[intercept1]

when i start the computer with network then after 10sec after seeing my desktop the hole screen gets black and i the middle it is e message from
microsoft security essential alert that says that i have virus and trojans on the computer and have to buy a program from them to get free from virus and trojans.
But if i start computer without network cable then the computer works, but directly i put the cable in the message displays.
I can also start computer without network the run program RKKILL and the i can put the cable in and then it works.
How can i do to take away thos trojan or virus.

[Advertisements]

Hello intercept1 and welcome to GeeksToGo

My nickname is WhiteHat and I'm going to help you fix your problem.

• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please do not try to fix anything without being asked
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
• Do not put your logs inside <Quote> and/or <Code> *important*
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
  In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.

[WhiteHat]

Hello intercept1 and welcome to GeeksToGo

My nickname is WhiteHat and I'm going to help you fix your problem.

• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please do not try to fix anything without being asked
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
• Do not put your logs inside <Quote> and/or <Code> *important*
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
  In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.

[WhiteHat]

Start the computer and run Rkill

NEXT:

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan
  

• Wait for the end of the scan.
• The report has been created on the desktop.

THEN:

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• In Extra Registry, select Use SafeList
• Under the Custom Scan box paste this in
  

  netsvcs
  msconfig
  drives
  %SYSTEMDRIVE%\*.*
  %systemdrive%\drivers\*.exe
  %systemroot%\system32\drivers\*.* /90
  %PROGRAMFILES%\*.*
  HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
  HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
  CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

FINALLY

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



LOGS I WANT TO SEE IN YOUR NEXT REPLY:

• RogueKiller logs
• OTL.txt log
• Extras.txt log
• aswMBR log

[intercept1]

Hello WhiteHat!

Iam very glad that you want to help me and iam going to try to do exactly that you tell med to do.
I also have discovred that this problem is not on every user on this computer, also if i start computer without network cable and wait 2 minutes without running rkkill
and then push the cable back in the computer the the message dont shows and the computer runs normaly.

[intercept1]

ROGUEKILLER SOFTWARE LICENSE TERMS

These license terms are an agreement between I (Tigzy - RogueKiller's developer) and you.
Please read them. They apply to the software you are downloading from sur-la-toile.com (or Geekstogo.com).

for this software, unless other terms accompany those items. If so, those terms apply.

BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE.

If you comply with these license terms, you have the rights below.

1. INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.

2. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the software. I reserve all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways.

You may not:

* work around any technical limitations in the binary versions of the software;
* reverse engineer, decompile or disassemble the binary versions of the software, except and only to the extent that
applicable law expressly permits, despite this limitation;
* make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;
* PUBLISH THE SOFTWARE FOR OTHERS TO COPY;
* rent, lease or lend the software;
* TRANSFERT THE SOFTWARE OR THIS AGREEMENT TO ANY THIRD PARTY
* USE THE SOFTWARE FOR COMMERCIAL SOFTWARE HOSTING SERVICES

3. SUPPORT SERVICES. Because this software is <as is,> I may not provide support services for it.

4. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.

5. DISCLAIMER OF WARRANTY. THE SOFTWARE IS LICENSED “AS-IS.” YOU BEAR THE RISK OF USING IT.

6. DATA GRABBING. The software can send data from your computer through the internet. By approving this contract,
you agree with this. Datas are not sensitive, they are related to your computer configuration (language, windows version, session name, ...) and to this software's internal datas (build number, pattern of infection, number of registry keys found, ...).
Basically, each information contained in the report generated by this software can be sent.






OTL logfile created on: 2012-08-16 21:46:11 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = D:\Program\Trojan
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 73,87% Memory free
5,09 Gb Paging File | 4,29 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 60,00 Gb Total Space | 41,05 Gb Free Space | 68,41% Space Free | Partition Type: NTFS
Drive D: | 536,16 Gb Total Space | 353,44 Gb Free Space | 65,92% Space Free | Partition Type: NTFS
Drive G: | 279,46 Gb Total Space | 230,76 Gb Free Space | 82,57% Space Free | Partition Type: NTFS

Computer Name: PARTYFIL-78AA68 | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-16 21:44:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Program\Trojan\OTL.exe
PRC - [2012-08-16 21:44:09 | 001,558,528 | ---- | M] () -- D:\Program\Trojan\RogueKiller.exe
PRC - [2012-07-28 10:09:59 | 001,193,176 | ---- | M] () -- D:\Program\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program\Malware\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-07-03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- D:\Program\Malware\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program\Opera\opera.exe
PRC - [2011-06-13 17:40:02 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011-06-13 17:40:02 | 000,528,832 | ---- | M] (Lavasoft) -- C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008-04-15 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-13 17:49:56 | 000,472,320 | ---- | M] (ESET) -- C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008-03-13 17:48:30 | 001,443,072 | ---- | M] (ESET) -- C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008-02-26 15:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program\Delade filer\LightScribe\LSSrvc.exe
PRC - [2005-06-16 03:41:00 | 000,450,560 | ---- | M] (Logitech Inc.) -- D:\Program\Logitech\SetPoint.exe
PRC - [2005-06-16 03:41:00 | 000,028,160 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE


========== Modules (No Company Name) ==========

MOD - [2012-07-28 10:09:59 | 001,193,176 | ---- | M] () -- D:\Program\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012-03-31 17:17:48 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2012-03-31 16:38:07 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2012-03-31 16:38:03 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2012-03-31 16:37:55 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2012-03-31 16:37:41 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2012-03-31 16:37:35 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2012-03-31 16:36:16 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011-06-13 17:40:06 | 001,640,216 | ---- | M] () -- C:\Program\Lavasoft\Ad-Aware\Resources.dll
MOD - [2011-06-13 17:40:04 | 000,256,424 | ---- | M] () -- C:\Program\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2009-11-03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program\Delade filer\Apple\Apple Application Support\zlib1.dll
MOD - [2009-02-27 19:23:48 | 000,311,296 | ---- | M] () -- C:\Program\Delade filer\Adobe\Acrobat\ActiveX\pdfshell.SVE
MOD - [2009-01-17 19:05:51 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2960.38832__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009-01-17 19:05:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2960.39139__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009-01-17 19:05:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009-01-17 19:05:50 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2960.38828__90ba9c70f846762e\APM.Server.dll
MOD - [2009-01-17 19:05:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2960.38830__90ba9c70f846762e\AEM.Server.dll
MOD - [2009-01-17 12:12:04 | 001,679,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2960.38889__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009-01-17 12:12:04 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2960.38841__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009-01-17 12:12:04 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2960.38904__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009-01-17 12:12:04 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2960.39112__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009-01-17 12:12:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2960.39069__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009-01-17 12:12:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2960.38879__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009-01-17 12:12:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2960.39014__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009-01-17 12:12:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2960.38863__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009-01-17 12:12:03 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2960.39152__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009-01-17 12:11:51 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2960.38856__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:50 | 000,352,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2960.39080__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:50 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2960.39160__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:50 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2960.38896__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:50 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2960.39087__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009-01-17 12:11:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2960.39078__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009-01-17 12:11:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2960.38895__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009-01-17 12:11:49 | 000,802,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2960.39025__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:49 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2960.38918__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:49 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2960.38865__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:49 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2960.39101__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009-01-17 12:11:49 | 000,217,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2960.38911__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:49 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2960.39045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:49 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2960.39023__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009-01-17 12:11:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2960.38924__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009-01-17 12:11:49 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2960.39044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009-01-17 12:11:48 | 000,479,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2960.39017__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:48 | 000,442,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2960.39008__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009-01-17 12:11:48 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2960.39015__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009-01-17 12:11:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2960.39023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009-01-17 12:11:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009-01-17 12:11:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2960.39061__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009-01-17 12:11:48 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009-01-17 12:11:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009-01-17 12:11:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009-01-17 12:11:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009-01-17 12:11:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009-01-17 12:11:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2009-01-17 12:11:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009-01-17 12:11:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009-01-17 12:11:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009-01-17 12:11:48 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009-01-17 12:11:47 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2939.23744__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009-01-17 12:11:47 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009-01-17 12:11:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009-01-17 12:11:47 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2009-01-17 12:11:47 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009-01-17 12:11:47 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009-01-17 12:11:47 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009-01-17 12:11:47 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009-01-17 12:11:47 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009-01-17 12:11:47 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009-01-17 12:11:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2960.39176__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009-01-17 12:11:43 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2960.38830__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009-01-17 12:11:42 | 001,507,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2960.38850__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009-01-17 12:11:42 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2960.38873__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009-01-17 12:11:42 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2960.39140__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009-01-17 12:11:42 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2960.38831__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009-01-17 12:11:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2960.39136__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009-01-17 12:11:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009-01-17 12:11:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009-01-17 12:11:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009-01-17 12:11:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009-01-17 12:11:42 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009-01-17 12:11:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009-01-17 12:11:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009-01-17 12:11:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008-09-11 00:00:05 | 000,168,960 | ---- | M] () -- C:\Program\Lavasoft\Ad-Aware\unrar.dll
MOD - [2007-05-22 11:59:22 | 000,128,512 | ---- | M] () -- C:\Program\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program\Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-04-19 13:45:27 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011-06-13 17:40:02 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008-03-13 17:55:26 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008-03-13 17:49:56 | 000,472,320 | ---- | M] (ESET) [Auto | Running] -- C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008-02-26 15:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program\Delade filer\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007-11-15 14:43:04 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2005-04-04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-07-28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\qcserxp.sys -- (qcserxp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\81632850.sys -- (94699300)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\07752446.sys -- (20687262)
DRV - [2012-08-16 21:44:25 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-08-03 15:57:35 | 000,139,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009-08-28 20:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009-08-21 02:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2009-08-21 02:08:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2009-08-21 02:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009-04-26 17:40:13 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008-05-14 01:08:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008-04-13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2008-03-13 17:52:18 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008-03-13 17:44:36 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008-03-13 17:43:42 | 000,040,456 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008-02-09 05:58:34 | 002,857,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007-11-01 08:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007-11-01 02:56:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007-10-12 03:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2007-03-05 15:28:00 | 000,076,288 | R--- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006-12-28 18:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006-07-02 00:21:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006-05-26 06:50:14 | 000,018,560 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DUBE100B.sys -- (DUBE100B)
DRV - [2005-06-02 14:35:32 | 000,025,856 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005-06-02 14:35:28 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005-06-02 14:35:08 | 000,014,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2005-06-02 14:35:04 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005-06-02 14:34:44 | 000,013,440 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2004-08-13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-436374069-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
IE - HKU\S-1-5-21-436374069-1275210071-725345543-1003\..\SearchScopes,DefaultScope = {ABC0E218-72B3-44AA-95EF-60206EF7C7A7}
IE - HKU\S-1-5-21-436374069-1275210071-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-436374069-1275210071-725345543-1003\..\SearchScopes\{ABC0E218-72B3-44AA-95EF-60206EF7C7A7}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-436374069-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.aftonbladet.se"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: D:\Program\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program\Mozilla Firefox\components [2011-06-30 22:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2012-04-16 19:13:14 | 000,000,000 | ---D | M]

[2009-01-18 21:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
[2009-01-18 21:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bsnbvl7y.default\extensions
[2012-08-14 10:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2010-04-26 22:02:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-07-28 20:45:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-01-06 00:20:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011-03-23 13:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-08-21 11:53:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012-04-06 18:16:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012-04-06 18:16:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-04-06 18:16:40 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\mozilla firefox\plugins\npdeployJava1.dll
[2009-07-07 23:41:16 | 000,001,470 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2009-07-07 23:41:16 | 000,002,670 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2009-07-07 23:41:16 | 000,000,948 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2009-07-07 23:41:16 | 000,001,174 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2009-07-07 23:41:16 | 000,000,647 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,710 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program\Adobe\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program\Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-436374069-1275210071-725345543-1003..\Run: [SkypePM] C:\Documents and Settings\Don\Lokala inställningar\Application Data\Skype\SkypePM.exe (ACD Systems, Ltd.)
O4 - HKU\S-1-5-21-436374069-1275210071-725345543-1003..\Run: [Spotify Web Helper] D:\Program\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Logitech SetPoint.lnk = D:\Program\Logitech\SetPoint.exe (Logitech Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D90C4E67-D670-4D6B-A9E8-DFE73A2783B0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Don\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Don\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-01-17 18:54:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{02d849ee-93ce-11de-b28e-0023543378e7}\Shell\AutoRun\command - "" = H:\installer.exe
O33 - MountPoints2\{02d849ee-93ce-11de-b28e-0023543378e7}\Shell\verb\command - "" = H:\installer.exe
O33 - MountPoints2\{11e4cd96-5dae-11de-b22c-0023543378e7}\Shell\AutoRun\command - "" = H:\wd_windows_tools\setup.exe
O33 - MountPoints2\{15af9d9a-fa35-11e0-9211-208012460403}\Shell - "" = AutoRun
O33 - MountPoints2\{15af9d9a-fa35-11e0-9211-208012460403}\Shell\AutoRun\command - "" = F:\SecureDataUSBDrive.exe
O33 - MountPoints2\{a889e22c-608a-11e1-92e7-208012460403}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-08-16 21:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Skrivbord\RK_Quarantine
[2012-08-14 14:41:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-08-13 23:52:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Don\Recent
[2012-08-13 23:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012-08-13 21:18:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-08-13 00:03:38 | 001,051,552 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Don\Skrivbord\rkill.exe
[2012-08-12 23:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\Malwarebytes
[2012-08-12 23:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes' Anti-Malware
[2012-08-12 23:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-08-12 23:16:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-08-12 22:54:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-08-12 21:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
[2012-08-04 21:43:29 | 000,000,000 | ---D | C] -- C:\Program\Xenocode
[2012-08-04 21:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Lokala inställningar\Application Data\Xenocode
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-16 21:44:31 | 000,400,012 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2012-08-16 21:44:31 | 000,397,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-08-16 21:44:31 | 000,070,954 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2012-08-16 21:44:31 | 000,059,532 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-08-16 21:44:25 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012-08-16 21:42:10 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-16 21:40:06 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-16 21:40:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-08-16 21:40:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-16 18:36:55 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk
[2012-08-16 17:31:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-08-14 19:22:55 | 000,002,079 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012-08-14 12:09:38 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2012-08-13 00:03:38 | 001,051,552 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Don\Skrivbord\rkill.exe
[2012-08-08 20:14:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-08-05 17:40:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012-08-04 21:36:44 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012-08-04 21:35:58 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012-08-04 21:35:58 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012-08-04 21:10:55 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-08-04 20:19:54 | 000,157,696 | ---- | M] () -- C:\Documents and Settings\Don\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-04 19:53:05 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\µTorrent.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-08-16 21:44:25 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012-08-12 23:16:52 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk
[2012-08-04 19:51:56 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\µTorrent.lnk
[2012-04-14 22:54:29 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Don\default.pls
[2011-06-15 14:49:36 | 000,037,060 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-04-06 16:42:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Marsu-fix reg Uninstaller.exe
[2010-12-16 00:52:50 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009-03-04 22:37:37 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009-01-17 16:28:03 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\Don\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3300622AS
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: SAMSUNG HD642JJ
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 279,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 60,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 536,00GB
Starting Offset: 64428618240
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2012-08-16 21:39:49 | 000,004,252 | ---- | M] () -- C:\aaw7boot.log
[2009-01-17 18:54:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-01-17 19:00:34 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-01-17 18:54:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-01-17 18:54:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-01-17 18:54:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-15 14:00:00 | 000,250,560 | RHS- | M] () -- C:\ntldr
[2012-08-16 21:39:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012-08-16 21:44:25 | 000,014,080 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys

< %PROGRAMFILES%\*.* >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010-04-01 22:42:02 | 000,509,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010-04-01 22:42:02 | 000,509,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010-04-01 22:42:02 | 000,509,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program\Mozilla Firefox\firefox.exe [2010-04-01 22:42:00 | 000,307,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program\Mozilla Firefox\firefox.exe" -preferences [2010-04-01 22:42:00 | 000,307,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program\Mozilla Firefox\firefox.exe" -safe-mode [2010-04-01 22:42:00 | 000,307,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009-03-08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009-03-08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009-03-08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program\Internet Explorer\iexplore.exe" -extoff [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program\Internet Explorer\iexplore.exe [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program\Opera\Opera.exe" /ShowIconsCommand [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program\Opera\Opera.exe" /HideIconsCommand [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program\Opera\Opera.exe" /ReInstallBrowser [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\shell\open\command\\: "C:\Program\Opera\Opera.exe" [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera.exe\shell\open\command\\: C:\Program\Opera\Opera.exe [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "D:\Program\Safari\Safari.exe" /reinstall [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "D:\Program\Safari\Safari.exe" /hideicons [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "D:\Program\Safari\Safari.exe" /showicons [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "D:\Program\Safari\Safari.exe" [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010-04-01 22:42:02 | 000,509,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010-04-01 22:42:02 | 000,509,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010-04-01 22:42:02 | 000,509,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program\Mozilla Firefox\firefox.exe [2010-04-01 22:42:00 | 000,307,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program\Mozilla Firefox\firefox.exe" -preferences [2010-04-01 22:42:00 | 000,307,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program\Mozilla Firefox\firefox.exe" -safe-mode [2010-04-01 22:42:00 | 000,307,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009-03-08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009-03-08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009-03-08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program\Internet Explorer\iexplore.exe" -extoff [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program\Internet Explorer\iexplore.exe [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program\Opera\Opera.exe" /ShowIconsCommand [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program\Opera\Opera.exe" /HideIconsCommand [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program\Opera\Opera.exe" /ReInstallBrowser [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\shell\open\command\\: "C:\Program\Opera\Opera.exe" [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera.exe\shell\open\command\\: C:\Program\Opera\Opera.exe [2012-01-24 11:25:54 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "D:\Program\Safari\Safari.exe" /reinstall [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "D:\Program\Safari\Safari.exe" /hideicons [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "D:\Program\Safari\Safari.exe" /showicons [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "D:\Program\Safari\Safari.exe" [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< End of report >




OTL Extras logfile created on: 2012-08-16 21:46:11 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = D:\Program\Trojan
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 73,87% Memory free
5,09 Gb Paging File | 4,29 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 60,00 Gb Total Space | 41,05 Gb Free Space | 68,41% Space Free | Partition Type: NTFS
Drive D: | 536,16 Gb Total Space | 353,44 Gb Free Space | 65,92% Space Free | Partition Type: NTFS
Drive G: | 279,46 Gb Total Space | 230,76 Gb Free Space | 82,57% Space Free | Partition Type: NTFS

Computer Name: PARTYFIL-78AA68 | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-436374069-1275210071-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program\uTorrent\uTorrent.exe" = C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Installation\Setupx.exe" = E:\Installation\Setupx.exe:*:Enabled:Nero ControlCenter
"C:\Program\Opera\opera.exe" = C:\Program\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Program\Spotify\spotify.exe" = D:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program\Steam\Steam.exe" = C:\Program\Steam\Steam.exe:*:Enabled:Steam
"C:\Program\Steam\steamapps\the_mole_swe\counter-strike\hl.exe" = C:\Program\Steam\steamapps\the_mole_swe\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
"C:\Program\Google\Google Earth\client\googleearth.exe" = C:\Program\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"D:\Program\Torrent\uTorrent.exe" = D:\Program\Torrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E80F46-1B6A-2DC2-5F61-F7CBB0AEC6F6}" = Catalyst Control Center Localization Turkish
"{0D5FD7C1-D08F-A0A0-F55A-9719041154B8}" = Catalyst Control Center Localization Spanish
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{0F3AC7DE-93F7-A578-96C7-1143DE38EBFD}" = CCC Help Czech
"{12CEE8C7-8983-4FEC-A046-3FB4AE3A691C}" = Windows Live Sync
"{13B07661-B1E0-427E-3C3F-49E46AFBD233}" = CCC Help Russian
"{15F4319D-D6A8-5B67-6902-73EF5D12B29D}" = Catalyst Control Center Localization Chinese Traditional
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EB3AE55-982B-5629-8093-4F4AF472F9E9}" = Catalyst Control Center Localization Portuguese
"{1FF030B6-7B22-ADCF-D749-0FFCB43D33BB}" = Catalyst Control Center Localization Korean
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{289C26A9-11D4-FF0D-48C9-AEB28BCA987E}" = CCC Help Danish
"{291445E6-CA84-2065-1D3B-921CBC6525EA}" = Catalyst Control Center Localization Polish
"{2917ECC2-2F1E-038A-CC25-5DCBD80DBA47}" = Catalyst Control Center Localization Norwegian
"{2A051409-C003-8CD0-BC12-A216ABA33610}" = CCC Help Korean
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30C4509E-2124-4743-83E8-2EDCBD39D3F7}" = Windows Live Photo Gallery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{337231A8-3424-3930-A4DC-2C1FB93370C6}" = Catalyst Control Center Graphics Light
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{375072E6-25B1-1EDD-FCA1-75432746CFBF}" = CCC Help Italian
"{384743C4-161D-E41F-21EE-1A3487309F1C}" = Catalyst Control Center Localization Italian
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C497A05-310E-45DD-8FD2-108AA74B200B}" = Robot Wars: Arenas of Destruction
"{4697C7C8-3720-AA99-EA1F-1502D5AF6655}" = CCC Help Portuguese
"{49600BF0-20E8-9135-F222-A771157A8A90}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B3C7094-414F-BAB8-4828-6F27CFA5BEDC}" = CCC Help German
"{52BD1DF5-BC41-6CD2-3D07-F1AC75886FAA}" = Catalyst Control Center Graphics Full Existing
"{556E8E15-ECD5-4E5C-9250-C425C89E75DE}" = Quake Live Internet Explorer Plugin
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F80BD6-5D0B-4CA0-CE20-9531E77C15E5}" = CCC Help Swedish
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{61176FC2-E74A-6EC9-CE55-4F7A033C3F55}" = Catalyst Control Center Localization Dutch
"{64F1AB27-296E-54EF-6F2F-6BE14D27CD14}" = Catalyst Control Center Localization Hungarian
"{667DE56A-0FC1-32F6-C106-A08E048D7243}" = CCC Help Norwegian
"{67113718-4F9A-2B74-6DA2-46BAFF2CECC2}" = Catalyst Control Center Localization Czech
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{6BED8CAB-939C-6DEC-B952-E678C248B1F8}" = Catalyst Control Center Localization Finnish
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver
"{70A5C023-971E-218E-0C06-99188C747F25}" = Catalyst Control Center Graphics Previews Common
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B1D7AE-0980-8A11-5E56-C4376C61F7F5}" = CCC Help Spanish
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7E5FDD0C-7DB5-3EF8-8342-D1C6DAB94758}" = ccc-utility
"{801DA3A1-9E07-6755-0309-A1FCC01492E3}" = Catalyst Control Center Graphics Full New
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86A6E235-C08F-4A14-B14C-793C7D8844A0}" = ESET NOD32 Antivirus
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8B40F17B-67E8-D57B-9B89-08A0DC1D527A}" = Catalyst Control Center Localization Japanese
"{8E4C392F-7290-1586-5F42-D0CC78AF2AA7}" = CCC Help Japanese
"{9011041D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-041D-0000-0000000FF1CE}" = Compatibility Pack för Office 2007-systemet
"{90273B5E-5FD7-F61C-289B-E15FE5F5251A}" = Catalyst Control Center Localization German
"{92146281-1594-32CA-06D2-EFFA2EA8EF6C}" = Catalyst Control Center Localization Thai
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C4C2ECE-CBDD-427D-C9A4-B694538B8236}" = CCC Help Chinese Traditional
"{9D71329D-95A5-4297-8F79-DCDBD156420A}" = Windows Live Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AC43110D-FE77-2ECB-A01A-724B5EFC2EE3}" = Catalyst Control Center Localization Greek
"{AC76BA86-7AD7-1053-7B44-A95000000001}" = Adobe Reader 9.5.1 - Svenska
"{B2762E75-4C28-5DF4-EEA9-1C536195ED71}" = Catalyst Control Center Localization Danish
"{B6BFEEFA-7F87-0045-3199-FFAACEF1CDB8}" = Catalyst Control Center Localization Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB3F1641-0126-38AA-C34A-358A273B5A11}" = CCC Help Turkish
"{C08FF9D0-1422-00EC-DC3B-F220F434DDB8}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2FDFB6F-003E-0432-DFBD-9A9FD65DC027}" = CCC Help Greek
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA6FDA2D-9C9E-F4FA-D658-B0E5CAD0EFB3}" = Catalyst Control Center Localization Russian
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers
"{D1941AFA-6671-3F98-0F0C-2D37978554E3}" = ccc-core-preinstall
"{D323F1F1-E9F4-4B61-BE3B-4147276D1053}" = Nero 8 Essentials
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D87691C3-1183-1043-5CA7-11DFEAD6FFED}" = CCC Help Hungarian
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEDF4354-6438-95E0-824E-071F798C0D3C}" = CCC Help French
"{E01A2B5F-8D98-AA9D-9BA6-03A1303C10E7}" = Catalyst Control Center Localization French
"{E1BF87F7-AC0D-26F1-7C63-E8EA40D469D9}" = ccc-core-static
"{E21C18F0-96FD-D7A9-0BD3-938E070447D9}" = Catalyst Control Center Core Implementation
"{E2A7C863-A3FC-1E40-7D58-89CC3C23ADBF}" = CCC Help Thai
"{E62A220A-1F92-A8E3-8A50-47A9882013B6}" = Catalyst Control Center Localization Swedish
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC79191F-7424-E913-3790-CD1573D992DE}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F13225E2-6533-4923-A657-083A151E667E}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9D6543E-5616-E302-2436-A746DBEAF4E0}" = Skins
"{FE86B64D-1D30-C6D3-274C-51DFFCD0E4F9}" = CCC Help Polish
"{FF24A100-18C4-6383-706E-0EADAD3AEA44}" = CCC Help Dutch
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Hjälp för avinstallation av program
"AMDAway INF" = AMDAway INF
"ATI Display Driver" = ATI Display Driver
"bet365poker" = Poker at bet365
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"ESET Online Scanner" = ESET Online Scanner v3
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"HP Deskjet 3740 Series_Driver" = HP Deskjet 3740 Series
"ie8" = Windows Internet Explorer 8
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.5
"Ladbrokes Poker" = Ladbrokes Poker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Marsu-Fix" = Marsu-Fix
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"Personal" = BankID säkerhetsprogram 4.16.1
"Pontifex II" = Pontifex II
"PunkBusterSvc" = PunkBuster Services
"Replay Music3.45" = Replay Music
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Spotify" = Spotify
"Svenska Spels Poker" = Svenska Spels Poker
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.1.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Volvo - The Game_is1" = Volvo - The Game
"Write-N-Cite" = Write-N-Cite
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-436374069-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-08-14 06:09:20 | Computer Name = PARTYFIL-78AA68 | Source = Application Error | ID = 1000
Description = Felaktigt program mbam.exe, version 1.62.0.87, felaktig modul mbamcore.dll,
version 1.62.0.0, felaktig adress 0x00031120.

Error - 2012-08-14 06:09:42 | Computer Name = PARTYFIL-78AA68 | Source = Application Error | ID = 1000
Description = Felaktigt program mbam.exe, version 1.62.0.87, felaktig modul kernel32.dll,
version 5.1.2600.5512, felaktig adress 0x00010b7a.

Error - 2012-08-14 06:10:00 | Computer Name = PARTYFIL-78AA68 | Source = Application Error | ID = 1000
Description = Felaktigt program mbam.exe, version 1.62.0.87, felaktig modul mbamcore.dll,
version 1.62.0.0, felaktig adress 0x00093507.

Error - 2012-08-14 13:39:56 | Computer Name = PARTYFIL-78AA68 | Source = crypt32 | ID = 131083
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.

Error - 2012-08-14 13:39:56 | Computer Name = PARTYFIL-78AA68 | Source = crypt32 | ID = 131083
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.

[ System Events ]
Error - 2012-08-16 13:08:07 | Computer Name = PARTYFIL-78AA68 | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: sptd

Error - 2012-08-16 13:11:14 | Computer Name = PARTYFIL-78AA68 | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: sptd

Error - 2012-08-16 15:13:36 | Computer Name = PARTYFIL-78AA68 | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: sptd

Error - 2012-08-16 15:22:35 | Computer Name = PARTYFIL-78AA68 | Source = Service Control Manager | ID = 7034
Description = Tjänsten iPod Service avslutades oväntat. Detta har skett 1 gånger.

Error - 2012-08-16 15:24:36 | Computer Name = PARTYFIL-78AA68 | Source = Service Control Manager | ID = 7034
Description = Tjänsten Ati HotKey Poller avslutades oväntat. Detta har skett 1 gånger.

Error - 2012-08-16 15:32:21 | Computer Name = PARTYFIL-78AA68 | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: AmdK8 easdrv Fips sptd

Error - 2012-08-16 15:32:42 | Computer Name = PARTYFIL-78AA68 | Source = DCOM | ID = 10005
Description = DCOM fick felet %1084 vid försök att starta tjänsten EventSystem med
argumenten för att köra servern: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-08-16 15:39:25 | Computer Name = PARTYFIL-78AA68 | Source = DCOM | ID = 10005
Description = DCOM fick felet %1084 vid försök att starta tjänsten EventSystem med
argumenten för att köra servern: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-08-16 15:40:44 | Computer Name = PARTYFIL-78AA68 | Source = Service Control Manager | ID = 7000
Description = Tjänsten Ati HotKey Poller kunde inte startas på grund av följande
fel: %%2

Error - 2012-08-16 15:40:49 | Computer Name = PARTYFIL-78AA68 | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: sptd


< End of report >



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-16 21:53:05
-----------------------------
21:53:05.156 OS Version: Windows 5.1.2600 Service Pack 3
21:53:05.156 Number of processors: 2 586 0x6B02
21:53:05.156 ComputerName: PARTYFIL-78AA68 UserName: Don
21:53:05.468 Initialize success
21:53:21.625 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:53:21.625 Disk 0 Vendor: ST3300622AS 3.AAH Size: 286168MB BusType: 3
21:53:21.625 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19
21:53:21.625 Disk 1 Vendor: SAMSUNG_HD642JJ 1AA01113 Size: 610480MB BusType: 3
21:53:21.625 Disk 1 MBR read successfully
21:53:21.625 Disk 1 MBR scan
21:53:21.625 Disk 1 Windows XP default MBR code
21:53:21.625 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61443 MB offset 63
21:53:21.625 Disk 1 Partition - 00 0F Extended LBA 549026 MB offset 125837145
21:53:21.625 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 549026 MB offset 125837208
21:53:21.640 Disk 1 scanning sectors +1250242560
21:53:21.671 Disk 1 scanning C:\WINDOWS\system32\drivers
21:53:24.140 Service scanning
21:53:28.703 Modules scanning
21:53:31.546 Disk 1 trace - called modules:
21:53:31.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
21:53:31.562 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a69fab8]
21:53:31.562 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a6ab9e8]
21:53:31.578 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-19[0x8a698d98]
21:53:31.578 Scan finished successfully
21:53:38.546 Disk 1 MBR has been saved successfully to "D:\Program\Trojan\MBR.dat"
21:53:38.562 The log file has been saved successfully to "D:\Program\Trojan\aswMBR.txt"

[WhiteHat]

Hi,

ROGUEKILLER SOFTWARE LICENSE TERMS

This is not the RogueKiller log. Please, try again:

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan
  

• Wait for the end of the scan.
• The report has been created on the desktop.

[intercept1]

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administratör [Admin rights]
Mode: Remove -- Date: 08/17/2012 21:06:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3300622AS +++++
--- User ---
[MBR] 9087b09bafceb0740041103fbe548112
[BSP] abc9a5b99c9b34f596bf9da0fe78c5ad : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD642JJ +++++
--- User ---
[MBR] 0a73bf0f39c5828f9cba02bb7b8c2a79
[BSP] 48acb053e8ef0f42aabf7d64624ebec1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 61443 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 125837145 | Size: 549026 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[WhiteHat]

Hi,

Can you tell me what files Microsoft Security Essentials is detecting as a virus? You can find this information on the own quarantine of the antivirus.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[intercept1]

Malwarebytes Anti-Malware (Testversion) 1.62.0.1300
www.malwarebytes.org

Databasversion: v2012.08.16.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Don :: PARTYFIL-78AA68 [administratör]

Skydd: Aktiverad

2012-08-18 22:39:47
mbam-log-2012-08-18 (22-39-47).txt

Skanningstyp: Fullständig skanning (C:\|D:\|G:\|)
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 357163
Förfluten tid: 36 minut(er), 51 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 0
(Inga skadliga poster hittades)

(klar)

[intercept1]

I dont now how but now the computer works normally.
Tanke you for all good help.

[WhiteHat]

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

• (If you use Windows 7/Vista)
• Go to Control Panel and select System
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

• (If you use Windows XP)
• Go to Start > All Programs > Acessories > System Tools > System Restore.
• Select the option Create a restore point and click in Next.
• Type in a name i.e. Clean
• Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.

[intercept1]

Now i have did everything you say i should do and everything run perfectly.
Once again i want to thank you so much for all help, without you i should have
no other choice then to fomat the hole computer.

Thank You

[WhiteHat]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.