Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer - HijackThisLog for views and hopefully for help


  • This topic is locked This topic is locked
23 replies to this topic

#1 mli41

mli41

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 12 October 2010 - 11:31 AM

This is my time-to-time slow computer almost immediately after boot. Because of "time-to-time", I don't know if something begins to run separately later.

Computer is IBM/Lenovo 8303-82G


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:34, on 12.10.2010 (my local time is GMT +2h)
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Prg\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Prg\F-Secure\Anti-Virus\fsgk32st.exe
C:\Prg\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Prg\F-Secure\Anti-Virus\FSGK32.EXE
C:\Prg\F-Secure\Common\FSMA32.EXE
C:\Prg\F-Secure\Anti-Virus\fssm32.exe
C:\Prg\F-Secure\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Prg\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Prg\OO Software\Defrag\oodag.exe
C:\Prg\F-Secure\Common\FCH32.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Installer\MSI2236.tmp
C:\Prg\F-Secure\Common\FAMEH32.EXE
C:\Prg\F-Secure\Anti-Virus\fsqh.exe
C:\Prg\F-Secure\Anti-Virus\fsrw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Prg\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Prg\F-Secure\Common\FSM32.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe
C:\Prg\F-Secure\Common\FNRB32.EXE
C:\Prg\F-Secure\Common\FIH32.EXE
C:\Prg\F-Secure\FWES\Program\fsdfwd.exe
C:\Prg\F-Secure\Anti-Virus\fsav32.exe
C:\Prg\F-Secure\ANTI-S~1\fsaw.exe
C:\Prg\F-Secure\FSGUI\fsguidll.exe
C:\Prg\totalcmd\TOTALCMD.EXE
C:\Prg\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Prg\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Prg\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Prg\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: OpenOffice.org 3.1.lnk.disabled
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Prg\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Prg\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Prg\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Prg\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Prg\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Prg\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Prg\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Prg\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202030359553
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206809203437
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\Prg\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Prg\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Prg\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Prg\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Prg\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Prg\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Prg\OO Software\Defrag\oodag.exe
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Prg\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SolidPDFToolsCreatorReadSpool (SPDFToolsReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI2236.tmp
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 11731 bytes


Thanks in advance

mli41

Edited by hamluis, 12 October 2010 - 12:04 PM.
Moved from XP forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 PM

Posted 19 October 2010 - 07:51 PM

Hi and welcome. :)

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay in response.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and choose the notification you wish and click Proceed. Your subscription will be added and the topics you are subscribed/tracked to can be found in your Control Panel on this page

Please take note of the following guidelines in the meantime:

Please perform all steps in the order received and do not proceed if you need clarification.


  • In the meantime, please refrain from making any changes to your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Old topics are closed after 3-5 days with no reply, and working topics are closed after 5-7 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. In addition, most of us staff members here are all volunteers. With that said, please be courteous and appreciative for the assistance provided.

 

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 mli41

mli41
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 21 October 2010 - 05:40 AM

Hi Extremeboy,

Thank you for your response – I very well understand and highly respect the work of volunteers.

First of all, I regret that unfortunately, I had not spotted the right, comprehensive guidance (http://www.bleepingcomputer.com/forums/topic34773.html) before I uploaded my HijackThisLog to you.

In the meantime, I also tried to be "clever" and followed approximately the guidance I had found in the first place (http://www.bleepingcomputer.com/forums/forum56.html) having also made a lot of changes. From now onwards I naturally refrain to do any more.

Therefore, I understand that from now onwards my "project" begins from 0-point again. I don't know if it is any benefit to you to know what I did but I describe shortly:

1) A complete backup (Acronis-image for everything and in addition, pure data separately)

2) F-Secure. I knew from articles that F-Secure is slow (slowish at least); my version was not very new. I made a complete - very long run - check by it. My oldish version of F-Sec didn't start in Windows safe mode. That run discovered one malware which was deleted and another in an attachment of an e-mail, F-sec could not delete (because it was inside of a package - exe-file). Later I deleted the mail (I had never opened the attachment).
F-Sec’s report in this respect:
A/ Tracking Cookie (cookie)
* C:\Documents and Settings\M\Cookies\m@msnportal.112.2o7[1].txt Action: quarantined
Later deleted.
B/ The other one: Trojan-Dropper.Win32.Agent.bzst (virus)
xxxx.pst\[From:Your iTunes Store customer.service@itunes.com][Subj:Thank you for buying iTunes Gift Certificate!]iTunes_certificate_697.zip\iTunes_certificate_697.exe

3) During my survey, I found additionally that automatic update (by F-Sec) made updates to virusdatabase only and my spyware database was more than a year old; I had not recognized the end of service for that database. Already before, I had planned to change my F-Secure due to slowness, but that observation sealed my plan immediately. Therefore, I have now latest Avast 5 (free).

4) I ran also CCleaner and Spybot. I have used Spybot to ensure that those programs which I am sure are unnecessary to start when booting the computer - but I don't know if they still are some unnecessary ones.
Spybot has already some time informed that it has not immunized successfully everything. Therefore, I feel that something is still abnormal, even though a lot of improvement has taken place - perhaps due that deleted malware F-Sec (as its last service!) found.



===============

So, to the present situation on basis of:
http://www.bleepingcomputer.com/forums/topic34773.html

5) Enable a firewall - has been enabled - Win automatic updates I prefer to keep on information level only

6) DDS.txt follows and GMER log are included in the attached ZIP-file which additionally includes a) a new HijackThis log (even though perhaps not needed), B) defogger_disable.log, and c) information of the Spybot result

I planned to remove and reinstall IE8 but got so long list of warnings that – at least for time being - I have “left such a plan to sleep”

Thanks again

mli41

Attached Files

  • Attached File  8303.ZIP   501.74KB   2 downloads


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 PM

Posted 21 October 2010 - 10:13 PM

Hello.

Thanks for the detailed description.

As of currently reviewing the logs, I do not see any indications of malware present on your machine. I do however see a few things that could be removed and cleared up that could potentially help however, not main source of indication as to your slow machine.

The machine does not seem to be that bad however some "maintenance" can be done. Before we begin, I see that some of your Avast! Anti-virus drivers are failing sometimes, I suggest you completely uninstall Avast! and re-install it again.

Upon completion of that, please perform the following two things:

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run OTL

  • Download OTL by OldTimer and save it to your desktop.
  • Double click on the Posted Image icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized


Post those logs in your next reply please.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 mli41

mli41
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 22 October 2010 - 05:32 PM

Hi Extremeboy,

Thank you for your quick response.
Due some very urgent activities; my answer is a bit delayed, sorry.


After reinstalling Avast, I reran also CCleaner which didn’t have much to do.

Just to note one odd phenomenon which appeared (rebooting didn't help):
From within Firefox, I saved our correspondence using default name page__pid__1983938.htm as full web-page and later “saved frame” as page__pid__1983938_frame.htm. Both files are stopped by Firefox when I try to open them again. IE8 opens both of them, not as very complete pages because icons in left hand column and in the beginning of several lines disappear – but main point is that the message is readable.

Firefox made an automatic update in the meantime which I couldn't prevent. A sample of Firefox warnings is attached; probably the question is of some Firefox settings.

Back to our original project:

A/ MalwareBytes Anti-Malware - Perform Quick Scan
But your advise “Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.”
There was no Show Results button – may be because it was no malware to show.

The content of the report “mbam-log-2010-10-22 (18-16-01).txt” follows:
===================================
===================================
===================================
===================================
===================================
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4913

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.10.2010 18:16:01
mbam-log-2010-10-22 (18-16-01).txt

Scan type: Quick scan
Objects scanned: 149081
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

===================================
===================================
===================================
===================================
I made also a full scan - it is no essential difference, only following lines were - evidently - different:

22.10.2010 20:20:26
mbam-log-2010-10-22 (20-20-26).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 310178
Time elapsed: 1 hour(s), 56 minute(s), 24 second(s)

===================================
===================================
===================================
===================================

OTL - reports:

I lost OTL report of the first run. So, I ran OTL again, but it didn’t write a new extra-report. I tried some additional runs, but it newer made a new extra-file. Hopefully the combination from first and second run is god enough.


===================================
===================================
===================================
===================================

OTL logfile created on: 22.10.2010 17:51:21 - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\All Users\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Finland | Language: FIN | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147,02 Gb Total Space | 112,17 Gb Free Space | 76,29% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 78,88 Gb Free Space | 52,93% Space Free | Partition Type: NTFS

Computer Name: IBM-C5ABD0B1A94 | User Name: M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2010.10.22 13:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
PRC - [2010.09.19 12:43:50 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.09.13 00:02:24 | 000,779,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010.09.07 18:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Prg\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Prg\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.05.25 19:53:56 | 002,139,536 | ---- | M] () -- C:\Prg\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010.05.11 22:36:10 | 001,619,272 | ---- | M] (O&O Software GmbH) -- C:\Prg\OO Software\Defrag\oodag.exe
PRC - [2009.11.25 17:06:28 | 000,189,760 | ---- | M] (Solid Documents, LLC) -- C:\WINDOWS\Installer\MSI2236.tmp
PRC - [2009.11.17 12:12:26 | 000,155,648 | ---- | M] (Primax Electronics Ltd.) -- C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
PRC - [2009.11.06 16:00:14 | 000,098,304 | ---- | M] (Primax Electronics Ltd.) -- C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
PRC - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.05.15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.11.20 16:27:28 | 000,020,480 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.07 21:46:35 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2002.06.08 01:02:56 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002.05.03 23:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe


========== Modules (SafeList) ==========

MOD - [2010.10.22 13:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
MOD - [2010.08.23 19:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008.04.14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2010.09.19 12:43:50 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.09.13 00:02:24 | 000,779,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Prg\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Prg\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Prg\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.05.25 19:53:56 | 002,139,536 | ---- | M] () [Auto | Running] -- C:\Prg\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010.05.11 22:36:10 | 001,619,272 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Prg\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2010.03.18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.11.25 17:06:28 | 000,189,760 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\WINDOWS\Installer\MSI2236.tmp -- (SPDFToolsReadSpool)
SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.05.15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008.11.14 23:20:43 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2002.06.08 01:02:56 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002.05.03 23:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\M\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys -- (F-Secure Standalone Minifilter)
DRV - [2010.09.22 16:51:56 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010.09.19 12:43:55 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.09.19 12:43:29 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2010.09.19 12:43:27 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.09.07 21:08:43 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.09.07 17:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 17:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 17:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 17:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.09.07 17:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.09.07 17:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.11.02 14:29:42 | 000,019,456 | ---- | M] (TPMX Electronics Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PelMouse.SYS -- (pelmouse)
DRV - [2009.02.06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008.04.14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007.08.15 22:32:16 | 000,069,776 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fvxscsi.sys -- (FVXSCSI)
DRV - [2007.06.22 11:06:48 | 000,043,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fsRamDsk.sys -- (fsRamDsk)
DRV - [2007.04.26 09:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.04.26 09:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007.04.26 09:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.03.02 14:48:42 | 000,017,840 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)
DRV - [2006.10.31 18:07:00 | 000,019,818 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PelPs2m.sys -- (pelps2m)
DRV - [2006.06.29 18:11:08 | 000,011,712 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2004.08.04 09:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.03.31 07:32:46 | 000,009,248 | R--- | M] (MELCO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ESSIDSET.SYS -- (ESSIDSET)
DRV - [2004.01.05 21:23:16 | 000,006,016 | R--- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor)
DRV - [2002.05.03 23:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001.08.18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.17 23:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2000.06.01 07:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2000.03.23 08:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3114318073-4207044864-2010873985-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3114318073-4207044864-2010873985-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: fi@dictionaries.addons.mozilla.org:1.0.2.1
FF - prefs.js..extensions.enabledItems: sv@dictionaries.addons.mozilla.org:1.44
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20100720

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Prg\Mozilla Firefox\components [2010.10.21 06:59:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Prg\Mozilla Firefox\plugins [2010.10.21 06:59:34 | 000,000,000 | ---D | M]

[2009.09.28 12:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M\Application Data\Mozilla\Extensions
[2010.10.21 15:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M\Application Data\Mozilla\Firefox\Profiles\1gw8gbkw.default\extensions
[2010.04.28 09:44:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\M\Application Data\Mozilla\Firefox\Profiles\1gw8gbkw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.27 10:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M\Application Data\Mozilla\Firefox\Profiles\1gw8gbkw.default\extensions\de_DE@dicts.j3e.de
[2009.12.16 16:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M\Application Data\Mozilla\Firefox\Profiles\1gw8gbkw.default\extensions\dictionary-switcher@design-noir.de
[2009.09.28 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M\Application Data\Mozilla\Firefox\Profiles\1gw8gbkw.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010.07.16 20:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M\Application Data\Mozilla\Firefox\Profiles\1gw8gbkw.default\extensions\fi@dictionaries.addons.mozilla.org
[2010.10.15 12:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M\Application Data\Mozilla\Firefox\Profiles\1gw8gbkw.default\extensions\sv@dictionaries.addons.mozilla.org

O1 HOSTS File: ([2010.10.15 14:23:09 | 000,423,799 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14613 more lines...
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Prg\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3114318073-4207044864-2010873985-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3114318073-4207044864-2010873985-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Prg\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe (Primax Electronics Ltd.)
O4 - HKU\S-1-5-21-3114318073-4207044864-2010873985-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\M\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 7136
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3114318073-4207044864-2010873985-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Prg\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Prg\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202030359553 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206809203437 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab (acpRunner Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.243.153.172 213.243.153.136
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\MontRoyal-DSCF0001.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\MontRoyal-DSCF0001.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.29 04:02:34 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1257f947-ecde-11de-9e85-00096be7e9b7}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\{1f293f9c-5953-11dd-955a-00096be7e9b7}\Shell - "" = AutoRun
O33 - MountPoints2\{1f293f9c-5953-11dd-955a-00096be7e9b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f293f9c-5953-11dd-955a-00096be7e9b7}\Shell\AutoRun\command - "" = E:\EasySuite.exe -- File not found
O33 - MountPoints2\{26291502-ef24-11de-9e88-00096be7e9b7}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\{31f90b16-a852-11df-9fca-00096be7e9b7}\Shell - "" = AutoRun
O33 - MountPoints2\{31f90b16-a852-11df-9fca-00096be7e9b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31f90b16-a852-11df-9fca-00096be7e9b7}\Shell\AutoRun\command - "" = E:\EasySuite.exe -- File not found
O33 - MountPoints2\{36d3f20a-b29c-11df-9fe3-00096be7e9b7}\Shell\AutoRun\command - "" = G:\Michael_Jackson's_THIS_IS_IT_(FI).exe -- File not found
O33 - MountPoints2\{3a21e778-bac3-11df-9ff9-00096be7e9b7}\Shell\AutoRun\command - "" = G:\Michael_Jackson's_THIS_IS_IT_(FI).exe -- File not found
O33 - MountPoints2\{91a8a685-595d-11dd-955c-00096be7e9b7}\Shell - "" = AutoRun
O33 - MountPoints2\{91a8a685-595d-11dd-955c-00096be7e9b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91a8a685-595d-11dd-955c-00096be7e9b7}\Shell\AutoRun\command - "" = E:\EasySuite.exe -- File not found
O33 - MountPoints2\{9bd66720-c3da-11de-9e32-00096be7e9b7}\Shell\Shell00\Command - "" = F:\Start.exe -- File not found
O33 - MountPoints2\{9ebd6bd6-2ae2-11df-9ef1-00096be7e9b7}\Shell\Shell00\Command - "" = G:\Start.exe -- File not found
O33 - MountPoints2\{9ebd6bdc-2ae2-11df-9ef1-00096be7e9b7}\Shell\Shell00\Command - "" = G:\Start.exe -- File not found
O33 - MountPoints2\{9ebd6be0-2ae2-11df-9ef1-00096be7e9b7}\Shell\Shell00\Command - "" = G:\Start.exe -- File not found
O33 - MountPoints2\{ceeef4df-ba0b-11dd-9b51-00096be7e9b7}\Shell - "" = AutoRun
O33 - MountPoints2\{ceeef4df-ba0b-11dd-9b51-00096be7e9b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ceeef4df-ba0b-11dd-9b51-00096be7e9b7}\Shell\AutoRun\command - "" = F:\EasySuite.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\APPInst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 360 Days ==========

[2010.10.22 13:08:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
[2010.10.22 12:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\Malwarebytes
[2010.10.22 12:33:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.22 12:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.10.22 12:33:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.22 12:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.10.22 12:23:56 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Desktop\mbam-setup-1.46.exe
[2010.10.22 11:04:18 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.10.22 11:04:18 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.10.22 11:04:17 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.10.22 11:04:16 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.10.22 11:04:15 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.10.22 11:04:15 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.10.22 11:04:14 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.10.22 11:03:58 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.10.22 11:03:58 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010.10.22 10:53:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\M\Recent
[2010.10.15 19:31:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.14 13:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010.10.12 20:41:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010.09.28 16:15:18 | 000,000,000 | RHSD | C] -- C:\BOOTWIZ
[2010.09.22 16:58:31 | 000,019,818 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PelPs2m.sys
[2010.09.22 16:58:31 | 000,019,456 | ---- | C] (TPMX Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PelMouse.SYS
[2010.09.22 16:58:31 | 000,018,432 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PELMOUBT.SYS
[2010.09.22 16:58:31 | 000,013,312 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PELBTM.SYS
[2010.09.22 16:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\Downloaded Installations
[2010.09.22 16:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2010.09.19 12:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\F8710C98-5D10-40AB-A908-AD76ABD3C8A3
[2010.09.12 22:10:06 | 000,000,000 | ---D | C] -- D:\T_Data\MyScreen
[2010.09.12 21:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Desktop\New Folder
[2010.09.07 21:09:17 | 000,163,232 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2010.09.07 21:09:11 | 000,752,128 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm273.sys
[2010.09.07 21:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010.09.07 21:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\Acronis
[2010.08.27 21:39:27 | 000,000,000 | ---D | C] -- D:\T_Data\__InfPr_sw
[2010.08.21 12:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oodag
[2010.08.21 12:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Local Settings\Application Data\O&O
[2010.08.12 18:15:24 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2010.08.12 12:27:38 | 000,226,656 | ---- | C] (Acronis) -- C:\WINDOWS\System32\snapapi.dll
[2010.08.12 11:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010.08.12 11:07:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010.08.12 10:48:33 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.08.12 10:38:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.07.06 10:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.07.06 10:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010.07.06 10:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010.06.23 17:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Desktop\Sanakirjat all-users2
[2010.06.07 15:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\NiXPS
[2010.05.21 11:50:14 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010.05.11 22:36:40 | 001,254,728 | ---- | C] (O&O Software GmbH) -- C:\WINDOWS\System32\ooscrsav.scr
[2010.05.11 22:35:44 | 000,200,008 | ---- | C] (O&O Software GmbH) -- C:\WINDOWS\System32\oodbs.exe
[2010.05.11 22:31:26 | 000,546,120 | ---- | C] (O&O Software GmbH) -- C:\WINDOWS\System32\oodssrs.dll
[2010.05.11 22:31:02 | 000,010,056 | ---- | C] (O&O Software GmbH) -- C:\WINDOWS\System32\oodbsrs.dll
[2010.04.19 01:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\Ashampoo
[2010.04.19 01:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Local Settings\Application Data\ashampoo
[2010.04.19 01:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010.04.19 01:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\page
[2010.04.15 00:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Compaq
[2010.04.15 00:56:24 | 000,000,000 | ---D | C] -- C:\CPQSYSTEM
[2010.03.30 12:24:40 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll
[2010.03.29 22:45:36 | 000,000,000 | ---D | C] -- C:\DriveKey
[2010.03.18 16:47:22 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspnet_counters.dll
[2010.03.18 13:16:28 | 000,771,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100_clr0400.dll
[2010.03.18 13:16:28 | 000,486,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evr.dll
[2010.03.18 13:16:28 | 000,070,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxva2.dll
[2010.03.18 10:09:00 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010.03.18 10:09:00 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010.03.18 10:09:00 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2010.03.11 17:49:23 | 000,000,000 | ---D | C] -- D:\T_Data\__________H______sveig______!!!!
[2010.03.02 23:32:31 | 000,000,000 | ---D | C] -- D:\T_Data\__________H______nils______!!!!
[2010.02.25 17:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Local Settings\Application Data\Temp
[2010.02.22 01:38:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.02.19 12:06:10 | 000,000,000 | ---D | C] -- C:\MyS2GApp
[2010.02.18 15:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.02.18 15:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.02.18 15:29:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.02.18 15:29:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.02.18 15:29:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.02.18 15:29:19 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.02.18 15:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.02.01 13:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010.02.01 13:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010.01.17 00:41:12 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010.01.17 00:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\Sun
[2010.01.16 15:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Local Settings\Application Data\WMTools Downloaded Files
[2010.01.06 01:16:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\M\IECompatCache
[2009.12.17 12:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\OpenOffice.org
[2009.12.15 21:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009.12.15 21:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009.12.15 21:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Local Settings\Application Data\Apple
[2009.12.15 21:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009.12.15 21:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009.12.15 21:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Local Settings\Application Data\Apple Computer
[2009.12.15 01:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\EurekaLog
[2009.11.25 17:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidDocuments
[2009.11.23 22:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\eXPert PDF 6
[2009.11.23 22:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009.11.23 22:11:40 | 000,022,016 | ---- | C] (Visagesoft) -- C:\WINDOWS\System32\vsmon1.dll
[2009.11.23 22:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BVRP Software
[2009.11.23 22:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visage Software
[2009.11.23 22:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs
[2009.11.23 22:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eXPert PDF 6
[2009.11.23 15:55:52 | 000,009,248 | R--- | C] (MELCO INC.) -- C:\WINDOWS\System32\ESSIDSET.SYS
[2009.11.11 00:08:24 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009.11.11 00:08:24 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009.11.10 14:15:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Desktop\MS Office
[2009.11.08 14:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Local Settings\Application Data\Windows Live Writer
[2009.11.08 14:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M\Application Data\Windows Live Writer
[2009.11.08 14:55:04 | 000,000,000 | ---D | C] -- D:\T_Data\My Weblog Posts
[2009.11.04 18:11:42 | 000,106,496 | R--- | C] (Genesys) -- C:\WINDOWS\System32\geneicon.dll
[2009.11.04 18:11:42 | 000,006,016 | R--- | C] (Genesys Logic) -- C:\WINDOWS\System32\drivers\fixustor.sys
[2009.11.04 18:11:41 | 000,053,248 | ---- | C] (General) -- C:\WINDOWS\System32\umonit.exe
[2009.10.30 22:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009.10.29 12:49:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009.10.29 12:49:13 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009.10.28 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\Visagesoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2010.10.22 17:49:26 | 000,007,291 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.10.22 17:34:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.22 17:11:43 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6E343878-F595-40A1-8B02-1DE751F77FE8}.job
[2010.10.22 17:11:20 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.22 17:10:00 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.22 17:09:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.22 17:09:42 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.22 17:09:41 | 000,158,224 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.10.22 14:00:03 | 000,000,327 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010.10.22 13:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
[2010.10.22 12:33:27 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.22 12:20:25 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Desktop\mbam-setup-1.46.exe
[2010.10.22 11:04:19 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010.10.22 11:04:15 | 000,002,621 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.10.20 17:28:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\M\defogger_reenable
[2010.10.20 17:02:43 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\gmer.zip
[2010.10.20 16:56:54 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\dds.scr
[2010.10.20 16:55:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defogger.exe
[2010.10.19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\gmer.exe
[2010.10.18 11:21:59 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\M\Application Data\default.rss
[2010.10.15 23:13:29 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\M\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010.10.15 23:13:26 | 000,528,520 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.15 23:13:26 | 000,097,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.15 19:41:02 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.15 14:23:09 | 000,423,799 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.10.15 14:08:13 | 000,423,799 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101015-142309.backup
[2010.10.14 21:54:41 | 000,423,799 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101015-140813.backup
[2010.10.13 20:32:19 | 000,000,232 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010.10.10 17:20:12 | 000,036,363 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2010.10.06 20:08:06 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.02 13:18:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010.10.02 13:18:33 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2010.10.02 13:18:33 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2010.09.29 15:29:29 | 207,355,904 | ---- | M] () -- C:\Documents and Settings\M\Desktop\From8303_Atih2011Dd11.iso
[2010.09.28 19:17:30 | 000,024,576 | RHS- | M] () -- C:\bootwiz.sys
[2010.09.28 16:15:19 | 000,001,070 | ---- | M] () -- C:\Documents and Settings\M\Desktop\Acronis OS Selector.lnk
[2010.09.28 16:15:19 | 000,000,962 | ---- | M] () -- C:\Acronis OS Selector.lnk
[2010.09.27 22:37:27 | 000,420,797 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101014-215441.backup
[2010.09.22 16:51:56 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\System32\drivers\psadd.sys
[2010.09.21 12:48:33 | 000,000,010 | ---- | M] () -- C:\WINDOWS\RHUD.bkm
[2010.09.19 12:43:55 | 000,163,232 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2010.09.19 12:43:29 | 000,752,128 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm273.sys
[2010.09.19 12:43:27 | 000,600,928 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2010.09.19 12:43:15 | 000,001,091 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis Online Backup.lnk
[2010.09.19 12:43:15 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 2011.lnk
[2010.09.19 12:01:04 | 000,420,729 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100927-223727.backup
[2010.09.18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2010.09.18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010.09.18 09:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2010.09.18 09:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.09.18 09:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll
[2010.09.18 09:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010.09.18 09:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2010.09.18 09:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.09.11 19:30:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010.09.10 08:58:08 | 005,957,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010.09.10 08:58:08 | 001,210,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010.09.10 08:58:08 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010.09.10 08:58:08 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010.09.10 08:58:08 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010.09.10 08:58:08 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010.09.10 08:58:08 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010.09.10 08:58:06 | 001,986,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010.09.10 08:58:06 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010.09.10 08:58:06 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010.09.10 08:58:06 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010.09.10 08:58:06 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.09.10 08:58:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010.09.10 08:58:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.09.10 08:58:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2010.09.10 08:58:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2010.09.10 08:58:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010.09.10 08:58:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010.09.10 08:58:05 | 011,080,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010.09.10 08:58:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010.09.10 08:58:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010.09.10 08:58:03 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.09.10 08:58:03 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010.09.10 08:58:03 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010.09.08 11:04:21 | 000,002,931 | ---- | M] () -- D:\T_Data\Uusi_yritys_b_Log.xml
[2010.09.07 22:08:44 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Home.lnk
[2010.09.07 21:08:43 | 000,170,464 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010.09.07 18:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010.09.07 18:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.09.07 17:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.09.07 17:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.09.07 17:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.09.07 17:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.09.07 17:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.09.07 17:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.09.07 17:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.09.06 13:48:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.01 14:51:14 | 000,285,824 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010.09.01 14:51:14 | 000,285,824 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010.08.31 16:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010.08.31 16:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010.08.27 11:02:29 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2010.08.27 11:02:29 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010.08.27 08:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010.08.26 16:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010.08.26 15:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010.08.26 15:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010.08.25 23:36:02 | 010,841,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2010.08.23 19:12:04 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.08.21 12:18:13 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\O&O Defrag.lnk
[2010.08.17 16:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010.08.16 11:45:00 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010.08.13 00:17:03 | 000,000,966 | ---- | M] () -- C:\WINDOWS\SK2004LE.INI
[2010.08.12 22:50:27 | 000,000,279 | ---- | M] () -- C:\WINDOWS\ConverterCore.INI
[2010.08.12 20:37:46 | 000,418,009 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100919-120103.backup
[2010.08.12 18:17:42 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010.08.12 18:17:42 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010.08.12 12:27:38 | 000,226,656 | ---- | M] (Acronis) -- C:\WINDOWS\System32\snapapi.dll
[2010.07.30 18:39:33 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\M\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.27 09:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.07.20 20:15:09 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\M\Desktop\Microsoft Office Outlook 2003.lnk
[2010.07.16 15:05:55 | 001,288,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2010.07.12 09:15:35 | 000,413,280 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100812-203746.backup
[2010.07.04 18:31:06 | 000,412,786 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100712-091535.backup
[2010.07.04 18:26:26 | 000,412,786 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100704-183106.backup
[2010.06.30 15:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010.06.26 21:10:13 | 000,000,505 | ---- | M] () -- C:\WINDOWS\QT2032.INI
[2010.06.23 16:39:04 | 000,000,523 | ---- | M] () -- C:\WINDOWS\TOPKEY.INI
[2010.06.23 16:30:41 | 000,000,962 | ---- | M] () -- C:\WINDOWS\WINMOT.INI
[2010.06.23 16:08:23 | 000,000,325 | ---- | M] () -- C:\WINDOWS\TEXTWARE.INI
[2010.06.23 16:06:48 | 000,000,073 | ---- | M] () -- C:\WINDOWS\Viewer.ini
[2010.06.18 20:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll
[2010.06.18 20:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010.06.18 16:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.06.17 17:03:00 | 000,080,384 | ---- | M] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll
[2010.06.15 19:17:24 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax
[2010.06.15 16:59:43 | 000,000,246 | ---- | M] () -- C:\WINDOWS\PR1V2.INI
[2010.06.14 17:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.06.14 10:41:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010.06.09 10:43:36 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010.06.07 16:25:23 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\M\Application Data\Microsoft\Internet Explorer\Quick Launch\XPS Viewer EP.lnk
[2010.06.07 16:25:23 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XPS Viewer EP.lnk
[2010.05.11 22:36:40 | 001,254,728 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\ooscrsav.scr
[2010.05.11 22:35:44 | 000,200,008 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodbs.exe
[2010.05.11 22:31:26 | 000,546,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodssrs.dll
[2010.05.11 22:31:02 | 000,010,056 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodbsrs.dll
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 05:25:02 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010.04.28 05:25:02 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010.04.27 16:59:13 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.04.27 16:05:00 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010.04.27 16:05:00 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010.04.27 16:05:00 | 002,024,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.04.22 20:46:36 | 022,332,621 | ---- | M] () -- C:\Documents and Settings\M\Desktop\huuto-kiinnostavia-b.rtf
[2010.04.19 01:20:12 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\M\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 2009 Advanced.lnk
[2010.04.19 01:20:12 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 2009 Advanced.lnk
[2010.04.19 01:19:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Go to WWW.THE-PAGE.COM.lnk
[2010.04.19 01:08:48 | 000,002,244 | ---- | M] () -- C:\Documents and Settings\M\Desktop\Nero 9 StartSmart.lnk
[2010.04.16 18:36:56 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2010.04.06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVCore.dll
[2010.04.06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll
[2010.03.30 12:24:40 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sdecd.dll
[2010.03.30 12:24:40 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll
[2010.03.30 00:52:26 | 000,262,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4ds32.ax
[2010.03.30 00:52:26 | 000,262,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2010.03.18 16:47:22 | 000,017,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\aspnet_counters.dll
[2010.03.18 13:16:28 | 000,771,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100_clr0400.dll
[2010.03.18 13:16:28 | 000,486,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\evr.dll
[2010.03.18 13:16:28 | 000,070,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxva2.dll
[2010.03.18 10:09:00 | 000,295,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010.03.18 10:09:00 | 000,099,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010.03.18 10:09:00 | 000,049,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2010.03.17 21:47:42 | 022,320,721 | ---- | M] () -- C:\Documents and Settings\M\Desktop\huuto-kiinnostavia.rtf
[2010.03.10 09:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010.03.10 09:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010.03.05 17:37:40 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2010.03.05 17:37:40 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asycfilt.dll
[2010.02.24 16:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.02.19 12:15:09 | 007,996,862 | ---- | M] () -- D:\T_Data\PCmag_DVD_B.rtf
[2010.02.19 12:12:02 | 005,710,087 | ---- | M] () -- D:\T_Data\PCmag_DVD.rtf
[2010.02.18 17:00:17 | 000,381,539 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100704-182626.backup
[2010.02.18 15:28:57 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.02.18 15:28:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.02.18 15:28:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.02.18 15:28:57 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.02.18 15:28:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010.02.12 13:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.02.12 07:33:11 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010.02.11 15:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010.02.11 15:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010.02.05 21:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010.01.29 17:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm
[2010.01.14 12:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.01.13 17:01:25 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2009.12.24 09:59:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2009.12.23 17:36:59 | 000,591,831 | ---- | M] () -- D:\T_Data\Merry Christmas from the Air Transport Department_amd.pptx
[2009.12.23 17:16:00 | 000,591,837 | ---- | M] () -- D:\T_Data\Merry Christmas from the Air Transport Department.pptx
[2009.12.19 20:31:06 | 000,367,851 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100218-160016.backup
[2009.12.17 12:10:11 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\M\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk.disabled
[2009.12.17 12:07:06 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009.12.16 21:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009.12.16 21:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009.12.15 21:25:34 | 000,001,543 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009.12.14 10:08:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009.12.14 10:08:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009.12.09 08:53:44 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009.12.09 08:53:44 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009.12.08 12:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009.12.02 15:11:44 | 000,362,921 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091219-193106.backup
[2009.12.02 14:59:07 | 000,020,832 | ---- | M] () -- C:\Documents and Settings\M\UpdateLog.GDZ
[2009.11.27 20:11:44 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009.11.27 19:07:35 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009.11.27 19:07:35 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2009.11.27 19:07:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009.11.27 19:07:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2009.11.27 19:07:34 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009.11.27 19:07:34 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009.11.21 18:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009.11.11 00:08:24 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009.11.11 00:08:24 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009.11.02 14:29:42 | 000,019,456 | ---- | M] (TPMX Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PelMouse.SYS
[2009.11.01 16:37:48 | 000,175,347 | ---- | M] () -- C:\IbmEgath.XML
[2009.10.31 14:33:09 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\M\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2009.10.31 14:30:21 | 000,350,243 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091202-141143.backup
[2009.10.29 00:11:08 | 000,350,243 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-133021.backup
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.10.22 12:33:27 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.22 11:04:19 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010.10.21 19:58:27 | 000,000,414 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6E343878-F595-40A1-8B02-1DE751F77FE8}.job
[2010.10.20 17:43:11 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\gmer.exe
[2010.10.20 17:28:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\M\defogger_reenable
[2010.10.20 17:25:04 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\dds.scr
[2010.10.20 17:25:04 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\gmer.zip
[2010.10.20 17:25:04 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defogger.exe
[2010.10.15 01:00:47 | 2145,439,744 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.06 20:08:06 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.29 15:28:30 | 207,355,904 | ---- | C] () -- C:\Documents and Settings\M\Desktop\From8303_Atih2011Dd11.iso
[2010.09.28 16:15:19 | 000,001,070 | ---- | C] () -- C:\Documents and Settings\M\Desktop\Acronis OS Selector.lnk
[2010.09.28 16:15:19 | 000,000,962 | ---- | C] () -- C:\Acronis OS Selector.lnk
[2010.09.28 16:15:18 | 000,024,576 | RHS- | C] () -- C:\bootwiz.sys
[2010.09.08 11:04:21 | 000,002,931 | ---- | C] () -- D:\T_Data\Uusi_yritys_b_Log.xml
[2010.09.07 22:08:44 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Home.lnk
[2010.09.07 21:08:35 | 000,001,091 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis Online Backup.lnk
[2010.09.07 21:08:35 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 2011.lnk
[2010.08.22 18:51:07 | 000,382,658 | ---- | C] () -- C:\WINDOWS\Dscf0001_PineAveWest.jpg
[2010.08.22 18:50:55 | 003,932,214 | R--- | C] () -- C:\WINDOWS\MontRoyal-DSCF0001-small.BMP
[2010.08.22 18:50:55 | 003,932,214 | R--- | C] () -- C:\WINDOWS\MontRoyal-DSCF0001.bmp
[2010.08.22 18:50:55 | 002,211,894 | R--- | C] () -- C:\WINDOWS\MontRoyal-DSCF0001-new1-small.BMP
[2010.08.22 18:50:55 | 001,610,294 | R--- | C] () -- C:\WINDOWS\MontRoyal-3-DSCF0001.bmp
[2010.08.22 18:50:55 | 001,311,798 | ---- | C] () -- C:\WINDOWS\Pine_Avenue_Dscf0001b.bmp
[2010.08.22 18:50:55 | 000,921,654 | R--- | C] () -- C:\WINDOWS\MontRoyal-DSCF0001-small-small.BMP
[2010.08.22 18:50:54 | 002,211,894 | ---- | C] () -- C:\WINDOWS\MntRoyal.BMP
[2010.08.22 10:59:56 | 000,158,224 | ---- | C] () -- C:\WINDOWS\System32\oodbs.lor
[2010.08.21 12:18:12 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\O&O Defrag.lnk
[2010.06.07 16:25:23 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\M\Application Data\Microsoft\Internet Explorer\Quick Launch\XPS Viewer EP.lnk
[2010.06.07 16:25:23 | 000,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XPS Viewer EP.lnk
[2010.06.07 14:03:24 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.04.22 20:46:34 | 022,332,621 | ---- | C] () -- C:\Documents and Settings\M\Desktop\huuto-kiinnostavia-b.rtf
[2010.04.19 01:20:12 | 000,000,908 | ---- | C] () -- C:\Documents and Settings\M\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 2009 Advanced.lnk
[2010.04.19 01:20:12 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 2009 Advanced.lnk
[2010.04.19 01:19:58 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Go to WWW.THE-PAGE.COM.lnk
[2010.04.19 01:08:48 | 000,002,244 | ---- | C] () -- C:\Documents and Settings\M\Desktop\Nero 9 StartSmart.lnk
[2010.03.03 17:09:59 | 022,320,721 | ---- | C] () -- C:\Documents and Settings\M\Desktop\huuto-kiinnostavia.rtf
[2010.02.23 12:53:34 | 000,000,232 | ---- | C] () -- C:\WINDOWS\d.ini
[2010.02.19 12:13:41 | 007,996,862 | ---- | C] () -- D:\T_Data\PCmag_DVD_B.rtf
[2010.02.19 12:09:57 | 005,710,087 | ---- | C] () -- D:\T_Data\PCmag_DVD.rtf
[2010.02.18 15:55:55 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\M\Desktop\HijackThis.lnk
[2010.02.01 13:09:47 | 000,000,996 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.01 13:09:47 | 000,000,992 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009.12.23 17:36:58 | 000,591,831 | ---- | C] () -- D:\T_Data\Merry Christmas from the Air Transport Department_amd.pptx
[2009.12.23 17:16:00 | 000,591,837 | ---- | C] () -- D:\T_Data\Merry Christmas from the Air Transport Department.pptx
[2009.12.17 12:10:11 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\M\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk.disabled
[2009.12.17 12:07:06 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009.12.15 21:25:34 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009.11.04 18:11:42 | 000,001,015 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2009.09.13 11:13:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2009.08.21 12:30:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.08.20 15:10:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DATAINST.INI
[2009.08.11 14:33:15 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2009.08.11 14:33:15 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2009.08.09 20:01:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.06.19 12:15:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.06.16 20:45:33 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009.06.15 18:55:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008.09.03 09:48:49 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.07.17 16:11:54 | 000,000,327 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008.04.12 16:53:41 | 000,000,279 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2008.04.06 18:05:56 | 000,000,073 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008.04.04 22:24:31 | 000,000,523 | ---- | C] () -- C:\WINDOWS\TOPKEY.INI
[2008.04.04 21:56:28 | 000,000,448 | ---- | C] () -- C:\WINDOWS\ets_ut.ini
[2008.04.02 14:38:04 | 000,000,246 | ---- | C] () -- C:\WINDOWS\PR1V2.INI
[2008.04.01 20:43:16 | 000,001,030 | ---- | C] () -- C:\WINDOWS\Wordfind.ini
[2008.04.01 19:24:27 | 000,000,325 | ---- | C] () -- C:\WINDOWS\TEXTWARE.INI
[2008.04.01 19:15:41 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System32\Setupkit.dll
[2008.04.01 19:06:59 | 000,000,505 | ---- | C] () -- C:\WINDOWS\QT2032.INI
[2008.03.31 21:26:27 | 000,000,096 | ---- | C] () -- C:\WINDOWS\D2HNAV.INI
[2008.03.31 21:17:51 | 000,000,962 | ---- | C] () -- C:\WINDOWS\WINMOT.INI
[2008.03.30 01:37:17 | 000,043,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsRamDsk.sys
[2008.03.30 01:30:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\RDrv2KInterface.dll
[2008.03.30 01:30:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RDrvNTInterface.dll
[2008.03.30 01:30:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RDrv9xInterface.dll
[2008.03.30 01:30:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RDrvInterface.dll
[2008.03.21 22:25:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008.03.21 22:02:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.03.20 20:06:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.03.20 20:02:59 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\M\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.01 18:57:53 | 000,007,291 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.01.29 04:07:54 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.01.29 03:50:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.01.29 03:43:19 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.01.29 03:42:57 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2008.01.29 03:42:57 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2008.01.29 03:42:57 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini
[2008.01.29 03:42:08 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2008.01.29 03:36:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007.09.27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006.09.18 15:20:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2006.09.18 15:20:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2006.09.18 15:20:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2006.08.07 19:03:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2005.05.12 18:15:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\M\Application Data\downloads.m3u
[2005.05.12 18:11:59 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\M\Application Data\default.rss
[2005.05.12 17:08:34 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2003.03.02 16:00:00 | 000,000,966 | ---- | C] () -- C:\WINDOWS\SK2004LE.INI
[2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.09.24 00:45:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002.09.24 00:25:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002.03.26 20:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2002.02.06 20:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2001.06.08 14:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini
[2001.06.05 15:42:58 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[1999.07.23 20:40:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Dvc.dll
[1980.01.01 11:00:00 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll

< End of report >


=========================================
=========================================
=========================================
=========================================
=========================================

OTL Extras logfile created on: 22.10.2010 13:42:05 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\All Users\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Finland | Language: FIN | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147,02 Gb Total Space | 112,21 Gb Free Space | 76,32% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 78,89 Gb Free Space | 52,93% Space Free | Partition Type: NTFS

Computer Name: IBM-C5ABD0B1A94 | User Name: M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Prg\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3114318073-4207044864-2010873985-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Prg\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Prg\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Prg\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Prg\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Prg\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Support.com\bin\tgcmd.exe" = C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher -- File not found
"C:\Prg\totalcmd\TOTALCMD.EXE" = C:\Prg\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (Ghisler Software GmbH)
"C:\Program\Laplink\PCmover\PCmover.exe" = C:\Program\Laplink\PCmover\PCmover.exe:*:Enabled:PCmover -- File not found
"C:\Program1\Laplink\PCmover\PCmover.exe" = C:\Program1\Laplink\PCmover\PCmover.exe:*:Enabled:PCmover -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\ServicePackFiles\i386\tcptest.exe" = C:\WINDOWS\ServicePackFiles\i386\tcptest.exe:*:Enabled:Microsoft FrontPage TCP/IP Tester -- (Microsoft Corporation)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Documents and Settings\M\Local Settings\Temp\Nero Web\SetupXu.exe" = C:\Documents and Settings\M\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- File not found
"C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe" = C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe:*:Enabled:Microsoft FrontPage TCP/IP Tester -- (Microsoft Corporation)
"K:\SERVER\APACHE\BIN\APACHE.EXE" = K:\SERVER\APACHE\BIN\APACHE.EXE:*:Enabled:Apache HTTP Server -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{02086033-2913-4D0F-BA3A-9EAAF7ACE3F5}" = Solid PDF Tools
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{26a53542-05e5-4e94-aeb7-dc62f9bdcc52}" = Nero 9
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86F955C3-7995-4712-897E-A699CD1F38E3}" = Roxio VideoWave 5 Power Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A5509EE-5579-46C1-B566-5065545547F9}" = Media Add-ons for Acronis True Image Home 2011
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis Disk Director Home
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A8D5650D-3214-4AAA-B6FD-B195F7509506}" = WSOY Elektroninen sanakirja 5.0
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AED7800A-58D3-11D5-8BCB-000629F4243D}" = Access IBM
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE7CD87D-BC9E-4350-9A8E-2EF4A65A2437}" = OpenOffice.org 3.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D4830EE9-E795-4CCA-AA7A-612A4E565977}" = SnapAPI
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional
"{EEE22184-B53C-4B87-9F5B-53638160B966}" = VirtualDrive Pro
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = eXPert PDF 6
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2009 Advanced_is1" = Ashampoo Burning Studio 2009 Advanced
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"DIA 2000" = DIA 2000
"EuroTranslator Academic" = EuroTranslator Academic
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IE7-MUI" = Windows Internet Explorer 7 Multilingual User Interface (MUI)
"ie8" = Windows Internet Explorer 8
"Intense Language Office" = Intense Language Office
"IrfanView" = IrfanView (remove only)
"Kielitoimiston sanakirja" = Kielitoimiston sanakirja
"Le Petit Robert" = Désinstaller Le Petit Robert de la langue française
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MouseSuite98" = Lenovo Mouse Suite
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetAlyzer_is1" = NetAlyzer 0.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor" = Uninstall PC-Doctor
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PROSet" = Intel® Network Connections Drivers
"Random House Webster's Unabridged Dictionary" = Random House Webster's Unabridged Dictionary
"Shockwave" = Shockwave
"ST5UNST #1" = Quick Translator 2000
"ST6UNST #1" = Euroword Giga
"Svensk ordbok" = Svensk ordbok
"TheSage" = TheSage
"Totalcmd" = Total Commander (Remove or Repair)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordFinder" = WordFinder
"WordFinder Language Suite" = WordFinder Language Suite
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEP" = XPS Essentials Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13.10.2010 8:38:50 | Computer Name = IBM-C5ABD0B1A94 | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 13.10.2010 8:38:50 | Computer Name = IBM-C5ABD0B1A94 | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 13.10.2010 11:40:34 | Computer Name = IBM-C5ABD0B1A94 | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 20.10.2010 17:14:00 | Computer Name = IBM-C5ABD0B1A94 | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15477, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20.10.2010 17:16:52 | Computer Name = IBM-C5ABD0B1A94 | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15477, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20.10.2010 17:18:27 | Computer Name = IBM-C5ABD0B1A94 | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15477, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 21.10.2010 0:03:36 | Computer Name = IBM-C5ABD0B1A94 | Source = eXPert PDF | ID = 3299
Description =

Error - 21.10.2010 0:03:47 | Computer Name = IBM-C5ABD0B1A94 | Source = eXPert PDF | ID = 3299
Description =

Error - 22.10.2010 3:54:54 | Computer Name = IBM-C5ABD0B1A94 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\M\RECENT\ASENNUSTIETOJA_3.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 22.10.2010 3:54:54 | Computer Name = IBM-C5ABD0B1A94 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\M\RECENT\ASENNUSTIETOJA_3.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 14.10.2010 8:02:54 | Computer Name = IBM-C5ABD0B1A94 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 14.10.2010 13:52:42 | Computer Name = IBM-C5ABD0B1A94 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 14.10.2010 13:52:42 | Computer Name = IBM-C5ABD0B1A94 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 14.10.2010 14:02:02 | Computer Name = IBM-C5ABD0B1A94 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 14.10.2010 16:56:52 | Computer Name = IBM-C5ABD0B1A94 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 14.10.2010 16:58:10 | Computer Name = IBM-C5ABD0B1A94 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi Fips intelppm

Error - 14.10.2010 17:56:01 | Computer Name = IBM-C5ABD0B1A94 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 14.10.2010 17:56:42 | Computer Name = IBM-C5ABD0B1A94 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 14.10.2010 18:00:12 | Computer Name = IBM-C5ABD0B1A94 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21.10.2010 4:50:46 | Computer Name = IBM-C5ABD0B1A94 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 82.181.183.234
on the Network Card with network address 00096BE7E9B7.


< End of report >

==========================
==========================
==========================
==========================
==========================
==========================


Thanks again

mli41

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 PM

Posted 23 October 2010 - 01:29 PM

Hello again,

Are you experiencing any problems currently? Is it just the slowness?

Run Script with OTL

  • Please reopen Posted Image on your desktop.If you are using Vista, please right-click and select run as administrator
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\M\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys -- (F-Secure Standalone Minifilter)
    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O33 - MountPoints2\{1257f947-ecde-11de-9e85-00096be7e9b7}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found
    O33 - MountPoints2\{26291502-ef24-11de-9e88-00096be7e9b7}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found
    O33 - MountPoints2\{9ebd6bd6-2ae2-11df-9ef1-00096be7e9b7}\Shell\Shell00\Command - "" = G:\Start.exe -- File not found
    O33 - MountPoints2\{9ebd6bdc-2ae2-11df-9ef1-00096be7e9b7}\Shell\Shell00\Command - "" = G:\Start.exe -- File not found
    O33 - MountPoints2\{9ebd6be0-2ae2-11df-9ef1-00096be7e9b7}\Shell\Shell00\Command - "" = G:\Start.exe -- File not found
    :commands
    [EmptyTemp]
    [Reboot]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

You have Spybot installed, I don't recommend it especially if you have tea-timer enabled which uses extra resources perhaps causing some slowness but not only that any security programs that run in the background could cause slowness due to the amount of resources they use -which is normal. However, if you don't need it, I suggest you uninstall it.

Other than that, there's not too much.

Update your Java:

Update Java to Version 6 Update 21

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt Users
Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

As for general slowness, perhaps you can take a look >>here<< and try some of the steps mentioned if it helps at all.

Besides that any other problems?

Let me know.

With Regards,
Extremeboy

Edited by extremeboy, 23 October 2010 - 01:30 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 mli41

mli41
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 24 October 2010 - 09:37 AM

Hi Extremeboy,

I can't resist the temptation to refer (comparingly) to some earlier cases when I send query to Microsoft Windows support service. In one case, I was 100% sure that Win Upd (and which one) caused a lot of problems in this very same computer we have now discussed. I had another unit with exactly same installation (Acronis image) and made Win updates, a week or ten days later, but the the suspected update was no more offered. Naturally, I didn't get any advise.

(Finally, I restored my completely "destroyed" unit to an earlier date configuration; luckily that functions worked.) In two other occasions (or may be three), I got not really guidance, but rather some tips which guided me to find solutions by myself. I had a feeling that the "advisor" didn't really know what he was "advising". Especially, he omitted my comments and gave essentially same instructions even though I had said that certain files, which he had mentioned before, do not exist in my computer.

Now instead, I have had the feeling that my computer has been on your caring hands all the time.



You suggest me to uninstall Spybot, especially if tea-timer is enabled, and if I don't need it.
I don't know if I need, but I have used some of its functions as I mentioned earlier, like:


a/ prevent certain programs to start at boot time - at least those I think are not necessary to run all the time, naturally they may still be others which could be belong to this category even though I don't know - in many cases it also gives some information of the necessity to allow starting of those programs which are in the start-up list (referring to source: Paul Collins Startup list) - unfortunately, there are still some which I am unsure, and that why I can't stop them. And they are some which always "find their means" to start even though I marked them not to start


b/ it makes a survey on "system internals" which I have used some times - but I feel that CCleaner is doing about the same in this respect

c/ I use the immunize-function which, I believe, means "writing" some kind of prevention list for IE and Firefox to identify "dangerous intruders". Naturally, I understand that a browser is slower when "looking and comparing" such a list when receiving something. I don't know if such an immunization list is necessary or useful or not - I have only had a feeling it is good to use.


Spybot has a lot of functions which I don't understand or use. So, I don't know if I need it, may be those usages I have used are not needed at all or can be replaced by something else. Already for some time, the teatimer is unenabled (by using Spybot's control on programs start-up/no-start at boot time).
So, do you have some views on those functions I use Spybot for? Are they useful to use - if they are, are there any other means to achieve same results?

Also, I updated Java.


Concerning OTL-report (see below): Because I had uninstalled F-Secure, I saw a curious line just in the beginning of the report:
Service F-Secure Standalone Minifilter stopped successfully!
Is F-Secure now totally and definitively out after killing that Minifilter?
Those Explorer lines didn't influence in IE - when running Spybot immunization same abnormality exists as presented in the attachment of my previous report. My feeling is now that this lack of "Spybot protection" is the only shortage of normal functioning of a normal computer using normal speed, what ever normal may mean. But I will wait your view on Spybot before uninstalling or replacing it.


Is it time to run Defogger again?

Thank you very much


mli41




=========================================
=========================================
=========================================
=========================================


All processes killed
========== OTL ==========
Service F-Secure Standalone Minifilter stopped successfully!
Service F-Secure Standalone Minifilter deleted successfully!
File C:\DOCUME~1\M\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}\ deleted

successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259F616C-A300-44F5-B04A-ED001A26C85C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted

successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1257f947-ecde-11de-9e85-00096be7e9b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1257f947-ecde-11de-9e85-00096be7e9b7}\ not found.
File E:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26291502-ef24-11de-9e88-00096be7e9b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26291502-ef24-11de-9e88-00096be7e9b7}\ not found.
File E:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ebd6bd6-2ae2-11df-9ef1-00096be7e9b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ebd6bd6-2ae2-11df-9ef1-00096be7e9b7}\ not found.
File G:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ebd6bdc-2ae2-11df-9ef1-00096be7e9b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ebd6bdc-2ae2-11df-9ef1-00096be7e9b7}\ not found.
File G:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ebd6be0-2ae2-11df-9ef1-00096be7e9b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ebd6be0-2ae2-11df-9ef1-00096be7e9b7}\ not found.
File G:\Start.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 314350 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 26526721 bytes

User: M
->Temp folder emptied: 14997352 bytes
->Temporary Internet Files folder emptied: 6868539 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41178400 bytes
->Flash cache emptied: 3040 bytes

User: NetworkService
->Temp folder emptied: 505132 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 1192465 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14716322 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 125149769 bytes

Total Files Cleaned = 221,00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10242010_020101

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

=========================================

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 PM

Posted 24 October 2010 - 01:03 PM

Hello.

I'll explain some of the features of Sybot in details next post. As of now, you can keep it until I give you some additional information on that.

Is F-Secure now totally and definitively out after killing that Minifilter?

That was just an orphaned entry with no associated file and the driver was in a temp file which could be removed. No need to worry about that, it is removed.

As your Windows is XP, I did have some problems previously after an updated from Windows on another computer. Similar to slowness involving a certain process. However, it was resolved later on (by itself).

As of now I don't see anything left on your machine.

I would advise you to do an online scan:

Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.

and I will take another look at your machine:

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 mli41

mli41
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 25 October 2010 - 09:15 AM

Hello Extremeboy,

Thank you, I received both of your messages, but I had to do something else in the meantime.

I made ESET OnlineScan twice, because I started first run without marking archives.
It was a bit unclear to me, if you wanted to see the result, but here they are.

a/ first run:
C:\WINDOWS\system32\logonui(2).exe Win32/Virut.NBP virus cleaned - quarantined
D:\T_Data\__SW\Softa\Nero\090717_tarjous\Nero-9.4.13.2d.exe Win32/Toolbar.AskSBar application deleted - quarantined

b/ second run:
C:\System Volume Information\_restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP872\A0269820.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\system32\1C7B________!!!!!!.zip multiple threats deleted - quarantined

It is surprising that still so many threats were findable.

I plan to use my test unit for running ESET to check my USB drives also - such runs may take some time.

Concerning the status of my computer, the Spybot immunizing has still the same deficience as before, but probably does not matter if you are planning to advise an alternative avenue for me.

Thanks again

mli41



=====================================
=====================================
=====================================
=====================================


DDS (Ver_10-10-10.03) - NTFSx86
Run by M at 11:00:14,70 on ma 25.10.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1313 [GMT 3:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Prg\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Prg\OO Software\Defrag\oodag.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Installer\MSI2236.tmp
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
C:\Prg\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Prg\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Prg\Java\jre6\bin\jqs.exe
C:\Prg\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\prg\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\prg\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\prg\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Daemon for Mouse Suite] c:\program files\lenovo\lenovo mouse suite\ICO.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\prg\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\documents and settings\m\start menu\programs\startup\OpenOffice.org 3.1.lnk.disabled
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\prg\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\prg\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202030359553
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206809203437
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxps://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\1gw8gbkw.default\
FF - component: c:\documents and settings\m\application

data\mozilla\firefox\profiles\1gw8gbkw.default\extensions\fi@dictionaries.addons.mozilla.org\platform\winnt_x86-msvc\components\mozvoikko.dll
FF - plugin: c:\prg\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\prg\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\prg\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\prg\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\prg\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\prg\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2010-9-7 752128]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-22 165584]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-9-7 3975088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-22 17744]
R2 avast! Antivirus;avast! Antivirus;c:\prg\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-13 55152]
R2 OODefragAgent;O&O Defrag Agent;c:\prg\oo software\defrag\oodag.exe [2010-5-11 1619272]
R2 OS Selector;Acronis OS Selector activator;c:\prg\acronis\diskdirector\oss\reinstall_svc.exe [2010-5-25 2139536]
R2 SPDFToolsReadSpool;SolidPDFToolsCreatorReadSpool;c:\windows\installer\MSI2236.tmp [2009-11-25 189760]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-9-7 163232]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\prg\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\prg\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R3 pelps2m;PS/2 Mouse Filter Driver;c:\windows\system32\drivers\PelPs2m.sys [2010-9-22 19818]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google-päivityspalvelu (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 ESSIDSET;ESSIDSET;c:\windows\system32\ESSIDSET.SYS [2009-11-23 9248]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2009-11-4 6016]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-20 29744]
S3 PCDRDRV;Pcdr CPU Helper Driver;c:\windows\system32\drivers\pcdrdrv.sys --> c:\windows\system32\drivers\PCDRDRV.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1980-1-1 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]

=============== Created Last 30 ================

2010-10-24 21:39:23 -------- d-----w- c:\program files\ESET
2010-10-24 13:42:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-24 10:50:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-23 23:01:01 -------- d-----w- C:\_OTL
2010-10-22 09:34:41 -------- d-----w- c:\docume~1\m\applic~1\Malwarebytes
2010-10-22 09:33:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-22 09:33:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-22 09:33:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-22 09:33:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-22 08:03:58 38848 ----a-w- c:\windows\avastSS.scr
2010-10-15 16:27:30 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-14 10:02:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-28 13:15:18 24576 --sh--r- C:\bootwiz.sys
2010-09-28 13:15:18 -------- d-sh--r- C:\BOOTWIZ

==================== Find3M ====================

2010-09-18 09:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ------w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-12 09:27:38 226656 ----a-w- c:\windows\system32\snapapi.dll

============= FINISH: 11:01:40,62 ===============








=====================================
=====================================
=====================================
=====================================




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 29.1.2008 3:02:17
System Uptime: 24.10.2010 21:49:33 (14 hours ago)

Motherboard: IBM | | IBM
Processor: Intel® Pentium® 4 CPU 2.66GHz | WMT478/NWD | 2657/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 110,85 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 79,199 GiB free.
K: is CDROM ()
O: is CDROM ()
P: is CDROM ()
Q: is CDROM ()
R: is CDROM ()
S: is CDROM ()
T: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP798: 18.8.2010 14:43:32 - System Checkpoint
RP799: 19.8.2010 15:58:42 - System Checkpoint
RP800: 19.8.2010 19:44:49 - Removed HP USB Disk Storage Format Tool
RP801: 19.8.2010 19:46:15 - Removed VERITAS Update Manager
RP802: 19.8.2010 19:47:14 - Removed IBM Simple Backup
RP803: 19.8.2010 19:56:27 - Removed Nero 7 Essentials
RP804: 19.8.2010 21:27:06 - Miksi restore point ovat hävinneet
RP805: 20.8.2010 23:17:20 - System Checkpoint
RP806: 21.8.2010 12:18:03 - Installed O&O Defrag Professional.
RP807: 22.8.2010 12:29:09 - System Checkpoint
RP808: 23.8.2010 16:28:18 - System Checkpoint
RP809: 24.8.2010 19:33:21 - System Checkpoint
RP810: 25.8.2010 20:25:54 - System Checkpoint
RP811: 26.8.2010 21:34:39 - System Checkpoint
RP812: 27.8.2010 22:42:37 - System Checkpoint
RP813: 28.8.2010 23:30:39 - System Checkpoint
RP814: 30.8.2010 11:39:56 - System Checkpoint
RP815: 31.8.2010 21:15:28 - System Checkpoint
RP816: 1.9.2010 21:32:42 - System Checkpoint
RP817: 2.9.2010 22:10:07 - System Checkpoint
RP818: 3.9.2010 22:15:10 - System Checkpoint
RP819: 4.9.2010 10:10:39 - Software Distribution Service 3.0
RP820: 5.9.2010 19:10:54 - System Checkpoint
RP821: 6.9.2010 19:59:41 - System Checkpoint
RP822: 7.9.2010 19:21:24 - Removed Acronis True Image Home
RP823: 7.9.2010 21:07:49 - Installed Acronis True Image Home 2011
RP824: 7.9.2010 21:51:01 - Installed Media Add-ons for Acronis True Image Home 2011
RP825: 7.9.2010 22:08:14 - Installed Acronis Disk Director Home
RP826: 8.9.2010 22:22:10 - System Checkpoint
RP827: 10.9.2010 18:35:14 - System Checkpoint
RP828: 11.9.2010 19:47:13 - System Checkpoint
RP829: 12.9.2010 21:04:36 - System Checkpoint
RP830: 13.9.2010 21:41:04 - System Checkpoint
RP831: 15.9.2010 16:34:58 - System Checkpoint
RP832: 16.9.2010 23:13:41 - Software Distribution Service 3.0
RP833: 18.9.2010 12:30:50 - System Checkpoint
RP834: 19.9.2010 13:04:44 - System Checkpoint
RP835: 20.9.2010 13:16:33 - System Checkpoint
RP836: 21.9.2010 13:40:42 - System Checkpoint
RP837: 22.9.2010 18:36:45 - System Checkpoint
RP838: 24.9.2010 12:16:04 - System Checkpoint
RP839: 25.9.2010 13:18:31 - System Checkpoint
RP840: 26.9.2010 14:26:04 - System Checkpoint
RP841: 27.9.2010 14:30:13 - System Checkpoint
RP842: 28.9.2010 15:54:22 - System Checkpoint
RP843: 29.9.2010 16:23:28 - System Checkpoint
RP844: 1.10.2010 13:03:09 - System Checkpoint
RP845: 2.10.2010 20:53:29 - System Checkpoint
RP846: 3.10.2010 21:34:03 - System Checkpoint
RP847: 5.10.2010 21:16:42 - System Checkpoint
RP848: 6.10.2010 22:42:37 - System Checkpoint
RP849: 8.10.2010 17:11:22 - System Checkpoint
RP850: 9.10.2010 19:22:02 - System Checkpoint
RP851: 10.10.2010 21:09:25 - System Checkpoint
RP852: 11.10.2010 12:53:12 - Software Distribution Service 3.0
RP853: 12.10.2010 13:17:31 - System Checkpoint
RP854: 13.10.2010 18:40:10 - System Checkpoint
RP855: 14.10.2010 13:02:03 - avast! Free Antivirus Setup
RP856: 15.10.2010 13:19:36 - System Checkpoint
RP857: 15.10.2010 19:25:45 - Software Distribution Service 3.0
RP858: 17.10.2010 22:22:38 - System Checkpoint
RP859: 18.10.2010 22:31:27 - System Checkpoint
RP860: 20.10.2010 18:41:12 - System Checkpoint
RP861: 21.10.2010 20:49:37 - System Checkpoint
RP862: 22.10.2010 10:48:36 - avast! Free Antivirus Setup
RP863: 22.10.2010 11:03:50 - avast! Free Antivirus Setup
RP864: 23.10.2010 11:06:40 - System Checkpoint
RP865: 24.10.2010 12:35:11 - System Checkpoint
RP866: 24.10.2010 13:48:08 - Installed Java™ SE Development Kit 6 Update 22
RP867: 24.10.2010 13:50:01 - Removed Java™ 6 Update 18
RP868: 24.10.2010 13:50:39 - Installed Java™ 6 Update 22
RP869: 24.10.2010 16:03:52 - Removed Java™ SE Development Kit 6 Update 22
RP870: 24.10.2010 16:07:11 - Removed Java™ 6 Update 22
RP871: 24.10.2010 16:08:30 - Removed Java DB 10.5.3.0
RP872: 24.10.2010 16:42:30 - Installed Java™ 6 Update 22

==== Installed Programs ======================

Access IBM
Acronis Disk Director Home
Acronis True Image Home 2011
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Advertising Center
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 2009 Advanced
avast! Free Antivirus
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DIA 2000
DolbyFiles
Désinstaller Le Petit Robert de la langue française
ESET Online Scanner v3
EuroTranslator Academic
Euroword Giga
EVEREST Home Edition v1.51
eXPert PDF 6
FileAlyzer
FirstClass® Client
Google Desktop
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942766-v6)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB971276-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
IBM Rapid Restore PC Setup
ImagXpress
Intel® Extreme Graphics Driver
Intel® Network Connections Drivers
Intel® PROSet II
Intense Language Office
InterVideo WinDVD
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java™ 6 Update 22
Junk Mail filter update
Kielitoimiston sanakirja
Lenovo Mouse Suite
LightScribe System Software
LizardTech DjVu Control
Malwarebytes' Anti-Malware
Media Add-ons for Acronis True Image Home 2011
Menu Templates - Starter Kit
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Proofing Tools
Microsoft Office Access 2003
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Movie Templates - Starter Kit
Mozilla Firefox (3.6.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero WaveEditor
Nero Vision
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
NetAlyzer 0.3
O&O Defrag Professional
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
PC-Doctor 5 for Windows
PCI SoftV92 Modem
Quick Translator 2000
QuickTime
Random House Webster's Unabridged Dictionary
RegAlyzer
Roxio VideoWave 5 Power Edition
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shockwave
SnapAPI
Solid PDF Tools
SoundMAX
SoundTrax
Spybot - Search & Destroy
Svensk ordbok
System Update
TheSage
Total Commander (Remove or Repair)
Uninstall PC-Doctor
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 7 Multilingual User Interface (MUI)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell™ 1.0 MUI pack
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinZip
VirtualDrive Pro
WordFinder
WordFinder Language Suite
WSOY Elektroninen sanakirja 5.0
XML Paper Specification Shared Components Pack 1.0
XPS Essentials Pack
XPS Essentials Pack 1.0

==== Event Viewer Messages From Past Week ========

24.10.2010 2:01:04, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1

time(s).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The SolidPDFToolsCreatorReadSpool service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The Acronis OS Selector activator service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:03, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:03, error: Service Control Manager [7034] - The O&O Defrag Agent service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done

this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7034] - The Intel® NMS service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7034] - The Acronis Nonstop Backup service service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7031] - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s).

The following corrective action will be taken in 500 milliseconds: Restart the service.

==== End Of File ===========================

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 PM

Posted 25 October 2010 - 08:03 PM

Hi Mli41,

Very busy the last couple of days, please give me some time to formulate a response on your spybot query.

Things are looking good in terms of the logs you have posted.

The threats ESET detected does not pose a major risk to your machine except the first file which was detected as an infection that I don't believe is on your machine. The other two was simply an adware and a system restore point which are no active threat. The last one is a zip, that I have not seen in your machine but as long as ESET removed it, that is good.

As for Spybot, you can leave it as is and if you wish to continue with the ESET scan on your USB feel free to and let me know the results.

I suggest you run this quick tool to help prevent future autorun.inf worms. Please note that however, this won't help prevent ALL infections through USB drives.

Download and Run FlashDisinfector

  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Despite that deficiency of the Spybot how's everything else working?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 mli41

mli41
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 26 October 2010 - 02:35 PM

Hello Extremeboy,

I have prepared the other unit for USB tests.
Therefore, I saved our correspondence from Firefox on HD of the other unit.
And, I observed the same difficulty as I mentioned before concerning the installatation and/or settings of Firefox in the unit we have been discussing:
Firefox is not cabable to open the file it saved. On the left hand low edge, it is information: stopped.

This is not really a part of my original query on slowness, and may be I can find something on settings, but certainly I don't say no if say that you are willing to give a hint for what to do.

Otherwise, I am very happy, in fact extremely happy for you guidance and the results. And the time you used for giving relief of my problem with the slow computer.

I will inform you about USB test, but it will take quite a lot of time because they are several and they are big ones.

Thanks again

mli41

#12 mli41

mli41
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 30 October 2010 - 05:11 AM

Hi Extremeboy,

Did you receive this post before or didn't I press POST button?
In any case ehre is my latest report (possibly again).

I have run ESET on my main archive USBs (each 250 MB). My goal is to have two parallel archives, but for time being they are not yet completely "syncronized" - if ever.

I had to break ESET that is the reason for the second run.

Even though most are exe-files in the list below, there are some data (Word) files, which are very old.

I have some other "collections" to be surveyed to find out if there are still some which are not yet on the "main archive".

Thank you once again.

mli41





1st run:
=========================================

E:\__Henk\Data\MLi\m300-399\M322MG-3.VOC W97M/Cap virus cleaned - quarantined
E:\__Henk\Opiskelu\Kielet\En\TheSage_SequencePublishing3\reference.exe a variant of Win32/Adware.Comet.AC application deleted - quarantined
E:\__HW\IBM\IBM2648-1U6_T23\Info\T23_inst\Repair Registry Pro.exe_see_reports._exe_ probably a variant of Win32/TrojanDownloader.Agent.FIUEHQW trojan deleted - quarantined
E:\__HW\IBM\IBM6790-21G\TempInst\Nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application deleted - quarantined
E:\__SW\Softa\HardDiskImage\dvdbx25.exe multiple threats deleted - quarantined
E:\__SW\Softa\Nero\090717_tarjous\Nero-9.4.13.2d.exe Win32/Toolbar.AskSBar application deleted - quarantined
E:\__SW\Softa\Nero\NeroUltra_upd\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application deleted - quarantined
E:\__SW\Softa\Outlook_Thread_Compressor\hotbar.exe a variant of Win32/Adware.HotBar application cleaned by deleting - quarantined


2nd run
=============

E:\__SW\Softa\RegistryCleaner\Quad_cleaner\QUAD_Registry_Cleaner_Installer.exe a variant of Win32/Adware.QUADRegClean application cleaned by deleting - quarantined
E:\__SW\Softa\RepairRegistryPro\Repair Registry Pro.exe probably a variant of Win32/TrojanDownloader.Agent.FIUEHQW trojan deleted - quarantined
F:\DT_Keräilyt___!!!!!!!!!!\SER-Programs-01_ks_P01\HardWare\CD-burners\Clone\SetupCloneCD.exe probably a variant of Win32/IRCBot.MXRTQEV trojan cleaned by deleting - quarantined
F:\DT_Keräilyt___!!!!!!!!!!\SER-ZIP\DOS29.LZH WM/CAP.A virus deleted - quarantined
F:\DT_Keräilyt___!!!!!!!!!!\SER-ZIP\DOS29.ZIP WM/CAP.A virus deleted - quarantined
F:\__Henk\Data\MLi\m300-399\M322MG-3.VOC W97M/Cap virus cleaned - quarantined
F:\__Henk\Opiskelu\Kielet\En\TheSage_SequencePublishing3\reference.exe a variant of Win32/Adware.Comet.AC application deleted - quarantined
F:\__HW\IBM\IBM2648-1U6_T23\Info\T23_inst\Repair Registry Pro.exe_see_reports._exe_ probably a variant of Win32/TrojanDownloader.Agent.FIUEHQW trojan deleted - quarantined
F:\__HW\IBM\IBM6790-21G\TempInst\Nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application deleted - quarantined
F:\__InfPr\PCFormat\2004_Dec\SoftwareFocus\Toolkit\Free - OpenSource\burn4free\burn4free_setup.exe multiple threats deleted - quarantined
F:\__InfPr\PCFormat\2004_Dec\SoftwareFocus\Toolkit\Free - OpenSource\FreeRIP MP3\freeripmp4.exe a variant of Win32/AdInstaller application deleted - quarantined
F:\__InfPr\PCFormat\2004_Dec\SoftwareFocus\Toolkit\Free - OpenSource\Rosoft Audio Recorder\RosoftAudioToolsFree.exe multiple threats deleted - quarantined
F:\__SW\Softa\HardDiskImage\dvdbx25.exe multiple threats deleted - quarantined
F:\__SW\Softa\Nero\090717_tarjous\Nero-9.4.13.2d.exe Win32/Toolbar.AskSBar application deleted - quarantined
F:\__SW\Softa\Nero\NeroUltra_upd\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application deleted - quarantined
F:\__SW\Softa\Outlook_Thread_Compressor\hotbar.exe a variant of Win32/Adware.HotBar application cleaned by deleting - quarantined
F:\__SW\Softa\RegistryCleaner\Quad_cleaner\QUAD_Registry_Cleaner_Installer.exe a variant of Win32/Adware.QUADRegClean application cleaned by deleting - quarantined
F:\__SW\Softa\RepairRegistryPro\Repair Registry Pro.exe probably a variant of Win32/TrojanDownloader.Agent.FIUEHQW trojan deleted - quarantined

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 PM

Posted 30 October 2010 - 05:52 PM

Hello again,

Sorry about the delay. I did hear your response but was waiting on your udpate so didn't response yet.

As for the USB scan you did, most of what was detected seems adware with a few specific infections. ESET seems to have successfully removed it however.

---
It's time for us to do some maitenance and remove some unncessary things as well as talk about some of the things you previously mentioned about.

Even though most are exe-files in the list below, there are some data (Word) files, which are very old.

Some word/data files may be of caught due to the heursitc scanning and may contain certain strings that lead to the scanner to suspect it as an infection. If that word/data file is something you need and you know where you got that from, we can always de-quarantine it.

Some information on Spyboy analysis done:

Spybot S&D is now not recommended it. I do not recommend it and other softwares do not either. Please take a look at this link: http://www.mvps.org/winhelp2002/unwanted.htm

Near the bottom where it says Spybot S&D and Ad-Aware:

SpyBot S&D http://www.safer-networking.org/en/index.html (freeware - XP/Vista)
Note: due to poor testing results this product is no longer recommended.

Ad-Aware 2008 Free
Note: due to poor testing results this product is no longer recommended.
Caution: now bundles the Ask Toolbar and is selected by default!


Also, keep in mind that:

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.

As for some of the additional features you mentioend Spybot, such as the immunization feature. You could also use this simple tool: http://www.javacoolsoftware.com/spywareblaster.html Spywareblaster that doesn't run in the background and does not take up any additional resources. Just update it frequently (once a month or so) and keep everything protected. If you are looking for a good anti-malware/spyware tool in general I suggest either Malwarebytes Anti-Malware or SuperAnti-Spyware. These tools as some would say is known as the "new kids on the block" sort of thing and is a lot quite efficent and effective.

Also, Could you run DDS once more and post the DDs.txt log for me. THanks.

Let me know how it goes.

Thanks.

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 mli41

mli41
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 31 October 2010 - 11:36 AM

Hi Extremeboy,

I know now that I had not pressed the POST button, because my "second" posting (input #12 in our discussion) came visible immediately after I had pressed the POST button. Sorry for my carelessness.

Your input on Spybot leds to so many interesting articles that it will take some time to browse all them through including "Audiatur et altera pars" meaning that you gave a link to safer-networking for their defending comment. I guess that your view concerns also other Spybot products (File, Reg and Run Analyser).

I didn't find anything at "Host News" concerning CCleaner (nor Piriform) - at least it is not at the "black list".

I have browsed a lot of pages also before but I have kept also a lot of reservations for following instructions etc. The problem has been "what to believe", "who to trust" etc. Earlier, I got some information from HijackThis-listing via a mate at work. Now, as a pensioner, I tried the same and found BC at the top of web list. Until the date before this correspondence, I had found mainly instruction "Reinstall Windows" which I didn't like because it - according to my mind means installing also everything else.

So, I found BC and hope this is trustable beginning for further information highways!

Back to the matter:

a/ Before I uninstalled Spybot, I returned its changes (as it more or less suggested by itself)
b/ Uninstallation of Spybot, File-, Reg- and Run-Analysers
c/ CCleaner run

d/ Now, I learned what Spybot immunization means when I copied host.txt from "Host News" - here is comparison:
24.10.2010 13:55 424.609 hosts.20101024-135555_Spybot_last.backup
(I renamed their last one in accordance with the earlier ones)
31.10.2010 14:20 623.384 hosts.txt
(in fact the date in file's own text is: 30.10.2010)

Yes, the file from the "Host News" is evidently much bigger, but when looking a bit further that is not the real point. "Host News" is using a lot space for explanations or reminders of source which naturally is good; that in any case is the main reason for the difference of file sizes. I am not specially defender of anybody in this respect but I think that Spybot has - at least some right in their defence, because - if I was careful enough -
* "Hot News" have 14.840 entries in their hosts.txt
* Spybot has 14.662 entries in their hosts.txt

But what is absolutely important, is that they have only 266 common entries. Therefore, I am not at all so sure which one is better. Who is such a God or Judge being capable to justify which one of those two databases, practically of same size, is better, when they in neither case cover world's all threats.

Together they would cover double amount of all threats ie. more than 29.200 threats!

I attach my excel comparison of that. In the file red lines are of "Host News" and blue ones of Spybot. I have two comparison columns, one indicating what is the name of threat on two sequential lines, the other one indicates that same only by number 1 which gives a simple possibility to count them.

Unfortunately, I didn't not update Spybot database before uninstallation - so the comparison is not exactly fare because of that one week difference. But I do not consider this a drastic difference - main difference really is the lack of common entries. For the benefit of computer users they should combine their efforts to create more coverage for the host files. In fact I plan to make a file by using a command "copy host-a +host-b hosts.txt". I have not yet done it, but asking your view on the idea itself and especially how duplication of those 266 entries might influence.

In any case, I am now on your path which I intend to follow.

e/ I installed Spywareblaster (free, manual version only)

f/ Firefox is working differently now (functions are the same before uninstalling Spybot and after). Older saved versions of our correspondence are stopped, so I can't aopen them. Does not matter for files itself, because the newer works as follows:
* saved as complete web page - opens semi normally - meaning that semi/half screen is black - I can read our conversation, because they are ads in the beginning of the page - if they were not, I could not read the beginning
* saved as html only - opens without "blackout" - in any case, a difference has taken place during our conversation

I have not had anything similar with any other case when saving a web page. So, the case is not harmful (when I know) but more interesting.
I also made a test: saved the page when I was signed in and when not - no difference.

Best regards

mli41

===================================
===================================
===================================
===================================
===================================


DDS (Ver_10-10-10.03) - NTFSx86
Run by M at 14:32:27,09 on su 31.10.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1479 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Prg\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
C:\Prg\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Prg\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Prg\OO Software\Defrag\oodag.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Installer\MSI2236.tmp
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Prg\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\All Users\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\prg\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\prg\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Daemon for Mouse Suite] c:\program files\lenovo\lenovo mouse suite\ICO.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\prg\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
StartupFolder: c:\documents and settings\m\start menu\programs\startup\OpenOffice.org 3.1.lnk.disabled
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\prg\micros~1\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202030359553
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206809203437
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxps://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\1gw8gbkw.default\
FF - component: c:\documents and settings\m\application data\mozilla\firefox\profiles\1gw8gbkw.default\extensions\fi@dictionaries.addons.mozilla.org\platform\winnt_x86-msvc\components\mozvoikko.dll
FF - plugin: c:\prg\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\prg\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\prg\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\prg\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\prg\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\prg\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\prg\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\prg\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2010-9-7 752128]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-22 165584]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-9-7 3975088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-22 17744]
R2 avast! Antivirus;avast! Antivirus;c:\prg\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-13 55152]
R2 OODefragAgent;O&O Defrag Agent;c:\prg\oo software\defrag\oodag.exe [2010-5-11 1619272]
R2 OS Selector;Acronis OS Selector activator;c:\prg\acronis\diskdirector\oss\reinstall_svc.exe [2010-5-25 2139536]
R2 SPDFToolsReadSpool;SolidPDFToolsCreatorReadSpool;c:\windows\installer\MSI2236.tmp [2009-11-25 189760]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-9-7 163232]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\prg\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\prg\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R3 pelps2m;PS/2 Mouse Filter Driver;c:\windows\system32\drivers\PelPs2m.sys [2010-9-22 19818]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google-päivityspalvelu (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 ESSIDSET;ESSIDSET;c:\windows\system32\ESSIDSET.SYS [2009-11-23 9248]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2009-11-4 6016]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-20 29744]
S3 PCDRDRV;Pcdr CPU Helper Driver;c:\windows\system32\drivers\pcdrdrv.sys --> c:\windows\system32\drivers\PCDRDRV.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1980-1-1 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-24 21:39:23 -------- d-----w- c:\program files\ESET
2010-10-24 13:42:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-24 10:50:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-23 23:01:01 -------- d-----w- C:\_OTL
2010-10-22 09:34:41 -------- d-----w- c:\docume~1\m\applic~1\Malwarebytes
2010-10-22 09:33:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-22 09:33:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-22 09:33:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-22 09:33:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-22 08:03:58 38848 ----a-w- c:\windows\avastSS.scr
2010-10-15 16:27:30 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-14 10:02:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

==================== Find3M ====================

2010-09-28 16:17:30 24576 --sh--r- C:\bootwiz.sys
2010-09-18 09:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ------w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-12 09:27:38 226656 ----a-w- c:\windows\system32\snapapi.dll

============= FINISH: 14:33:03,01 ===============





===================================
===================================
===================================
===================================
===================================


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 29.1.2008 3:02:17
System Uptime: 31.10.2010 12:03:52 (2 hours ago)

Motherboard: IBM | | IBM
Processor: Intel® Pentium® 4 CPU 2.66GHz | WMT478/NWD | 2657/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 110,369 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 78,993 GiB free.
K: is CDROM ()
O: is CDROM ()
P: is CDROM ()
Q: is CDROM ()
R: is CDROM ()
S: is CDROM ()
T: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP798: 18.8.2010 14:43:32 - System Checkpoint
RP799: 19.8.2010 15:58:42 - System Checkpoint
RP800: 19.8.2010 19:44:49 - Removed HP USB Disk Storage Format Tool
RP801: 19.8.2010 19:46:15 - Removed VERITAS Update Manager
RP802: 19.8.2010 19:47:14 - Removed IBM Simple Backup
RP803: 19.8.2010 19:56:27 - Removed Nero 7 Essentials
RP804: 19.8.2010 21:27:06 - Miksi restore point ovat hävinneet
RP805: 20.8.2010 23:17:20 - System Checkpoint
RP806: 21.8.2010 12:18:03 - Installed O&O Defrag Professional.
RP807: 22.8.2010 12:29:09 - System Checkpoint
RP808: 23.8.2010 16:28:18 - System Checkpoint
RP809: 24.8.2010 19:33:21 - System Checkpoint
RP810: 25.8.2010 20:25:54 - System Checkpoint
RP811: 26.8.2010 21:34:39 - System Checkpoint
RP812: 27.8.2010 22:42:37 - System Checkpoint
RP813: 28.8.2010 23:30:39 - System Checkpoint
RP814: 30.8.2010 11:39:56 - System Checkpoint
RP815: 31.8.2010 21:15:28 - System Checkpoint
RP816: 1.9.2010 21:32:42 - System Checkpoint
RP817: 2.9.2010 22:10:07 - System Checkpoint
RP818: 3.9.2010 22:15:10 - System Checkpoint
RP819: 4.9.2010 10:10:39 - Software Distribution Service 3.0
RP820: 5.9.2010 19:10:54 - System Checkpoint
RP821: 6.9.2010 19:59:41 - System Checkpoint
RP822: 7.9.2010 19:21:24 - Removed Acronis True Image Home
RP823: 7.9.2010 21:07:49 - Installed Acronis True Image Home 2011
RP824: 7.9.2010 21:51:01 - Installed Media Add-ons for Acronis True Image Home 2011
RP825: 7.9.2010 22:08:14 - Installed Acronis Disk Director Home
RP826: 8.9.2010 22:22:10 - System Checkpoint
RP827: 10.9.2010 18:35:14 - System Checkpoint
RP828: 11.9.2010 19:47:13 - System Checkpoint
RP829: 12.9.2010 21:04:36 - System Checkpoint
RP830: 13.9.2010 21:41:04 - System Checkpoint
RP831: 15.9.2010 16:34:58 - System Checkpoint
RP832: 16.9.2010 23:13:41 - Software Distribution Service 3.0
RP833: 18.9.2010 12:30:50 - System Checkpoint
RP834: 19.9.2010 13:04:44 - System Checkpoint
RP835: 20.9.2010 13:16:33 - System Checkpoint
RP836: 21.9.2010 13:40:42 - System Checkpoint
RP837: 22.9.2010 18:36:45 - System Checkpoint
RP838: 24.9.2010 12:16:04 - System Checkpoint
RP839: 25.9.2010 13:18:31 - System Checkpoint
RP840: 26.9.2010 14:26:04 - System Checkpoint
RP841: 27.9.2010 14:30:13 - System Checkpoint
RP842: 28.9.2010 15:54:22 - System Checkpoint
RP843: 29.9.2010 16:23:28 - System Checkpoint
RP844: 1.10.2010 13:03:09 - System Checkpoint
RP845: 2.10.2010 20:53:29 - System Checkpoint
RP846: 3.10.2010 21:34:03 - System Checkpoint
RP847: 5.10.2010 21:16:42 - System Checkpoint
RP848: 6.10.2010 22:42:37 - System Checkpoint
RP849: 8.10.2010 17:11:22 - System Checkpoint
RP850: 9.10.2010 19:22:02 - System Checkpoint
RP851: 10.10.2010 21:09:25 - System Checkpoint
RP852: 11.10.2010 12:53:12 - Software Distribution Service 3.0
RP853: 12.10.2010 13:17:31 - System Checkpoint
RP854: 13.10.2010 18:40:10 - System Checkpoint
RP855: 14.10.2010 13:02:03 - avast! Free Antivirus Setup
RP856: 15.10.2010 13:19:36 - System Checkpoint
RP857: 15.10.2010 19:25:45 - Software Distribution Service 3.0
RP858: 17.10.2010 22:22:38 - System Checkpoint
RP859: 18.10.2010 22:31:27 - System Checkpoint
RP860: 20.10.2010 18:41:12 - System Checkpoint
RP861: 21.10.2010 20:49:37 - System Checkpoint
RP862: 22.10.2010 10:48:36 - avast! Free Antivirus Setup
RP863: 22.10.2010 11:03:50 - avast! Free Antivirus Setup
RP864: 23.10.2010 11:06:40 - System Checkpoint
RP865: 24.10.2010 12:35:11 - System Checkpoint
RP866: 24.10.2010 13:48:08 - Installed Java™ SE Development Kit 6 Update 22
RP867: 24.10.2010 13:50:01 - Removed Java™ 6 Update 18
RP868: 24.10.2010 13:50:39 - Installed Java™ 6 Update 22
RP869: 24.10.2010 16:03:52 - Removed Java™ SE Development Kit 6 Update 22
RP870: 24.10.2010 16:07:11 - Removed Java™ 6 Update 22
RP871: 24.10.2010 16:08:30 - Removed Java DB 10.5.3.0
RP872: 24.10.2010 16:42:30 - Installed Java™ 6 Update 22
RP873: 25.10.2010 16:43:52 - System Checkpoint
RP874: 26.10.2010 17:29:08 - System Checkpoint
RP875: 27.10.2010 18:48:18 - System Checkpoint
RP876: 28.10.2010 22:08:05 - System Checkpoint
RP877: 29.10.2010 23:07:42 - System Checkpoint
RP878: 31.10.2010 12:08:55 - System Checkpoint

==== Installed Programs ======================

Access IBM
Acronis Disk Director Home
Acronis True Image Home 2011
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Advertising Center
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 2009 Advanced
avast! Free Antivirus
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DIA 2000
DolbyFiles
Désinstaller Le Petit Robert de la langue française
ESET Online Scanner v3
EuroTranslator Academic
Euroword Giga
EVEREST Home Edition v1.51
eXPert PDF 6
FirstClass® Client
Google Desktop
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942766-v6)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB971276-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
IBM Access Support
IBM Rapid Restore PC Setup
ImagXpress
Intel® Extreme Graphics Driver
Intel® Network Connections Drivers
Intel® PROSet II
Intense Language Office
InterVideo WinDVD
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java™ 6 Update 22
Junk Mail filter update
Kielitoimiston sanakirja
Lenovo Mouse Suite
LightScribe System Software
LizardTech DjVu Control
Malwarebytes' Anti-Malware
Media Add-ons for Acronis True Image Home 2011
Menu Templates - Starter Kit
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Proofing Tools
Microsoft Office Access 2003
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Movie Templates - Starter Kit
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero WaveEditor
Nero Vision
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
O&O Defrag Professional
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
PC-Doctor 5 for Windows
PCI SoftV92 Modem
Quick Translator 2000
QuickTime
Random House Webster's Unabridged Dictionary
Roxio VideoWave 5 Power Edition
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shockwave
SnapAPI
Solid PDF Tools
SoundMAX
SoundTrax
SpywareBlaster 4.4
Svensk ordbok
System Update
TheSage
Total Commander (Remove or Repair)
Uninstall PC-Doctor
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 7 Multilingual User Interface (MUI)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell™ 1.0 MUI pack
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinZip
VirtualDrive Pro
WordFinder
WordFinder Language Suite
WSOY Elektroninen sanakirja 5.0
XML Paper Specification Shared Components Pack 1.0
XPS Essentials Pack
XPS Essentials Pack 1.0

==== Event Viewer Messages From Past Week ========

29.10.2010 12:36:30, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom7.
29.10.2010 12:17:44, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
27.10.2010 13:56:10, error: Dhcp [1002] - The IP address lease 82.181.183.234 for the Network Card with network address 00096BE7E9B7 has been denied by the DHCP server 213.243.153.174 (The DHCP Server sent a DHCPNACK message).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The SolidPDFToolsCreatorReadSpool service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:04, error: Service Control Manager [7034] - The Acronis OS Selector activator service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:03, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:03, error: Service Control Manager [7034] - The O&O Defrag Agent service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7034] - The Intel® NMS service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7034] - The Acronis Nonstop Backup service service terminated unexpectedly. It has done this 1 time(s).
24.10.2010 2:01:02, error: Service Control Manager [7031] - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.

==== End Of File ===========================

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 PM

Posted 31 October 2010 - 04:25 PM

Hello again,

Thanks for the updates.

Regarding the hosts file:

To understand about the hosts you can read more here.
To download the hosts file you can find it here.
To view the hosts file in plain text you can find it here.

As for the difference in the hosts file between Spybot and the other one I can't be 100% sure as to why, however the hosts file that I mentioned above which you can view, is quite up to date. Latest update was yesterday in fact and is monitored and updated by a group of trusted experts.

Also, if you do decide to include a manual host file then I suggest you set a service called DNs Client to manual. This will help increase the significance of the speed of your browser in certain cases where it can be slow due to the huge host file.

Instructions:

Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine.

To resolve this issue (manually) open the "Services Editor"

* Start | Run (type) "services.msc" (no quotes)
* Scroll down to "DNS Client", Right-click and select: Properties - click Stop
* Click the drop-down arrow for "Startup type"
* Select: Manual (recommended) or Disabled click Apply/Ok and restart.


Onto the Firefox issue:

meaning that semi/half screen is black - I can read our conversation, because they are ads in the beginning of the page - if they were not, I could not read the beginning

Could you perhaps take a screenshot and attach it here or upload it elsewhere such as Photobucket.com and attach it here for me to visually see what's occuring, as I can't exactly figure out what the problem is from that description.

* saved as html only - opens without "blackout" - in any case, a difference has taken place during our conversation

Same goes for this one if you can. Take a screenshot.

Thanks.

Have I addressed all the problems you mentioned already? If I missed anything or did not mention about it, kindly let me know.

Besides that from the logs there appears to be no malware related issue anylonger. Let's deal with the other things you mentioned and see what we can do.

~Extremeboy

Edited by extremeboy, 31 October 2010 - 04:29 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users