86)MySecurityCenterProgramsservice.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:ProgramDataPartnerPartner.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:Program Files (x86)RoxioDigital Home 10RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:Program Files (x86)RoxioDigital Home 10RoxioUpnpService10.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:Program FilesRealtekAudioHDARtkAudioService64.exe
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - B:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:Program Files (x86)Common FilesSony SharedSOHLibSOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzHardwareResourceManagerVzHardwareResourceManagerVzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:Program Files (x86)SonyVAIO Event ServiceVESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:Program FilesSonyVAIO Power ManagementSPMService.exe
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:Program FilesSonyVAIO Smart NetworkVSNService.exe
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:Program FilesSonyVAIO Update 5VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 13152 bytes

Attached Files


Edited by hamluis, 11 October 2010 - 10:08 AM.
Merged posts ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:47 PM

Posted 13 October 2010 - 07:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 osse666

osse666
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 14 October 2010 - 12:12 PM

Hi again, thanks for your reply.

My problem with the unidentified virus or malware is that "explorer.exe" starts to crash when windows is loaded. That makes my desktop and windows bar at the bottom stops working. It gives me a message that tells me it has crashed and asks me to restart it, and when I do it, it crashes again.
So at the moment I have to exit the process using process explorer and from there start firefox or other programs. That is my problem and I hope this information can help you solve my problem.



I made a new dds log which you find below.
In the GMER interface I cannot choose the following options at all:

System
Sections
IAT/EAT
Devices
Modules
Processes
Threads
Libraries

Anyway, I followed the rest of the steps and managed to create a log.

Thank you for your time and good luck! I really appreciate this.


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Oscar at 18:36:12,59 on 2010-10-14
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4063.2114 [GMT 2:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\SysWOW64\OBroker.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
B:\Downloads\gmer\gmer.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Winamp\winamp.exe
B:\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableStatusMessages = 1 (0x1)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Skicka bild till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Skicka sida till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: 2656C6B696E60227F657475627 = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\oh49fzc4.default\
FF - prefs.js: browser.startup.homepage - www.idg.se|hxxp://www.hundredpushups.com/week4.html
FF - component: C:\Program Files (x86)\ekort\components\SlimOrbAddonEkort.dll
FF - component: C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\oh49fzc4.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-9 55856]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-19 203264]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2009-12-18 123200]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-19 189984]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-9 120104]
R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-9 70952]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-9 427304]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-9 75048]
R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-9 91432]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-9 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-9 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-23 642920]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-9-15 845312]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-9-9 19968]
R3 NETw5s64;Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-19 11392]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-4-29 480624]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-8-19 393216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MySecurityCenter License Service;MySecurityCenter License Service;"C:\Program Files (x86)\MySecurityCenter\Programs\service.exe" --> C:\Program Files (x86)\MySecurityCenter\Programs\service.exe [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S2 SBSDWSCService;SBSD Security Center Service;B:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe --> B:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [?]
S3 AF9035BDA;AF9035 BDA Devices;C:\Windows\System32\drivers\AF9035BDA.sys [2009-5-22 488832]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-19 35104]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-19 139264]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-8 5435904]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-9-9 332272]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2010-1-15 31800]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-5 1255736]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-3-9 361840]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-9 110888]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2009-12-28 1223024]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-7 4466688]

=============== Created Last 30 ================

2010-10-14 16:36:21 -------- d-----w- C:\Users\Oscar\AppData\Roaming\MiniLyrics
2010-10-14 16:34:35 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A3B21316-043D-46B9-89BE-EC7CA4A4E4A1}\mpengine.dll
2010-10-11 12:10:51 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-10-10 17:32:21 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair
2010-10-10 17:14:11 -------- d-----w- C:\PROGRA~3\F-Secure
2010-10-10 12:27:55 -------- d-----w- C:\Voddler
2010-10-06 18:53:08 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2010-10-06 16:29:59 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2010-10-06 16:29:58 -------- d-----w- C:\Program Files (x86)\StarCraft II
2010-09-30 19:10:01 -------- d-----w- C:\Users\Oscar\AppData\Roaming\8EA2A1B8E6C8D185C9107E13CDB88368
2010-09-30 14:22:03 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-30 14:22:03 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-09-29 19:45:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 19:45:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-29 19:44:56 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-29 19:44:56 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-26 17:00:20 -------- d-----w- C:\Users\Oscar\AppData\Local\2K Games
2010-09-26 16:50:20 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2010-09-26 16:45:12 171368 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10133.bin
2010-09-26 16:42:13 -------- d-----w- C:\Program Files (x86)\2K Games
2010-09-25 21:49:31 -------- d-----w- C:\Program Files (x86)\Monte Cristo
2010-09-25 21:07:49 -------- d-----w- C:\Users\Oscar\AppData\Local\Monte Cristo
2010-09-23 20:57:28 -------- d-----w- C:\Program Files (x86)\Common Files\SynEdit
2010-09-23 19:13:40 -------- d-----w- C:\Program Files (x86)\Sun
2010-09-23 19:00:36 -------- d-----w- C:\Program Files (x86)\Gel
2010-09-15 16:02:00 558592 ----a-w- C:\Windows\System32\spoolsv.exe

==================== Find3M ====================

2010-08-10 03:15:58 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-08-10 03:15:58 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 18:38:23,87 ===============

Attached Files



#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:47 AM

Posted 15 October 2010 - 11:50 PM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.


======================================


P2P Warning:
Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case µTorrent).

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."




Registry cleaners Warning:
We do not recommend the usage of registry cleaners / tools due to the following facts:
*Registry tools can cause irreparable damage to your Operating System
*Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.

Cleaning the registry won't really improve system performance, even though there a lot of orphaned keys.
IMHO, if registry cleaning was required, then Microsoft would have added this option. So you use registry at you own risk. After all, a corrupted registry is a corrupted Windows.

Registry Cleaners and System Tweaking Tools



======================================


1. We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy




2. Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:
    C:\Windows\system32\wininit.exe
    C:\Windows\explorer.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.



3. Download OTL to your Desktop.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy and Paste the following code into the Custom Scan/Fixes box. Do not include the word "Code"

    CODE

    netsvcs
    activex
    drivers32
    /md5start
    wininit.exe
    explorer.exe
    /md5stop
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 osse666

osse666
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 16 October 2010 - 01:38 PM

I cannot find a wininit.exe file in my system32 directory so therefore I haven't scanned it.
I also disabled my teatimer as you told me.

This is the results of the logs in order:
Explorer virus log from virusscan.org
OTL.txt
Extra.txt

VirSCAN.org Scanned Report :
Scanned time : 2010/10/16 20:01:15 (CEST)
Scanner results: 9% Scanner(s) (3/35) found malware!
File Name : explorer.exe
File Size : 2870272 byte
File Type : PE32+ executable for MS Windows (GUI)
MD5 : ced728d9dc31448b1ffc904b9d35e0fe
SHA1 : f7c1315302462d3763c2714a85954a4d52bbe6f1
Online report : http://virscan.org/report/37d83936989cc309...d005113fdb.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101016220946 2010-10-16 30.45 -
AhnLab V3 2010.10.17.00 2010.10.17 2010-10-17 1.75 -
AntiVir 8.2.4.82 7.10.12.230 2010-10-16 0.27 -
Antiy 2.0.18 20101017.5435463 2010-10-17 0.12 -
Authentium 5.1.1 201010161443 2010-10-16 1.29 -
AVAST! 4.7.4 101016-0 2010-10-16 0.12 Win32:Bamital-AC
AVG 8.5.850 271.1.1/3189 2010-10-11 0.26 -
BitDefender 7.90123.6341231 7.34294 2010-10-17 4.74 -
ClamAV 0.96.1 12143 2010-10-16 0.73 -
Comodo 4.0 6407 2010-10-16 1.21 -
CP Secure 1.3.0.5 2010.10.16 2010-10-16 0.50 -
Dr.Web 5.0.2.3300 2010.10.16 2010-10-16 9.42 -
F-Prot 4.4.4.56 20101016 2010-10-16 1.28 -
F-Secure 7.02.73807 2010.10.16.01 2010-10-16 11.32 -
Fortinet 4.2.249 12.461 2010-10-16 12.66 -
GData 21.980/21.410 20101016 2010-10-16 10.19 Win32:Bamital-AC [Engine:B]
ViRobot 20101016 2010.10.16 2010-10-16 0.36 -
Ikarus T3.1.32.15.0 2010.10.16.76952 2010-10-16 4.96 Virus.Win32.Bamital
JiangMin 13.0.900 2010.10.16 2010-10-16 1.64 -
Kaspersky 5.5.10 2010.09.28 2010-09-28 0.09 -
KingSoft 2009.2.5.15 2010.10.16.7 2010-10-16 0.69 -
McAfee 5400.1158 6138 2010-10-16 18.75 -
Microsoft 1.6201 2010.10.16 2010-10-16 5.64 -
Norman 6.06.07 6.06.00 2010-10-16 6.01 -
Panda 9.05.01 2010.10.16 2010-10-16 24.72 -
Trend Micro 9.120-1004 7.546.08 2010-10-16 0.03 -
Quick Heal 11.00 2010.10.15 2010-10-15 2.34 -
Rising 20.0 22.69.04.04 2010-10-15 2.38 -
Sophos 3.12.1 4.58 2010-10-17 4.12 -
Sunbelt 3.9.2455.2 7073 2010-10-16 13.96 -
Symantec 1.3.0.24 20101015.007 2010-10-15 1.00 -
nProtect 20101016.01 9149873 2010-10-16 12.55 -
The Hacker 6.7.0.1 v00058 2010-10-16 2.26 -
VBA32 3.12.14.1 20101015.1255 2010-10-15 3.35 -
VirusBuster 4.5.11.10 10.129.15/2031047 2010-10-15 3.37 -

-------------------------------------------------------------------------------------------------------

OTL logfile created on: 10/16/2010 8:34:33 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = B:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.37 Gb Total Space | 28.46 Gb Free Space | 20.28% Space Free | Partition Type: NTFS

Computer Name: OSCAR-VAIO | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/16 19:58:56 | 000,574,464 | ---- | M] (OldTimer Tools) -- B:\Downloads\OTL.exe
PRC - [2010/09/16 21:50:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/16 21:50:59 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/09/16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/07/28 01:58:40 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
PRC - [2009/07/28 01:58:38 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2009/07/28 01:58:38 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009/07/28 01:58:38 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
PRC - [2009/07/28 01:58:36 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2009/07/23 19:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/07/23 19:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/07/23 00:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/07/01 20:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/05/26 18:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/12/11 13:11:28 | 000,145,920 | ---- | M] () -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2008/09/18 19:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/10/16 19:58:56 | 000,574,464 | ---- | M] (OldTimer Tools) -- B:\Downloads\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2010/08/11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010/04/09 13:37:36 | 001,223,024 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2009/11/16 10:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/09/21 17:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 17:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/09/16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/09/01 22:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/08/22 23:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/27 22:27:07 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/24 06:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/18 03:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2007/11/07 10:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/31 00:13:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/09 20:04:18 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/07/28 01:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/28 01:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/28 01:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/28 01:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/28 01:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 19:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 19:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 19:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/23 00:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/26 20:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 20:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2008/09/18 19:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\NSNDIS5.SYS -- (NSNDIS5)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fnetthjm.sys -- (FNETTHJM)
DRV:64bit: - [2010/06/10 01:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/27 15:58:39 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/18 16:02:26 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/12/17 15:58:04 | 000,145,360 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/11/16 10:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/11/16 09:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/10/10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Kortdrivrutin för Windows 7 64-bitars Intel®
DRV:64bit: - [2009/08/05 03:22:40 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/08/05 03:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/03 22:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/31 22:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/31 22:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009/07/31 22:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009/07/31 22:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/30 22:41:17 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/30 22:41:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/30 22:41:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/30 22:40:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/27 22:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 07:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 22:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 22:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 23:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/22 12:39:54 | 000,488,832 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF9035BDA.sys -- (AF9035BDA)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/01/05 21:08:09 | 000,023,936 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\fnetthjm.sys -- (FNETTHJM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=EU01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.idg.se|http://www.hundredpushups.com/week4.html"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: ekort@orbiscom:3.16.8.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.7
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - HKLM\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program Files (x86)\ekort [2010/05/09 14:59:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/16 21:51:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/16 21:51:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/28 10:09:59 | 000,000,000 | ---D | M]

[2009/12/27 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\mozilla\Extensions
[2010/10/16 19:53:23 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\oh49fzc4.default\extensions
[2010/03/26 21:20:13 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\oh49fzc4.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010/09/17 20:23:04 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\oh49fzc4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/08/09 21:26:45 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\oh49fzc4.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/10/14 18:42:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\oh49fzc4.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/05/08 13:43:16 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\oh49fzc4.default\extensions\firebug@software.joehewitt.com
[2010/08/09 21:24:57 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\oh49fzc4.default\extensions\nasanightlaunch@example.com
[2010/09/12 12:36:31 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\mozilla\Firefox\Profiles\oh49fzc4.default\extensions\smarterwiki@wikiatic.com
[2010/10/09 17:36:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/09/14 09:24:25 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2010/09/14 09:24:26 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2010/09/14 09:24:26 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2010/09/14 09:24:27 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2010/09/14 09:24:27 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010/10/06 19:38:23 | 000,421,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14541 more lines...
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files (x86)\ekort\EKortHelper.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8:64bit: - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14e49d74-f4a7-11de-9f2a-60380e05b2e7}\Shell - "" = AutoRun
O33 - MountPoints2\{14e49d74-f4a7-11de-9f2a-60380e05b2e7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{43467ddf-f317-11de-96f6-0024be84f73b}\Shell - "" = AutoRun
O33 - MountPoints2\{43467ddf-f317-11de-96f6-0024be84f73b}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{AD244C17-6E32-4630-AA70-87B679717A90} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/14 18:36:58 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 18:36:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 18:36:50 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 18:36:43 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 18:36:28 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 18:36:24 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 18:36:24 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 18:36:21 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\MiniLyrics
[2010/10/14 18:36:20 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 18:36:20 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 18:35:56 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 18:35:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 18:35:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 18:35:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 18:35:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 18:35:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 18:35:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 18:35:51 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 18:35:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 18:35:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 18:35:50 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 18:35:50 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 18:35:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 18:35:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 18:35:45 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 18:35:41 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 18:35:39 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 18:35:39 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 18:35:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/11 14:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/10 19:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair
[2010/10/10 19:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/10/10 14:27:55 | 000,000,000 | ---D | C] -- C:\Voddler
[2010/10/06 21:05:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\skicka till bleep
[2010/10/06 20:53:08 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2010/10/06 18:29:59 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\StarCraft II
[2010/10/06 18:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/10/06 18:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010/10/05 20:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/09/30 21:11:02 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/30 21:10:01 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\8EA2A1B8E6C8D185C9107E13CDB88368
[2010/09/26 19:00:20 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\2K Games
[2010/09/26 18:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/09/26 18:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2010/09/25 23:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Monte Cristo
[2010/09/25 23:07:49 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Monte Cristo
[2010/09/23 22:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SynEdit
[2010/09/23 21:27:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/23 21:27:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/23 21:27:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/23 21:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sun
[2010/09/23 21:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/23 21:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gel
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/16 19:46:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/16 19:46:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/16 19:40:26 | 000,447,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/16 19:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/16 19:39:53 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 11:32:57 | 001,493,910 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/15 11:32:57 | 000,628,676 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2010/10/15 11:32:57 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/15 11:32:57 | 000,124,738 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2010/10/15 11:32:57 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/11 14:10:52 | 000,002,097 | ---- | M] () -- C:\Users\Oscar\Desktop\HijackThis.lnk
[2010/10/10 19:32:22 | 000,001,035 | ---- | M] () -- C:\Users\Oscar\Desktop\Free Window Registry Repair.lnk
[2010/10/10 15:06:32 | 000,007,597 | ---- | M] () -- C:\Users\Oscar\AppData\Local\resmon.resmoncfg
[2010/10/07 16:54:46 | 558,594,240 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/06 20:58:55 | 000,000,020 | ---- | M] () -- C:\Users\Oscar\defogger_reenable
[2010/10/06 19:38:23 | 000,421,741 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/06 18:52:50 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/09/30 16:24:46 | 000,420,707 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101006-193823.backup
[2010/09/26 18:18:48 | 000,419,599 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100930-162445.backup
[2010/09/25 22:00:25 | 000,010,889 | ---- | M] () -- C:\Users\Public\Documents\Betyg Gymnasiet.docx
[2010/09/24 21:19:39 | 000,000,046 | ---- | M] () -- C:\Users\Oscar\jagex_runescape_preferences.dat
[2010/09/24 21:17:48 | 000,000,099 | ---- | M] () -- C:\Users\Oscar\jagex_runescape_preferences2.dat
[2010/09/16 21:41:46 | 000,070,329 | ---- | M] () -- C:\Users\Public\Documents\oscar.jpg
[2010/09/16 21:37:44 | 000,014,587 | ---- | M] () -- C:\Users\Oscar\Documents\Media Markt.docx
[2010/09/16 21:20:06 | 000,014,715 | ---- | M] () -- C:\Users\Oscar\Documents\Cv.docx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/11 14:10:52 | 000,002,097 | ---- | C] () -- C:\Users\Oscar\Desktop\HijackThis.lnk
[2010/10/10 19:32:22 | 000,001,035 | ---- | C] () -- C:\Users\Oscar\Desktop\Free Window Registry Repair.lnk
[2010/10/07 16:54:46 | 558,594,240 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/06 20:58:55 | 000,000,020 | ---- | C] () -- C:\Users\Oscar\defogger_reenable
[2010/10/06 18:29:59 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/09/25 21:57:48 | 000,010,889 | ---- | C] () -- C:\Users\Public\Documents\Betyg Gymnasiet.docx
[2010/09/16 21:41:45 | 000,070,329 | ---- | C] () -- C:\Users\Public\Documents\oscar.jpg
[2010/08/25 20:53:41 | 000,000,036 | ---- | C] () -- C:\Users\Oscar\AppData\Local\housecall.guid.cache
[2010/07/16 21:03:23 | 001,468,456 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/22 17:07:48 | 000,003,584 | ---- | C] () -- C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 16:43:24 | 000,000,346 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\wklnhst.dat
[2010/01/06 03:17:05 | 000,007,597 | ---- | C] () -- C:\Users\Oscar\AppData\Local\resmon.resmoncfg
[2010/01/05 14:11:24 | 000,012,841 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\UserTile.png
[2009/12/29 17:38:15 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2009/12/29 03:45:47 | 000,000,391 | ---- | C] () -- C:\Windows\{2158ED55-19D1-4C0C-B213-5EFF748248AC}_WiseFW.ini
[2009/09/09 20:45:30 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Users\Oscar\AppData\Roaming\MafiaSetup.exe

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=CED728D9DC31448B1FFC904B9D35E0FE -- C:\Windows\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/02/06 03:03:30 | 000,000,000 | -HSD | M] -- C:\Users\Oscar\AppData\Roaming\.#
[2010/09/30 21:10:03 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\8EA2A1B8E6C8D185C9107E13CDB88368
[2010/09/03 20:55:27 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AC2023747A3FA32F461F5FCC0FCC665D
[2010/05/03 23:32:39 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Adobe
[2010/08/27 21:27:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Apple Computer
[2009/12/27 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\ArcSoft
[2010/04/12 13:19:04 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Ashampoo
[2009/12/26 17:24:10 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\ATI
[2010/01/09 17:35:14 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Auslogics
[2010/04/11 15:10:13 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\BOXEE
[2009/12/27 21:02:10 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\DAEMON Tools Lite
[2010/07/31 23:01:44 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\DivX
[2009/12/28 01:36:13 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Download Manager
[2010/06/10 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\dvdcss
[2010/01/28 10:01:28 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\ESET
[2009/12/26 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Google
[2009/12/26 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Identities
[2010/03/09 22:07:40 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\InstallShield
[2009/12/28 19:02:29 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Intel
[2009/12/26 18:41:55 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Macromedia
[2010/09/03 21:04:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Malwarebytes
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Media Center Programs
[2010/07/30 18:22:31 | 000,000,000 | --SD | M] -- C:\Users\Oscar\AppData\Roaming\Microsoft
[2010/10/14 18:47:33 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\MiniLyrics
[2010/02/17 00:38:09 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\mIRC
[2009/12/27 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Mozilla
[2010/01/05 01:17:01 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\MozillaControl
[2010/08/27 22:17:18 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OneSwarm
[2010/01/05 14:11:23 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\PeerNetworking
[2009/12/28 00:38:08 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Roxio
[2009/12/29 03:46:17 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Salling Software AB
[2010/10/10 14:41:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Skype
[2010/10/08 17:23:04 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\skypePM
[2009/12/26 17:51:10 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Sony Corporation
[2010/10/15 16:10:31 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Spotify
[2010/01/19 16:43:27 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Template
[2010/09/30 21:04:08 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\TeraCopy
[2010/10/10 14:43:08 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\uTorrent
[2010/10/14 18:35:44 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\vlc
[2010/04/17 00:06:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\VoddlerPlayer.22AA32E1C519F8FB77514A36DC6C2AE2C623240F.1
[2010/10/10 14:43:08 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Winamp
[2010/01/04 23:56:23 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2003/04/09 05:28:44 | 000,233,472 | R--- | M] () -- C:\Users\Oscar\AppData\Roaming\MafiaSetup.exe
[2010/09/30 21:14:19 | 001,044,480 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\8EA2A1B8E6C8D185C9107E13CDB88368\coreappsetup700.exe
[2010/04/17 00:04:06 | 000,038,784 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/01/08 00:21:50 | 000,001,406 | R--- | M] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Installer\{874F937F-42D9-49A6-874E-D797BBF78165}\_3F85B7C96F1987D23625EB.exe
[2010/01/08 00:21:50 | 000,001,406 | R--- | M] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Installer\{874F937F-42D9-49A6-874E-D797BBF78165}\_6FEFF9B68218417F98F549.exe
[2010/04/21 18:35:47 | 000,045,126 | R--- | M] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_322FD67B4052E9187FCAD5.exe
[2010/04/21 18:35:47 | 000,045,126 | R--- | M] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_6FEFF9B68218417F98F549.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/06 11:26:20 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysWOW64\drivers\tmcomm.sys

< End of report >

---------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 10/16/2010 8:34:33 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = B:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.37 Gb Total Space | 28.46 Gb Free Space | 20.28% Space Free | Partition Type: NTFS

Computer Name: OSCAR-VAIO | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{1EB8079C-2F30-3A6E-A76A-9758C4F1CD21}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3E861263-893D-42E4-B5E9-7BE28560DD79}" = Sun VirtualBox
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{62577E41-C350-3D07-97C8-2B6CDB4BAD60}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.1
"{8AA7EE74-114A-FFFF-B1D2-AED4707763C9}" = ccc-utility64
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Programvaran Intel® PROSet för trådlösa WiFi-anslutningar
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"ProInst" = Intel PROSet Wireless
"TeraCopy_is1" = TeraCopy 2.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0271C003-CED0-2354-818F-A872734088B1}" = CCC Help Dutch
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13C7CC91-61D9-4913-A5F7-66321CFDEB72}" = VAIO Content Metadata Intelligent Network Service Manager
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E40FED6-E0D6-0AA2-BA08-75B6C1E2D02F}" = CCC Help Swedish
"{1E92AF84-631C-4CF9-9B85-8F9680873418}" = VAIO Content Metadata Intelligent Network Service Manager
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FE69600-3A33-FFFF-C488-F3E40DBC2F68}" = CCC Help Czech
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2158ED55-19D1-4C0C-B213-5EFF748248AC}" = Salling Clicker
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Monitoring Settings
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2FC5CB84-9110-DE89-379B-34E87AB8BDC1}" = CCC Help Italian
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{3662480D-028D-BE4E-DEC1-775818519CC2}" = CCC Help Norwegian
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA4FBA3-35EE-3E3B-62D8-606AF0722950}" = ccc-core-static
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D029068-CE21-848B-5654-1409E47507BB}" = CCC Help Chinese Traditional
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E7FD54B-D551-70C1-CEE7-88FD59BE8063}" = CCC Help English
"{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings
"{52AF7D37-EECF-535F-5226-E0DD16543CD1}" = CCC Help Thai
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{54108D57-A606-774B-BA31-6C9363B0B33A}" = Catalyst Control Center Graphics Light
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{575E77D1-29E9-28EC-7D28-F5ABAB72C270}" = Catalyst Control Center Graphics Full Existing
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6529B443-1BD5-D7D3-7DAF-D6AD2C98C38A}" = CCC Help Finnish
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B30FB1E-9F4A-49BA-9D74-174F1ECEB59D}" = Windows Live inloggningsassistenten
"{6B99E90E-2AC4-4D72-8D88-39030783172B}" = e-kort
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73330752-80F1-65AE-721D-8AA10AEFF99B}" = CCC Help Turkish
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Function Settings
"{7E1D9B1F-A5AE-737C-E0BC-96C42D19E2CC}" = CCC Help Russian
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{874F937F-42D9-49A6-874E-D797BBF78165}" = Binary Clock
"{876172CF-1095-181F-B037-6A713235417F}" = Catalyst Control Center Graphics Previews Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFAF619-1FD7-71BD-26F1-8EED9C1C8A8D}" = Catalyst Control Center Graphics Previews Common
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EE47674-9AD3-B099-C6E4-7FB9F0D14D38}" = CCC Help Spanish
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-041D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007
"{90120000-0017-041D-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Swedish) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-041D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-041D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0020-041D-0000-0000000FF1CE}" = Compatibility Pack för Office 2007-systemet
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-041D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Swedish) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-041D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Swedish) 2007
"{90120000-0100-041D-0000-0000000FF1CE}" = Microsoft Office O MUI (Swedish) 2007
"{90120000-0101-041D-0000-0000000FF1CE}" = Microsoft Office X MUI (Swedish) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98302A0E-6D8E-4307-A784-EB68DEC7A12A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B00435C-61FA-BB7F-4B7A-98FCC4881C3F}" = CCC Help French
"{9D179733-28AD-DF80-B74A-5A0F9FD4E332}" = CCC Help Japanese
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A1432157-D6B5-BD3C-42C8-E54BEED3EB0E}" = CCC Help Korean
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB30697D-E02D-2FD7-2EF4-E60887B4B22E}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ACE78B09-BD0C-E6A4-1250-2482B5A126B8}" = Catalyst Control Center Graphics Full New
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2A7278B-6D98-8640-760B-3D34485D1AD6}" = CCC Help Portuguese
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BA9632CB-2B93-4FD6-905C-BB325CE1C4DD}" = e-kort
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBA68DFD-AA0F-2CD0-932A-17442B41A350}" = CCC Help Danish
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1846BA1-6118-3EDF-8C57-6E1A04646738}" = Microsoft Visual C++ 2008 Express Edition - ENU
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E23CBEC5-533E-054A-4109-95751B7C3A81}" = CCC Help German
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0A034FE-0951-EF71-145E-F0DF36F5A203}" = Catalyst Control Center Core Implementation
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F0F05BDF-4AE4-096C-C8E9-4B4DAD2DE13D}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C91479-BDAC-4B42-0B7B-54D37EB63A12}" = CCC Help Hungarian
"{F52EE3CE-A6B2-63E2-9445-EC92EEC1FB90}" = Catalyst Control Center Localization All
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FC55ADF1-53B6-269F-92F7-413AB697EE48}" = CCC Help Greek
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.06
"Blaze HDTV Player Deluxe 4.0_is1" = Blaze HDTV Player Deluxe 4.0
"CCleaner" = CCleaner
"Cities XL" = Cities XL
"DivX Setup.divx.com" = DivX Setup
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Window Registry Repair" = Free Window Registry Repair
"Garena" = Garena
"Gel_is1" = Gel 0.86a
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Left 4 Dead" = Left 4 Dead
"Mafia" = Mafia
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"Microsoft Visual C++ 2008 Express Edition - ENU" = Microsoft Visual C++ 2008 Express Edition - ENU
"MiniLyrics" = Minilyrics(remove only)
"mIRC" = mIRC
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"OMUI.sv-se" = Microsoft Office Language Pack 2007 - Swedish/svenska
"RocketDock_is1" = RocketDock 1.3.5
"splashtop" = VAIO Quick Web Access
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 400" = Portal
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"StepMania" = StepMania (remove only)
"Svenska Spels Poker" = Svenska Spels Poker
"uTorrent" = µTorrent
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00
"VLC media player" = VLC media player 1.1.4
"Wake up News" = Wake up News 5.0
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BOXEE" = Boxee
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2010 2:30:08 PM | Computer Name = Oscar-VAIO | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 7/23/2010 2:30:11 PM | Computer Name = Oscar-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

Error - 7/23/2010 2:34:37 PM | Computer Name = Oscar-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

Error - 7/23/2010 3:25:06 PM | Computer Name = Oscar-VAIO | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 7/23/2010 3:25:12 PM | Computer Name = Oscar-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

Error - 7/23/2010 3:29:44 PM | Computer Name = Oscar-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

Error - 7/25/2010 11:30:59 AM | Computer Name = Oscar-VAIO | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 7/25/2010 11:31:07 AM | Computer Name = Oscar-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

Error - 7/25/2010 11:35:38 AM | Computer Name = Oscar-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

Error - 7/25/2010 12:35:06 PM | Computer Name = Oscar-VAIO | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Media Center Events ]
Error - 12/26/2009 12:21:39 PM | Computer Name = Oscar-VAIO | Source = MCUpdate | ID = 0
Description = 17:21:39 - Ett fel inträffade under anslutningen till Internet. 17:21:39
- Det gick inte att kontakta servern..

Error - 1/30/2010 5:27:24 PM | Computer Name = Oscar-VAIO | Source = MCUpdate | ID = 0
Description = 22:27:23 - Ett fel inträffade under anslutningen till Internet. 22:27:23
- Det gick inte att kontakta servern..

Error - 1/30/2010 5:27:34 PM | Computer Name = Oscar-VAIO | Source = MCUpdate | ID = 0
Description = 22:27:29 - Ett fel inträffade under anslutningen till Internet. 22:27:29
- Det gick inte att kontakta servern..

Error - 1/30/2010 6:27:43 PM | Computer Name = Oscar-VAIO | Source = MCUpdate | ID = 0
Description = 23:27:43 - Ett fel inträffade under anslutningen till Internet. 23:27:43
- Det gick inte att kontakta servern..

Error - 1/30/2010 6:27:56 PM | Computer Name = Oscar-VAIO | Source = MCUpdate | ID = 0
Description = 23:27:49 - Ett fel inträffade under anslutningen till Internet. 23:27:49
- Det gick inte att kontakta servern..

[ System Events ]
Error - 4/13/2010 8:54:11 AM | Computer Name = Oscar-VAIO | Source = Service Control Manager | ID = 7009
Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Roxio
Upnp Server 10 skulle ansluta.

Error - 4/13/2010 8:54:11 AM | Computer Name = Oscar-VAIO | Source = Service Control Manager | ID = 7001
Description = Tjänsten SBSD Security Center Service är beroende av tjänsten Security
Center. Den sistnämnda kunde inte starta på grund av följande fel: %%1058

Error - 4/14/2010 1:20:44 PM | Computer Name = Oscar-VAIO | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 4/14/2010 1:20:44 PM | Computer Name = Oscar-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 4/14/2010 1:20:55 PM | Computer Name = Oscar-VAIO | Source = Service Control Manager | ID = 7009
Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Roxio
Upnp Server 10 skulle ansluta.

Error - 4/14/2010 1:20:55 PM | Computer Name = Oscar-VAIO | Source = Service Control Manager | ID = 7001
Description = Tjänsten SBSD Security Center Service är beroende av tjänsten Security
Center. Den sistnämnda kunde inte starta på grund av följande fel: %%1058

Error - 4/15/2010 3:38:39 AM | Computer Name = Oscar-VAIO | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 4/15/2010 3:38:39 AM | Computer Name = Oscar-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 4/15/2010 3:38:48 AM | Computer Name = Oscar-VAIO | Source = Service Control Manager | ID = 7009
Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Roxio
Upnp Server 10 skulle ansluta.

Error - 4/15/2010 3:38:48 AM | Computer Name = Oscar-VAIO | Source = Service Control Manager | ID = 7001
Description = Tjänsten SBSD Security Center Service är beroende av tjänsten Security
Center. Den sistnämnda kunde inte starta på grund av följande fel: %%1058


< End of report >

Edited by osse666, 16 October 2010 - 01:48 PM.


#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:47 AM

Posted 17 October 2010 - 01:08 AM

Hi,


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box. Do not include the word "Code".

    CODE
    :Files
    C:\Windows\explorer.exe|C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe /replace

    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [REBOOT]

  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.



2. Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    CODE
    :filefind
    explorer.exe
    wininit.exe
    HLP.DAT
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 osse666

osse666
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 17 October 2010 - 05:40 AM

Now my explorer starts as it is supposed to do, which is great !

All processes killed
========== FILES ==========
Unable to replace file: C:\Windows\explorer.exe with C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe without a reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FAMILIA

User: Oscar
->Temp folder emptied: 647608155 bytes
->Temporary Internet Files folder emptied: 5756327 bytes
->Java cache emptied: 3909264 bytes
->FireFox cache emptied: 110152909 bytes
->Flash cache emptied: 50187 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 614917298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 557492 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,319.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.15.2 log created on 10172010_122529

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

-----------------------------------------------------------------------------------------------------------

SystemLook 04.09.10 by jpshortstuff
Log created at 12:33 on 17/10/2010 by Oscar
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2870272 bytes [20:19 27/01/2010] [06:34 31/10/2009] 9AAAEC8DAC27AA17B053E6352AD233AE
C:\Windows\SysWOW64\explorer.exe --a---- 2614272 bytes [20:19 27/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe --a---- 2868224 bytes [23:56 13/07/2009] [01:39 14/07/2009] C235A51CB740E45FFA0EBFB9BAFCDA64
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe --a---- 2868224 bytes [17:26 26/12/2009] [06:17 03/08/2009] F170B4A061C9E026437B193B4D571799
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe --a---- 2868224 bytes [17:26 26/12/2009] [06:19 03/08/2009] 700073016DAC1C3D2E7E2CE4223334B6
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe --a---- 2870272 bytes [20:19 27/01/2010] [06:38 31/10/2009] B8EC4BD49CE8F6FC457721BFC210B67F
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe --a---- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe --a---- 2613248 bytes [17:26 26/12/2009] [05:35 03/08/2009] B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe --a---- 2614272 bytes [20:19 27/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe --a---- 2613248 bytes [17:26 26/12/2009] [05:49 03/08/2009] 9FF6C4C91A3711C0A3B18F87B08B518D
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe --a---- 2614272 bytes [20:19 27/01/2010] [06:00 31/10/2009] C76153C7ECA00FA852BB0C193378F917

Searching for "wininit.exe"
C:\Windows\System32\wininit.exe --a---- 129024 bytes [23:52 13/07/2009] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe --a---- 129024 bytes [23:52 13/07/2009] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665

Searching for "HLP.DAT"
No files found.

-= EOF =-


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:47 AM

Posted 17 October 2010 - 07:14 AM

Hi,

That's a great start.


1. Please copy the contents of the code box below, open notepad and paste it there. (Do not include the word "Code")
  • Save it to your desktop as copy.bat
  • Close notepad and locate the copy.bat icon on your desktop and double click it.
CODE
copy C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe c:\wininit.exe
del %0

Note: After running the Batch file (step #1), please check first that C:\wininit.exe is present before doing step #2.




2. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box. Do not include the word "Code".

    CODE
    :Files
    C:\Windows\SysWOW64\wininit.exe|C:\wininit.exe /replace

    :Commands
    [EMPTYTEMP]

  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.



3. Run SystemLook and copy/paste the following into the box
CODE
:filefind
wininit.exe
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply





~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 osse666

osse666
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 17 October 2010 - 08:20 AM

Hmm, the batch script did work but I cannot find a wininit.exe in my C: directory. But it is in my system32, I told you before I couldn't find one, but now it is there.

I know that the code in step nr 2 will not work if there is no wininit.exe but I did step nr 3 and just to make sure I was not wrong I did step nr 2 as well. Here is the result.

All processes killed
========== FILES ==========
File C:\wininit.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FAMILIA

User: Oscar
->Temp folder emptied: 3307216 bytes
->Temporary Internet Files folder emptied: 868292 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54994321 bytes
->Flash cache emptied: 675 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3490 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10172010_151041

Files\Folders moved on Reboot...
C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

-----------------------------------------------------------------------------------------------------------------------

SystemLook 04.09.10 by jpshortstuff
Log created at 15:09 on 17/10/2010 by Oscar
Administrator - Elevation successful

========== filefind ==========

Searching for "wininit.exe"
C:\Windows\System32\wininit.exe --a---- 129024 bytes [23:52 13/07/2009] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe --a---- 129024 bytes [23:52 13/07/2009] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665

-= EOF =-

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:47 AM

Posted 17 October 2010 - 08:46 AM

Can you manually copy/paste the file below into C:\ then please repeat step 2 & 3 of my previous post:
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 osse666

osse666
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 17 October 2010 - 09:39 AM

Sorry for taking some time... This time it worked just fine smile.gif

All processes killed
========== FILES ==========
File C:\Windows\SysWOW64\wininit.exe successfully replaced with C:\wininit.exe
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FAMILIA

User: Oscar
->Temp folder emptied: 401 bytes
->Temporary Internet Files folder emptied: 38061 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22799209 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2650 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10172010_155055

Files\Folders moved on Reboot...
C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

----------------------------------------------------------------------------------------------------------------------

SystemLook 04.09.10 by jpshortstuff
Log created at 16:38 on 17/10/2010 by Oscar
Administrator - Elevation successful

========== filefind ==========

Searching for "wininit.exe"
C:\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows\System32\wininit.exe --a---- 129024 bytes [23:52 13/07/2009] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\SysWOW64\wininit.exe --a---- 96256 bytes [13:50 17/10/2010] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe --a---- 129024 bytes [23:52 13/07/2009] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665

-= EOF =-

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:47 AM

Posted 17 October 2010 - 09:46 AM

Perfect! thumbup2.gif How's the PC running now?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 osse666

osse666
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 17 October 2010 - 09:54 AM

Thanks to you, my PC is running just fine smile.gif I hope this is the end of my infection and that I will not get it back...
Thanks a lot for your professional help, it is very appreciated! You give quick response and very easy steps to follow, which is good.

Enjoy the rest of your day! Thank you again smile.gif

**A lot of thanks you... But you deserve them ;)**

Edited by osse666, 17 October 2010 - 09:55 AM.


#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:47 AM

Posted 17 October 2010 - 10:03 AM

You're welcome but we're not done yet. laugh.gif
Just a few more scans to make sure that there's no remnants.


I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push






~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 osse666

osse666
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 17 October 2010 - 11:38 AM

laugh.gif laugh.gif

There isn't any "export to file" button, but the scan told me that it was all good.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users