Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OTL Log


  • This topic is locked This topic is locked
45 replies to this topic

#1 34BLEEP00XX

34BLEEP00XX

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:48 AM

Posted 06 November 2010 - 05:25 PM

Mod Edit: Referred from http://www.bleepingcomputer.com/forums/topic357667.html ~BZ

HERE IS THE LOG:

OTL logfile created on: 6.11.2010 23:59:29 - Run 5
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\***\Työpöytä\Stb downloads\OTLAR
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

1 024,00 Mb Total Physical Memory | 155,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 69,73 Gb Free Space | 35,70% Space Free | Partition Type: NTFS
Drive D: | 97,75 Gb Total Space | 33,38 Gb Free Space | 34,15% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 62,34 Gb Free Space | 36,10% Space Free | Partition Type: NTFS
Drive F: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 378,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 69,12 Gb Total Space | 67,27 Gb Free Space | 97,32% Space Free | Partition Type: NTFS
Drive J: | 58,59 Gb Total Space | 56,56 Gb Free Space | 96,53% Space Free | Partition Type: NTFS
Drive K: | 8,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: LMPR-CO-OPS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.11.01 23:46:09 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***\Työpöytä\Stb downloads\OTLAR\OTL.exe
PRC - [2010.11.01 01:41:16 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.11.01 01:41:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.10.25 04:10:15 | 002,806,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2010.09.25 16:59:43 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.09.25 16:59:38 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.02 09:26:02 | 000,672,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010.07.27 13:27:00 | 000,280,960 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010.07.20 10:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.07.16 13:58:10 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2010.06.23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010.06.23 12:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.06.22 13:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.05.28 13:04:52 | 000,911,920 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2010.05.11 10:11:58 | 000,134,144 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009.11.29 16:53:02 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4Virus\Setup\avast.setup
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4Virus\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4Virus\ashServ.exe
PRC - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4Virus\ashWebSv.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4Virus\aswUpdSv.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.04.23 08:36:58 | 001,123,784 | ---- | M] (LSoft Technologies Inc) -- C:\Program Files\Active Hard Disk Monitor\DiskMonitorService.exe
PRC - [2008.04.14 08:12:12 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.29 21:16:20 | 000,110,592 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
PRC - [2007.06.01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.06.01 09:06:06 | 001,629,744 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007.06.01 09:05:56 | 001,551,408 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007.06.01 09:05:46 | 001,057,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006.11.03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2002.12.06 15:07:48 | 000,617,984 | ---- | M] () -- C:\Program Files\ASUS\Probe\AsusProb.exe
PRC - [2001.06.13 08:36:34 | 000,049,152 | ---- | M] (YAMAHA COROPRATION) -- C:\WINDOWS\system32\sxgtkbar.exe


========== Modules (SafeList) ==========

MOD - [2010.11.01 23:46:09 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***\Työpöytä\Stb downloads\OTLAR\OTL.exe
MOD - [2010.08.23 18:12:31 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) HID (Human Interface Device)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.10.25 04:10:15 | 002,806,000 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010.09.25 16:59:38 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.07.26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010.06.23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4Virus\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Avast4Virus\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4Virus\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4Virus\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.04.23 08:36:58 | 001,123,784 | ---- | M] (LSoft Technologies Inc) [Auto | Running] -- C:\Program Files\Active Hard Disk Monitor\DiskMonitorService.exe -- (Active@ Disk Monitor)
SRV - [2007.11.07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Microsoft Visual Studio\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007.06.01 09:05:56 | 001,551,408 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2010.10.25 04:09:04 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010.10.04 22:03:52 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.04 22:03:51 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.09.12 16:05:36 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.07.06 19:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.05.28 13:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.05.13 09:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010.03.20 03:24:51 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.09.15 12:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.09.15 12:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.09.15 12:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.07.15 14:41:31 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2009.04.24 03:30:57 | 004,049,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 10:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 10:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-ääniohjain (WDM)
DRV - [2008.04.13 10:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 08:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) Microsoft UAA -väyläohjain (High Definition Audio)
DRV - [2007.08.24 18:45:22 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.06.01 09:05:56 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.06.01 09:05:56 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.06.01 09:05:46 | 000,118,704 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.03.03 19:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.08.03 21:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003.08.08 03:31:56 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Temp\cdiskdun.sys -- (cdiskdun)
DRV - [2002.07.11 11:51:18 | 000,667,136 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sbpci.sys -- (sbpci) SB PCI Family Audio Driver (WDM)
DRV - [2001.08.17 21:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2001.08.17 20:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001.08.17 19:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001.08.17 19:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001.08.17 19:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001.08.17 19:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001.06.25 10:29:00 | 001,079,168 | ---- | M] (YAMAHA CORPORATION) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sxgbvswp.SYS -- (sxgbvswp)
DRV - [1999.12.17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
DRV - [1997.04.22 09:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-179605362-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
IE - HKU\S-1-5-21-1202660629-179605362-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.09.26 23:41:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.01 01:41:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.01 01:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.09.26 23:41:22 | 000,000,000 | ---D | M]

[2009.07.10 23:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Mozilla\Extensions
[2010.11.05 03:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions
[2010.04.29 19:26:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.09 22:31:31 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009.07.28 13:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.08.19 14:46:09 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.12.08 05:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions\npfax@microgaming.co.uk
[2010.11.05 03:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.29 22:46:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.18 00:09:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.10.18 00:08:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2003.04.25 14:00:00 | 000,000,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (OneRiot IE Statusbar BHO) - {F28D74EC-B064-4402-926D-E00687233421} - C:\Program Files\OneRiot\Browser Add-ons\IEStatusbar.dll (OneRiot, Inc..)
O3 - HKLM\..\Toolbar: (Toolbar Powered by OneRiot) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\OneRiot\Browser Add-ons\IEToolbar.dll (OneRiot, Inc..)
O3 - HKU\S-1-5-21-1202660629-179605362-682003330-1004\..\Toolbar\WebBrowser: (Toolbar Powered by OneRiot) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\OneRiot\Browser Add-ons\IEToolbar.dll (OneRiot, Inc..)
O4 - HKLM..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4Virus\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SxgTkBar] C:\WINDOWS\System32\sxgtkbar.exe (YAMAHA COROPRATION)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1202660629-179605362-682003330-1004..\Run: [] File not found
O4 - HKU\S-1-5-21-1202660629-179605362-682003330-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1202660629-179605362-682003330-1004..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\***\Käynnistä-valikko\Ohjelmat\Käynnistys\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-179605362-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.10 19:52:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.01 -- [ NTFS ]
O32 - AutoRun File - [2009.07.26 00:05:40 | 000,000,058 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.12.07 18:54:56 | 000,024,576 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001.12.08 12:57:30 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003.10.02 11:54:00 | 000,000,027 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - K:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.08 09:41:52 | 000,000,047 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{26dc3797-c74c-11df-9973-f9a1c8fc5240}\Shell - "" = Autorun
O33 - MountPoints2\{26dc3797-c74c-11df-9973-f9a1c8fc5240}\Shell\AutoRun\command - "" = K:\Install_Nokia_Ovi_Suite.exe -- File not found
O33 - MountPoints2\{427d3329-539e-11df-989e-c7a859bd7c52}\Shell - "" = AutoRun
O33 - MountPoints2\{427d3329-539e-11df-989e-c7a859bd7c52}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4c032742-6e26-11de-ac06-cee1a960ea50}\Shell - "" = AutoRun
O33 - MountPoints2\{4c032742-6e26-11de-ac06-cee1a960ea50}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4c032745-6e26-11de-ac06-cee1a960ea50}\Shell - "" = AutoRun
O33 - MountPoints2\{4c032745-6e26-11de-ac06-cee1a960ea50}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{71304ec8-9d7e-11de-972a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{71304ec8-9d7e-11de-972a-806d6172696f}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a0928ff2-6e24-11de-ac05-e0c54cc15950}\Shell - "" = AutoRun
O33 - MountPoints2\{a0928ff2-6e24-11de-ac05-e0c54cc15950}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- [2003.10.02 11:53:52 | 000,225,280 | R--- | M] (Gotham Games )
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.10.18 21:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010.10.18 00:08:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.18 00:08:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.18 00:08:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.18 00:08:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.16 17:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Local Settings\Application Data\id Software
[2010.10.15 23:29:41 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LMRTREND.dll
[2010.10.15 23:29:21 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft3.dll
[2010.10.15 23:28:52 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unam4ie.exe
[2010.10.15 23:27:19 | 000,131,072 | ---- | C] (Magix) -- C:\WINDOWS\System32\MagixDS.dll
[2010.10.15 23:27:19 | 000,114,688 | ---- | C] (emagic GmbH) -- C:\WINDOWS\System32\EASIMME.dll
[2010.10.13 22:53:35 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.10.13 22:53:34 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.10.13 22:42:30 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.10.11 21:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.10.03 01:50:19 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\***\Application Data\tsdnwin.dll
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.06 23:12:07 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-682003330-1004UA.job
[2010.11.06 22:31:22 | 000,169,584 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.11.06 22:22:31 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010.11.06 17:51:12 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.11.06 17:48:10 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010.11.06 17:47:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.06 02:12:03 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-682003330-1004Core.job
[2010.11.05 01:15:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.31 18:55:55 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.27 22:36:52 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\***\.recently-used.xbel
[2010.10.25 21:46:09 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.10.25 04:26:54 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\***\Työpöytä\Glary Utilities.lnk
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.10.19 04:27:36 | 000,013,175 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2010.10.18 21:51:44 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\***\Työpöytä\DivX Movies.lnk
[2010.10.18 21:50:24 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\DivX Plus Player.lnk
[2010.10.18 21:48:45 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\DivX Plus Converter.lnk
[2010.10.18 00:08:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.18 00:08:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.18 00:08:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.18 00:08:15 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.18 00:08:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.15 23:31:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\AudStu.INI
[2010.10.15 23:29:15 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010.10.15 23:29:01 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.10.15 23:29:01 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.10.15 23:27:25 | 000,000,087 | ---- | M] () -- C:\WINDOWS\magix.ini
[2010.10.14 16:54:45 | 000,160,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.13 23:27:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.10.11 21:59:58 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Adobe Reader 9.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.10.27 22:36:52 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\***\.recently-used.xbel
[2010.10.19 04:27:36 | 000,013,175 | ---- | C] () -- C:\WINDOWS\vpd.properties
[2010.10.18 21:50:24 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\DivX Plus Player.lnk
[2010.10.18 21:48:45 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\DivX Plus Converter.lnk
[2010.10.15 23:31:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2010.10.15 23:27:19 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\LOG_DS.AX
[2010.10.15 23:24:40 | 000,000,087 | ---- | C] () -- C:\WINDOWS\magix.ini
[2010.10.11 21:59:57 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\Adobe Reader 9.lnk
[2010.10.04 22:03:52 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.10.04 22:03:51 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.08.21 01:42:17 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2010.08.21 01:42:17 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2010.07.30 00:46:08 | 000,000,745 | ---- | C] () -- C:\WINDOWS\DR2.ini
[2010.07.23 22:16:57 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2010.07.23 22:16:56 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2010.07.23 22:16:47 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\animation.dll
[2010.07.18 00:41:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\WARPLANE.INI
[2010.07.12 21:34:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010.05.01 20:51:18 | 000,000,310 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010.03.22 21:15:32 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010.03.22 21:15:31 | 000,228,864 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010.03.22 21:15:31 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010.03.22 21:15:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010.03.22 21:15:31 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010.03.22 21:15:31 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010.03.22 21:15:31 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010.03.22 21:15:30 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010.03.22 21:15:30 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010.03.22 21:15:30 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2010.03.22 21:15:30 | 000,052,736 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009.12.30 16:51:16 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wa.INI
[2009.12.19 18:50:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Goya.INI
[2009.10.21 03:34:41 | 000,000,244 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2009.08.19 21:05:33 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\r3dgif22.dll
[2009.08.19 19:14:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RasTop.INI
[2009.08.17 17:08:27 | 000,000,197 | ---- | C] () -- C:\WINDOWS\WinNG.ini
[2009.08.14 01:30:49 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.07.31 04:01:17 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\wsxttime.sys
[2009.07.27 18:54:30 | 000,003,855 | ---- | C] () -- C:\WINDOWS\TWEplus.INI
[2009.07.27 18:25:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Oiduts.dll
[2009.07.26 20:47:46 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009.07.26 20:47:46 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009.07.26 20:47:46 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009.07.26 20:22:25 | 000,000,397 | ---- | C] () -- C:\WINDOWS\WAVEGEN.INI
[2009.07.26 18:04:08 | 000,000,089 | ---- | C] () -- C:\WINDOWS\vpetting.ini
[2009.07.26 00:05:42 | 000,000,147 | ---- | C] () -- C:\WINDOWS\INSTGRPS.INI
[2009.07.23 22:39:29 | 000,000,081 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2009.07.21 01:49:22 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2009.07.17 23:56:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.07.16 02:03:17 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.07.15 21:05:32 | 000,000,301 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009.07.15 17:44:49 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2009.07.15 15:25:18 | 000,000,319 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2009.07.15 14:45:04 | 000,000,730 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009.07.15 14:43:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\MusicMaker.INI
[2009.07.15 14:42:28 | 000,000,297 | ---- | C] () -- C:\WINDOWS\Sampler.INI
[2009.07.15 14:42:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009.07.15 14:42:26 | 000,000,305 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2009.07.15 14:35:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009.07.13 22:01:24 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.13 21:59:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RingtoneMaker.INI
[2009.07.13 21:54:26 | 000,005,715 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.07.13 21:31:46 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.07.13 21:31:46 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.07.13 21:31:46 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.07.12 22:31:17 | 000,000,858 | ---- | C] () -- C:\WINDOWS\SOFPLAT.ini
[2009.07.12 15:00:35 | 000,000,177 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.07.12 02:30:27 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009.07.12 00:53:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.07.11 23:38:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.07.11 23:38:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.07.11 00:37:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009.07.10 23:50:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.07.10 23:44:51 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2009.07.10 23:44:27 | 000,003,173 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.07.10 23:44:26 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.07.10 23:13:01 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\fusioncache.dat
[2009.07.10 23:05:46 | 000,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2009.07.10 20:44:51 | 000,004,405 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.12.19 16:15:58 | 003,128,320 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005.12.07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.11.16 16:34:10 | 000,700,416 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2002.03.19 17:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2000.03.29 01:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2000.03.28 15:27:42 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[1997.11.17 16:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2010.02.14 02:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2009.07.13 19:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009.07.21 01:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009.07.15 14:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009.12.12 00:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2010.10.04 22:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My Horse and Me
[2010.09.26 23:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009.07.13 19:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.07.12 14:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010.10.24 16:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.07.16 21:28:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010.01.25 01:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\.atanks
[2010.01.23 22:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\.k3d
[2010.04.01 01:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Datalayer
[2010.02.23 02:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dev-Cpp
[2009.07.22 19:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\fltk.org
[2009.07.10 23:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FLVPlayer4Free
[2009.07.12 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\GetRightToGo
[2009.12.05 17:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\gtk-2.0
[2009.07.11 23:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\InterVideo
[2009.07.12 02:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Leadertech
[2009.12.19 18:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\MAGIX
[2010.09.11 21:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Mount&Blade
[2009.09.11 19:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\NASA
[2010.09.27 00:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Nokia
[2010.01.23 22:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Notepad++
[2009.07.10 23:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\OpenOffice.org
[2009.07.19 22:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Panasonic
[2009.07.13 19:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\PC Suite
[2010.01.22 22:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Stellarium
[2009.07.23 21:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Thalia
[2010.10.29 23:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Wings3D
[2010.06.29 14:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\WinPatrol
[2009.09.27 15:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\XnView
[2010.02.02 20:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\xvrml.net
[2010.11.06 17:48:10 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010.11.06 17:51:12 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39413AC3

< End of report >

This is NOT bumping but some info. Can somebody check these files:

[2009.07.13 21:31:46 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.07.13 21:31:46 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.07.13 21:31:46 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

Because I have read somewhere that they are Malware components but I think they are StarForce protection system drivers.

[2009.07.10 23:44:26 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

This is not a Malware file it is a ASUS thermal proble program file.

EDIT: Posts merged ~BP

Edited by Budapest, 11 November 2010 - 04:36 PM.
Split from AII topic. ~BZ


BC AdBot (Login to Remove)

 


#2 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:48 AM

Posted 13 November 2010 - 11:38 AM

I have a question here:
Do YOU need any diagnostic logs here?

Tell me if you need any.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 AM

Posted 14 November 2010 - 07:06 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:48 AM

Posted 14 November 2010 - 03:36 PM

Otl Scan complete. I got OTL.TXT not extra.txt . How to get both?

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 AM

Posted 14 November 2010 - 03:43 PM

Rerun OTL, click the NONE button, then change the value under Extra Registry and tick "use safelist". Click Run Scan, extra.txt will now be created.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#6 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:48 AM

Posted 14 November 2010 - 04:12 PM

Those OTL logs contain user sensitive data.
Can I remove those before I post those logs here.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 AM

Posted 14 November 2010 - 04:39 PM

What data are you referring to? The logs contain data regarding installed programs on your computer and the way they and other windows components load. Nothing anybody could use.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:48 AM

Posted 14 November 2010 - 04:57 PM

I will post logs tomorrow.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 AM

Posted 15 November 2010 - 03:35 AM

Okay, thanks for letting me know.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:48 AM

Posted 16 November 2010 - 02:11 PM

Here is first log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF6B4C000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 4374528 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1EA000 C:\WINDOWS\System32\ati3duag.dll 2985984 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192256 bytes (Microsoft Corporation, NT Ydin & Järjestelmä)
0x804D7000 PnpManager 2192256 bytes
0x804D7000 RAW 2192256 bytes
0x804D7000 WMIxWDM 2192256 bytes
0xBF4C3000 C:\WINDOWS\System32\ativvaxx.dll 2129920 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Monikäyttäjä Win32-ohjain)
0xAE6DE000 C:\WINDOWS\System32\drivers\sxgbvswp.SYS 958464 bytes (YAMAHA CORPORATION, Kernel mode driver)
0xF6A12000 C:\WINDOWS\system32\drivers\sbpci.sys 667648 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xBF068000 C:\WINDOWS\System32\ati2cqag.dll 643072 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF76C1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF105000 C:\WINDOWS\System32\atikvmag.dll 544768 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAE53F000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xAE3E2000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xABFA6000 C:\WINDOWS\system32\drivers\ACEDRV07.sys 401408 bytes (Protect Software GmbH, Helper Driver - Access Level 1a)
0xBF18A000 C:\WINDOWS\System32\atiok3x2.dll 393216 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xF6968000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAE636000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAB60B000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 352256 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAB90C000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xAAFDA000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF77DF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAB977000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7694000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAE452000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6B10000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAE5C0000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAE5E8000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xABD52000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF69EE000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6AB5000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6AD9000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAE51D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAE3C1000 C:\WINDOWS\System32\Drivers\aswSP.SYS 135168 bytes (ALWIL Software, avast! self protection module)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7777000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77AF000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-levyohjain)
0xAE6A2000 C:\WINDOWS\system32\drivers\InCDFs.sys 114688 bytes (Nero AG, InCD File System Driver)
0xF7669000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xAA3B6000 C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 102400 bytes (Huawei Technologies Co., Ltd., USB Modem/Serial Device Driver)
0xF7797000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAE381000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF774E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF69D7000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xABBD4000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 90112 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xAE7C8000 C:\WINDOWS\system32\drivers\SBREdrv.sys 90112 bytes (Sunbelt Software, Anti-Rootkit Engine)
0xAB8F7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6AFC000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Rinnakkaisporttiohjain)
0xF6B38000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAE68F000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7765000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF77CE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI -luettelointi)
0xF69C6000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7683000 sfdrv01.sys 69632 bytes (Protection Technology, StarForce Protection Environment Driver)
0xF79CE000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7008000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7A7E000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Sarjalaiteohjain)
0xF6FC8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF787E000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF6FF8000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xABAF4000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF793E000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF790E000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF786E000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7A8E000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port -ohjain)
0xF6FB8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF784E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6F98000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF797E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7A9E000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF783E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6FA8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF791E000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xF7A6E000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Suorittimen laiteohjain)
0xF782E000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA -väyläohjain)
0xF78CE000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF788E000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xABB44000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF789E000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF6F78000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF785E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAA5CF000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF6F88000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF794E000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAB2E3000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF792E000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7B5E000 C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF7C06000 C:\WINDOWS\system32\drivers\InCDPass.sys 32768 bytes (Nero AG, Ahead RW Filter Driver)
0xF7C2E000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modeemin laiteohjain)
0xF7BF6000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7AC6000 sfhlp02.sys 32768 bytes (Protection Technology, StarForce Protection Helper Driver)
0xF7BFE000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7BAE000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B8E000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7B4E000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7AAE000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7AEE000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7B96000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class -ohjain)
0xF7B9E000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class -ohjain)
0xF7ABE000 sfsync02.sys 24576 bytes (Protection Technology, StarForce Protection Synchronization Driver)
0xF7BE6000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7C0E000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 20480 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7BCE000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7C1E000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xF7BEE000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AB6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BBE000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BC6000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7BB6000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7BA6000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF7B26000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAB38F000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)
0xAAE42000 C:\WINDOWS\System32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF7CFE000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xABEDA000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7CE2000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7C3E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAE60E000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7D02000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xAE3A5000 C:\WINDOWS\system32\DRIVERS\hidgame.sys 12288 bytes (Microsoft Corporation, HidGame Library)
0xF7D2A000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 12288 bytes (Nero AG, InCD File System Recognizer)
0xABA50000 C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 12288 bytes
0xF7CEE000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7645000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D68000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7DCA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D66000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D2E000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D6A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7DB8000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM-rinnakkaisporttiohjain)
0xF7DDC000 C:\WINDOWS\system32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF7D6C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D5E000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D64000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D30000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F1F000 C:\WINDOWS\system32\drivers\aslm75.sys 4096 bytes
0xF7EE2000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7EAD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7F7E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DF6000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Second log here:

OTL logfile created on: 14.11.2010 23:45:18 - Run 10
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\LMPR-Jaakko\Työpöytä\Stb downloads\OTLAR
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

1 024,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 67,98 Gb Free Space | 34,81% Space Free | Partition Type: NTFS
Drive D: | 97,75 Gb Total Space | 33,39 Gb Free Space | 34,16% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 62,36 Gb Free Space | 36,11% Space Free | Partition Type: NTFS
Drive F: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 378,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 69,12 Gb Total Space | 67,27 Gb Free Space | 97,32% Space Free | Partition Type: NTFS
Drive J: | 58,59 Gb Total Space | 56,56 Gb Free Space | 96,53% Space Free | Partition Type: NTFS
Drive K: | 8,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: LMPR-CO-OPS | User Name: LMPR-Jaakko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.11.01 23:46:09 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LMPR-Jaakko\Työpöytä\Stb downloads\OTLAR\OTL.exe
PRC - [2010.11.01 01:41:16 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.11.01 01:41:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.10.25 04:10:15 | 002,806,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2010.09.25 16:59:43 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.09.25 16:59:38 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.02 09:26:02 | 000,672,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010.07.27 13:27:00 | 000,280,960 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010.07.20 10:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.06.23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010.06.23 12:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.06.22 13:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.05.28 13:04:52 | 000,911,920 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2010.05.11 10:11:58 | 000,134,144 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4Virus\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4Virus\ashServ.exe
PRC - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4Virus\ashWebSv.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4Virus\aswUpdSv.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.04.23 08:36:58 | 001,123,784 | ---- | M] (LSoft Technologies Inc) -- C:\Program Files\Active Hard Disk Monitor\DiskMonitorService.exe
PRC - [2008.04.14 08:12:12 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.29 21:16:20 | 000,110,592 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
PRC - [2007.06.01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.06.01 09:06:06 | 001,629,744 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007.06.01 09:05:56 | 001,551,408 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007.06.01 09:05:46 | 001,057,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006.11.03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006.06.28 14:50:52 | 000,851,456 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
PRC - [2002.12.06 15:07:48 | 000,617,984 | ---- | M] () -- C:\Program Files\ASUS\Probe\AsusProb.exe
PRC - [2001.06.13 08:36:34 | 000,049,152 | ---- | M] (YAMAHA COROPRATION) -- C:\WINDOWS\system32\sxgtkbar.exe


========== Modules (SafeList) ==========

MOD - [2010.11.01 23:46:09 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LMPR-Jaakko\Työpöytä\Stb downloads\OTLAR\OTL.exe
MOD - [2010.08.23 18:12:31 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) HID (Human Interface Device)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.10.25 04:10:15 | 002,806,000 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010.09.25 16:59:38 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.07.26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010.06.23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4Virus\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Avast4Virus\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4Virus\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4Virus\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.04.23 08:36:58 | 001,123,784 | ---- | M] (LSoft Technologies Inc) [Auto | Running] -- C:\Program Files\Active Hard Disk Monitor\DiskMonitorService.exe -- (Active@ Disk Monitor)
SRV - [2007.11.07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Microsoft Visual Studio\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007.06.01 09:05:56 | 001,551,408 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2010.10.25 04:09:04 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010.10.04 22:03:52 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.04 22:03:51 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.09.12 16:05:36 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.07.06 19:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.05.28 13:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.05.13 09:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010.03.20 03:24:51 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.09.15 12:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.09.15 12:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.09.15 12:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.07.15 14:41:31 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2009.04.24 03:30:57 | 004,049,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 10:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 10:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-ääniohjain (WDM)
DRV - [2008.04.13 10:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 08:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) Microsoft UAA -väyläohjain (High Definition Audio)
DRV - [2007.08.24 18:45:22 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.06.01 09:05:56 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.06.01 09:05:56 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.06.01 09:05:46 | 000,118,704 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.03.03 19:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.08.03 21:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003.07.29 12:07:35 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Temp\cdiskdun.sys -- (cdiskdun)
DRV - [2002.07.11 11:51:18 | 000,667,136 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sbpci.sys -- (sbpci) SB PCI Family Audio Driver (WDM)
DRV - [2001.08.17 21:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2001.08.17 20:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001.08.17 19:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001.08.17 19:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001.08.17 19:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001.08.17 19:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001.06.25 10:29:00 | 001,079,168 | ---- | M] (YAMAHA CORPORATION) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sxgbvswp.SYS -- (sxgbvswp)
DRV - [1999.12.17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
DRV - [1997.04.22 09:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-179605362-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
IE - HKU\S-1-5-21-1202660629-179605362-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.09.26 23:41:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.01 01:41:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.01 01:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.09.26 23:41:22 | 000,000,000 | ---D | M]

[2009.07.10 23:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Mozilla\Extensions
[2010.11.14 22:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions
[2010.04.29 19:26:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.09 22:31:31 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009.07.28 13:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.08.19 14:46:09 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.12.08 05:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Mozilla\Firefox\Profiles\1acm1f39.default\extensions\npfax@microgaming.co.uk
[2010.11.14 22:19:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.29 22:46:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.18 00:09:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.10.18 00:08:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2003.04.25 14:00:00 | 000,000,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (OneRiot IE Statusbar BHO) - {F28D74EC-B064-4402-926D-E00687233421} - C:\Program Files\OneRiot\Browser Add-ons\IEStatusbar.dll (OneRiot, Inc..)
O3 - HKLM\..\Toolbar: (Toolbar Powered by OneRiot) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\OneRiot\Browser Add-ons\IEToolbar.dll (OneRiot, Inc..)
O3 - HKU\S-1-5-21-1202660629-179605362-682003330-1004\..\Toolbar\WebBrowser: (Toolbar Powered by OneRiot) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\OneRiot\Browser Add-ons\IEToolbar.dll (OneRiot, Inc..)
O4 - HKLM..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4Virus\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SxgTkBar] C:\WINDOWS\System32\sxgtkbar.exe (YAMAHA COROPRATION)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1202660629-179605362-682003330-1004..\Run: [] File not found
O4 - HKU\S-1-5-21-1202660629-179605362-682003330-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1202660629-179605362-682003330-1004..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\LMPR-Jaakko\Käynnistä-valikko\Ohjelmat\Käynnistys\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-179605362-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\LMPR-Jaakko\Työpöytä\Teemoja\P120.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LMPR-Jaakko\Työpöytä\Teemoja\P120.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.10 19:52:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.01 -- [ NTFS ]
O32 - AutoRun File - [2009.07.26 00:05:40 | 000,000,058 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.12.07 18:54:56 | 000,024,576 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001.12.08 12:57:30 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003.10.02 11:54:00 | 000,000,027 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - K:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.08 09:41:52 | 000,000,047 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{26dc3797-c74c-11df-9973-f9a1c8fc5240}\Shell - "" = Autorun
O33 - MountPoints2\{26dc3797-c74c-11df-9973-f9a1c8fc5240}\Shell\AutoRun\command - "" = K:\Install_Nokia_Ovi_Suite.exe -- File not found
O33 - MountPoints2\{39253906-cfed-11df-8ba0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{39253906-cfed-11df-8ba0-806d6172696f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2001.12.07 18:54:56 | 000,024,576 | R--- | M] ()
O33 - MountPoints2\{427d3329-539e-11df-989e-c7a859bd7c52}\Shell - "" = AutoRun
O33 - MountPoints2\{427d3329-539e-11df-989e-c7a859bd7c52}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4c032742-6e26-11de-ac06-cee1a960ea50}\Shell - "" = AutoRun
O33 - MountPoints2\{4c032742-6e26-11de-ac06-cee1a960ea50}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4c032745-6e26-11de-ac06-cee1a960ea50}\Shell - "" = AutoRun
O33 - MountPoints2\{4c032745-6e26-11de-ac06-cee1a960ea50}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{71304ec8-9d7e-11de-972a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{71304ec8-9d7e-11de-972a-806d6172696f}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a0928ff2-6e24-11de-ac05-e0c54cc15950}\Shell - "" = AutoRun
O33 - MountPoints2\{a0928ff2-6e24-11de-ac05-e0c54cc15950}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- [2003.10.02 11:53:52 | 000,225,280 | R--- | M] (Gotham Games )
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007.07.05 14:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.11.14 22:41:22 | 000,000,000 | ---D | C] -- C:\Rootkit Unhooker
[2010.10.18 21:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010.10.18 00:08:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.18 00:08:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.18 00:08:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.18 00:08:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.17 22:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LMPR-Jaakko\Työpöytä\Wdownload 5
[2010.10.16 17:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LMPR-Jaakko\Local Settings\Application Data\id Software
[2010.10.03 01:50:19 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\LMPR-Jaakko\Application Data\tsdnwin.dll
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.14 23:12:00 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-682003330-1004UA.job
[2010.11.14 21:31:49 | 000,169,584 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.11.14 21:29:38 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\LMPR-Jaakko\Työpöytä\TN.exe.lnk
[2010.11.14 15:50:54 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.11.14 15:47:50 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010.11.14 15:47:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.14 02:12:04 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-682003330-1004Core.job
[2010.11.13 18:34:43 | 000,503,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.13 18:34:43 | 000,478,788 | ---- | M] () -- C:\WINDOWS\System32\perfh00B.dat
[2010.11.13 18:34:43 | 000,106,128 | ---- | M] () -- C:\WINDOWS\System32\perfc00B.dat
[2010.11.13 18:34:43 | 000,088,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.12 22:41:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.11 22:48:03 | 000,043,670 | ---- | M] () -- C:\WINDOWS\MAGIX midi studio 7.PRF
[2010.11.06 22:22:31 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010.11.02 22:05:50 | 000,075,072 | ---- | M] () -- C:\Documents and Settings\LMPR-Jaakko\Työpöytä\Kenon Numerot.rtf
[2010.10.31 18:55:55 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.28 00:05:54 | 004,727,230 | ---- | M] () -- C:\Documents and Settings\LMPR-Jaakko\Työpöytä\Irina-Kielletyt_kaskyt.mp3
[2010.10.27 22:36:52 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\LMPR-Jaakko\.recently-used.xbel
[2010.10.25 21:46:09 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.10.25 04:26:54 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\LMPR-Jaakko\Työpöytä\Glary Utilities.lnk
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.10.19 04:27:36 | 000,013,175 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2010.10.18 21:51:44 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\LMPR-Jaakko\Työpöytä\DivX Movies.lnk
[2010.10.18 21:50:24 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\DivX Plus Player.lnk
[2010.10.18 21:48:45 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\DivX Plus Converter.lnk
[2010.10.18 00:08:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.18 00:08:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.18 00:08:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.18 00:08:15 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.18 00:08:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.14 21:29:38 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\LMPR-Jaakko\Työpöytä\TN.exe.lnk
[2010.11.11 22:38:55 | 000,043,670 | ---- | C] () -- C:\WINDOWS\MAGIX midi studio 7.PRF
[2010.10.27 22:36:52 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\LMPR-Jaakko\.recently-used.xbel
[2010.10.19 04:27:36 | 000,013,175 | ---- | C] () -- C:\WINDOWS\vpd.properties
[2010.10.18 21:50:24 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\DivX Plus Player.lnk
[2010.10.18 21:48:45 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\DivX Plus Converter.lnk
[2010.10.15 23:31:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2010.10.15 23:24:40 | 000,000,087 | ---- | C] () -- C:\WINDOWS\magix.ini
[2010.10.04 22:03:52 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.10.04 22:03:51 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.08.21 01:42:17 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2010.08.21 01:42:17 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2010.07.30 00:46:08 | 000,000,745 | ---- | C] () -- C:\WINDOWS\DR2.ini
[2010.07.23 22:16:57 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2010.07.23 22:16:56 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2010.07.23 22:16:47 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\animation.dll
[2010.07.18 00:41:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\WARPLANE.INI
[2010.07.12 21:34:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010.05.01 20:51:18 | 000,000,310 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010.03.22 21:15:32 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010.03.22 21:15:31 | 000,228,864 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010.03.22 21:15:31 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010.03.22 21:15:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010.03.22 21:15:31 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010.03.22 21:15:31 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010.03.22 21:15:31 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010.03.22 21:15:30 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010.03.22 21:15:30 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010.03.22 21:15:30 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2010.03.22 21:15:30 | 000,052,736 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009.12.30 16:51:16 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wa.INI
[2009.12.19 18:50:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Goya.INI
[2009.10.21 03:34:41 | 000,000,244 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2009.08.19 21:05:33 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\r3dgif22.dll
[2009.08.19 19:14:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RasTop.INI
[2009.08.17 17:08:27 | 000,000,197 | ---- | C] () -- C:\WINDOWS\WinNG.ini
[2009.08.14 01:30:49 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.07.31 04:01:17 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\wsxttime.sys
[2009.07.27 18:54:30 | 000,003,855 | ---- | C] () -- C:\WINDOWS\TWEplus.INI
[2009.07.27 18:25:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Oiduts.dll
[2009.07.26 20:47:46 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009.07.26 20:47:46 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009.07.26 20:47:46 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009.07.26 20:22:25 | 000,000,397 | ---- | C] () -- C:\WINDOWS\WAVEGEN.INI
[2009.07.26 18:04:08 | 000,000,089 | ---- | C] () -- C:\WINDOWS\vpetting.ini
[2009.07.26 00:05:42 | 000,000,147 | ---- | C] () -- C:\WINDOWS\INSTGRPS.INI
[2009.07.23 22:39:29 | 000,000,081 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2009.07.21 01:49:22 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2009.07.17 23:56:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.07.16 02:03:17 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.07.15 21:05:32 | 000,000,301 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009.07.15 17:44:49 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2009.07.15 15:25:18 | 000,000,319 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2009.07.15 14:45:04 | 000,000,730 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009.07.15 14:43:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\MusicMaker.INI
[2009.07.15 14:42:28 | 000,000,297 | ---- | C] () -- C:\WINDOWS\Sampler.INI
[2009.07.15 14:42:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009.07.15 14:42:26 | 000,000,305 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2009.07.15 14:35:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009.07.13 22:01:24 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\LMPR-Jaakko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.13 21:59:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RingtoneMaker.INI
[2009.07.13 21:54:26 | 000,005,715 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.07.13 21:31:46 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.07.13 21:31:46 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.07.13 21:31:46 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.07.12 22:31:17 | 000,000,858 | ---- | C] () -- C:\WINDOWS\SOFPLAT.ini
[2009.07.12 15:00:35 | 000,000,177 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.07.12 02:30:27 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009.07.12 00:53:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.07.11 23:38:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.07.11 23:38:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.07.11 00:37:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009.07.10 23:50:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.07.10 23:44:51 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2009.07.10 23:44:27 | 000,003,173 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.07.10 23:44:26 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.07.10 23:13:01 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\LMPR-Jaakko\Local Settings\Application Data\fusioncache.dat
[2009.07.10 23:05:46 | 000,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2009.07.10 20:44:51 | 000,004,405 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.12.19 16:15:58 | 003,128,320 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005.12.07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.11.16 16:34:10 | 000,700,416 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2002.03.19 17:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2000.03.29 01:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2000.03.28 15:27:42 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[1997.11.17 16:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2010.02.14 02:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2009.07.13 19:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009.07.21 01:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009.07.15 14:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009.12.12 00:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2010.10.04 22:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My Horse and Me
[2010.09.26 23:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009.07.13 19:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.07.12 14:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010.10.24 16:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.07.16 21:28:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010.01.25 01:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\.atanks
[2010.01.23 22:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\.k3d
[2010.04.01 01:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Datalayer
[2010.02.23 02:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Dev-Cpp
[2009.07.22 19:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\fltk.org
[2009.07.10 23:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\FLVPlayer4Free
[2009.07.12 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\GetRightToGo
[2009.12.05 17:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\gtk-2.0
[2009.07.11 23:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\InterVideo
[2009.07.12 02:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Leadertech
[2009.12.19 18:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\MAGIX
[2010.09.11 21:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Mount&Blade
[2009.09.11 19:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\NASA
[2010.09.27 00:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Nokia
[2010.01.23 22:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Notepad++
[2009.07.10 23:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\OpenOffice.org
[2009.07.19 22:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Panasonic
[2009.07.13 19:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\PC Suite
[2010.01.22 22:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Stellarium
[2009.07.23 21:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Thalia
[2010.10.29 23:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\Wings3D
[2010.06.29 14:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\WinPatrol
[2009.09.27 15:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\XnView
[2010.02.02 20:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LMPR-Jaakko\Application Data\xvrml.net
[2010.11.14 15:47:50 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010.11.14 15:50:54 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39413AC3

< End of report >

Edited by 34BLEEP00XX, 16 November 2010 - 02:32 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 AM

Posted 16 November 2010 - 02:52 PM

I have reviewed also your previous topic. Can you please give me a clear description of your malware problem? I could not find any explanation about what problem you are having and I see nothing in your logs.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:48 AM

Posted 17 November 2010 - 05:56 AM

Can somebody check these files:

[2009.07.13 21:31:46 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.07.13 21:31:46 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.07.13 21:31:46 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

Because I have read somewhere that they are Malware components but I think they are StarForce protection system drivers.

Can you check if they are any malware components?

Also check these error messages on missing services:
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) HID (Human Interface Device)
I have read somewhere that HID device is a joystick. Is this correct?

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

Are they anything important?

Description of one problem:

Each time I start the computer first time or boot it. It runs a CHKDSK in drive D: EVERY time I start it but it doesn't find any errors? Is this weird behaviour?


I will post part of the extras.txt later because it shows some file connection errors. I'll just delete a programs installed part from that log.

Is this bad one:
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)

It is part of a Zone Alarm firewall and it's missing. Is it bad?

Edited by 34BLEEP00XX, 17 November 2010 - 06:07 AM.


#13 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:48 AM

Posted 17 November 2010 - 06:20 AM

I want to AD this site. It is useful.
www.mywot.com

Try it. It's a web protection toolbar.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 AM

Posted 17 November 2010 - 08:28 AM

I have seen all those lines already, and they are all normal and legit.

The fact that checkdisk runs every time on drive D, means most likely that the drive is marked "dirty". We can verify this, but first, please let me know how many drives you have (physical drives and partitions) and what is on this D drive.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:48 AM

Posted 18 November 2010 - 03:09 PM

Can you answer my question about those missing services?

I drive D: I have picture files and games.

My partitions are C: , D: , E:
Those other partitions are H: , J: .They are from a broken hard drive. I need to remove it.

How about that missing srescan.sys?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users