Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ad.yieldmanager.com [Closed]

Started by milad77 , Aug 29 2012 02:55 AM

  • This topic is locked This topic is locked

#16
milad77
Posted 02 September 2012 - 05:27 PM

milad77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I still get the same error message when using Command promt. see pic.
Posted Image
  • 0

Advertisements

#17
Crowbar
Posted 03 September 2012 - 09:54 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi
Step 1
Do you have a listing for Vshare in your Add/Remove progams?
if so please uninstall it.

Step 2
Please download ComboFix from Here or Here to your Desktop.


VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

In your next reply I would like to see:
  • contents of Combofix.txt
  • Please confirm exactly which browsers are showing the unwanted ads and the search re-directs

  • 0

#18
milad77
Posted 03 September 2012 - 02:06 PM

milad77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello again,
I did have FF, Chrome and Explorer installed at my computer. I did uninstall FF since I never used it. I did only use Chrome and Explorer. The ads did show in both browsers but now days I cant start Chrome. I can unistall it and try to install it back if it is ok?

Here is the logfile BUT, when I did run ComboFix it said that I had AVG antivirus installed and I should deactivate it. But I thouhgt I did unistalld it last week and some how it doesnt show up at "Add and delete Programs". I dont know how to get rid if it, it seems AVG is a vrius itself :) so I did hit the "Ok" button when ComboFix warned me about the risk of running the program when I have an antivirus installed.

ComboFix 12-09-03.07 - Milad 2012-09-03 21:53:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3070.2448 [GMT 2:00]
Körs från: c:\documents and settings\Milad\Skrivbord\ComboFix.exe
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\All Users\Start-meny\Program\Autostart\hpoddt01.exe.lnk
c:\documents and settings\Milad\g2mdlhlpx.exe
c:\documents and settings\Milad\ncftp
c:\documents and settings\Milad\ncftp\firewall.txt
c:\documents and settings\Milad\ncftp\init_v3.txt
c:\documents and settings\Milad\ncftp\trace.6032
c:\windows\system32\avgfwdx.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((( Filer skapade från 2012-08-03 till 2012-09-03 ))))))))))))))))))))))))))))))
.
.
2012-08-31 15:09 . 2012-08-31 15:09 -------- d-----w- C:\_OTL
2012-08-29 12:00 . 2012-08-29 12:00 -------- d-----w- c:\documents and settings\Milad\Application Data\AVG2012
2012-08-29 11:58 . 2012-08-29 16:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-29 11:48 . 2012-08-29 11:48 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-28 23:04 . 2012-08-28 23:04 -------- d-----w- c:\documents and settings\Milad\Application Data\SUPERAntiSpyware.com
2012-08-28 23:04 . 2012-08-28 23:04 -------- d-----w- c:\program\SUPERAntiSpyware
2012-08-28 23:04 . 2012-08-28 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-28 19:55 . 2012-08-28 19:56 -------- dc-h--w- c:\windows\ie8
2012-08-28 15:51 . 2012-08-28 18:16 -------- d-----w- c:\program\Yieldmanager Removal Tool
2012-08-28 15:39 . 2012-08-28 15:39 388096 ----a-r- c:\documents and settings\Milad\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-28 15:39 . 2012-08-28 15:39 -------- d-----w- c:\program\Trend Micro
2012-08-28 05:45 . 2012-08-28 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-08-28 05:42 . 2012-08-29 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-08-27 14:14 . 2012-08-27 14:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-08-27 14:00 . 2012-08-27 14:00 -------- d-----w- c:\documents and settings\Milad\Lokala inställningar\Application Data\Downloaded Installations
2012-08-27 14:00 . 2012-08-27 14:00 -------- d-----w- c:\documents and settings\Milad\Lokala inställningar\Application Data\adawarebp
2012-08-27 07:56 . 2012-08-27 07:56 -------- d-----w- c:\documents and settings\Milad\Application Data\Malwarebytes
2012-08-27 07:56 . 2012-08-27 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-27 06:40 . 2012-08-27 06:40 -------- d-----w- c:\documents and settings\Milad\Lokala inställningar\Application Data\Help
2012-08-21 20:38 . 2012-08-21 20:38 -------- d-----w- c:\documents and settings\Milad\Application Data\ooVoo Details
2012-08-21 20:38 . 2012-08-21 20:38 -------- d-----w- c:\documents and settings\Milad\Lokala inställningar\Application Data\APN
2012-08-18 19:45 . 2012-08-18 22:00 -------- d-----w- c:\program\PokerStars.EU
2012-08-13 11:35 . 2012-08-13 11:35 5115584 ----a-w- c:\program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 13:39 . 2012-04-01 21:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-29 13:39 . 2011-05-17 17:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 10:35 . 2012-04-26 07:07 1560 ----a-w- c:\windows\Fonts\SMS2PCErrorLog.txt
2012-07-06 13:58 . 2004-08-03 23:33 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-10-24 17:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-03 23:20 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-03 23:34 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-03 23:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:38 . 2004-08-03 23:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2004-08-03 23:13 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 556376 ----a-w- c:\program\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 556376 ----a-w- c:\program\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 556376 ----a-w- c:\program\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 556376 ----a-w- c:\program\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\steam.exe" [2012-08-06 1353080]
"Logitech Vid"="c:\program\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"GoogleDriveSync"="c:\program\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Net iD"="c:\program\Net iD\iid.exe" [2010-02-01 99640]
"HP Software Update"="c:\program\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"LWS"="c:\program\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Nike+ Connect"="c:\program\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-08-08 70656]
"APSDaemon"="c:\program\Delade filer\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2012-04-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-24 113664]
BankID säkerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2011-7-31 1087896]
hp psc 1000 series.lnk - c:\program\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\steam\\Steam.exe"=
"c:\\Documents and Settings\\Milad\\Lokala inställningar\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program\\DroidCam\\DroidCamApp.exe"=
"c:\\Program\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\steam\\steamapps\\realvenom\\counter-strike\\hl.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
"c:\\Program\\Logitech\\Vid HD\\Vid.exe"=
.
R2 UMVPFSrv;UMVPFSrv;c:\program\Delade filer\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2009-10-24 1310720]
R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2011-06-15 21376]
S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys --> c:\windows\system32\DRIVERS\ext2fs.sys [?]
S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys --> c:\windows\system32\DRIVERS\ifsmount.sys [?]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2009-12-23 135664]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 SkypeUpdate;Skype Updater;c:\program\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 250056]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2011-04-07 32408]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [2009-12-23 135664]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2011-04-07 9216]
S3 qcusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\hwusbser.sys [2011-02-27 105856]
S3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\drivers\zghsdiag.sys [2011-04-07 113432]
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - APPMGMT
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:39]
.
2012-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2010-05-14 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4264284264.job
- c:\program\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2009-12-23 21:36]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2009-12-23 21:36]
.
2012-09-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2012-09-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 64f3b666-89d6-4f9e-b5b5-f99f4211376a.job
- c:\program\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b85da8f6-046d-4b7a-9629-62ef26246363.job
- c:\program\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxp://192.168.0.11/dcsclictrl.cab
DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} - hxxp://www.fujidirekt.se/asp/_upload/activex/imageuploaderactivex.cab
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
HKLM-Run-C6501Sound - c6501.cpl
AddRemove-Raise Data Recovery for XFS_is1 - c:\program\Data Recovery\unins000.exe
AddRemove-unibetpoker (Poker) - c:\microgaming\Poker\unibetpokerMPP\install.exe
AddRemove-GoToMeeting - c:\program\Citrix\GoToMeeting\880\G2MUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Sluttid: 2012-09-03 21:58:09
ComboFix-quarantined-files.txt 2012-09-03 19:57
.
Före genomsökningen: 17 764 757 504 byte ledigt
Efter genomsökningen: 18 501 337 088 byte ledigt
.
WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8EEC722F694802D3C17556E25167CEF6
  • 0

#19
Crowbar
Posted 04 September 2012 - 09:59 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi milad77,
I am a little confused so I would like you to clarify a few things for me.
Why did you uninstall AVG?
You are going to have to run the AVG removal tool to remove any remaining pieces of AVG.
Before you do that, I would like you to download a new anti-virus to your desktop.
You really need to have a decent anti-virus program installed,

You didn't mention if you were able to uninstall the vshare plugin from your control panel.
Are still seeing the advertisements in Internet Explorer?

It would be ok for you to uninstall and reinstall Chrome, there is a good article here about backing up your favorites, you might want to do that before you uninstall it.

Step 1
You need an anti-virus program,
I recommend several free programs,
Avast!
Microsoft Security Essentials (is that the correct language?)
Avira
You only need ONE anti-virus and all three of these are great programs, and easy on the computer resources.
Pick one of them and download the installer to your desktop, don't install it quite yet.

Step 2
Please download and run the AVG removal tool from here
reboot if requested to do so

Step 3
You can now install the anti virus that you downloaded in step 1

Step 4
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 5
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:
  • checkup.txt
  • OTL quick scan log
  • do you have an anti-virus installed now?
  • answers to other questions

  • 0

#20
milad77
Posted 04 September 2012 - 02:34 PM

milad77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Im sorry for the confusion :(

I did mange do uninstall vshare and I dont see the ads anymore.
I have uninstalled chrome now and will install it back again. I will report if everything goes ok.

Why I did uninstall AVG? Well before I did write my post here in Geekstogo.com I did download many antiviruses and malmware programs to get rid of my problem. I did uninstall all of them but I forgott to do so with AVG. I usally dont have any antivirus program on my computer, bad idea since I visit many porn sites :)

But here is the miljon doller question: wich antivirus progam is the best? It doesnt have to be free? And how come no one of the big antiviruses could solve my problem? So I dont have any antivirus program installed yet since I want you to recommend the best for me :)

Here is the logg files but OTL didnt show any extras.txt

OTL logfile created on: 2012-09-04 22:09:51 - Run 5
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Milad\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 79,23% Memory free
4,84 Gb Paging File | 4,40 Gb Available in Paging File | 90,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 149,04 Gb Total Space | 17,18 Gb Free Space | 11,52% Space Free | Partition Type: NTFS
Drive F: | 74,53 Gb Total Space | 48,26 Gb Free Space | 64,75% Space Free | Partition Type: NTFS

Computer Name: MILAD-89686FC7A | User Name: Milad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-29 23:06:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Milad\Skrivbord\OTL.exe
PRC - [2012-07-20 15:17:14 | 012,218,904 | ---- | M] (Google) -- C:\Program\Google\Drive\googledrivesync.exe
PRC - [2012-02-14 23:29:13 | 000,448,592 | ---- | M] (GeekyScott) -- C:\Program\SMS2PC\SMS2PC.exe
PRC - [2012-01-18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011-06-09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Delade filer\Java\Java Update\jucheck.exe
PRC - [2011-06-09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Delade filer\Java\Java Update\jusched.exe
PRC - [2011-02-15 09:39:16 | 000,578,611 | ---- | M] () -- C:\Program\SMS2PC\adb.exe
PRC - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-08-18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-03 23:55:44 | 001,018,368 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\windows._cacheinvalidation.pyd
MOD - [2012-09-03 23:55:44 | 000,792,576 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\wx._gdi_.pyd
MOD - [2012-09-03 23:55:44 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\pysqlite2._sqlite.pyd
MOD - [2012-09-03 23:55:44 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\win32com.shell.shell.pyd
MOD - [2012-09-03 23:55:44 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\pyexpat.pyd
MOD - [2012-09-03 23:55:44 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\win32api.pyd
MOD - [2012-09-03 23:55:44 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\_elementtree.pyd
MOD - [2012-09-03 23:55:44 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\wx._html2.pyd
MOD - [2012-09-03 23:55:44 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\_socket.pyd
MOD - [2012-09-03 23:55:44 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\win32crypt.pyd
MOD - [2012-09-03 23:55:43 | 001,169,408 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\wx._core_.pyd
MOD - [2012-09-03 23:55:43 | 001,056,256 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\wx._controls_.pyd
MOD - [2012-09-03 23:55:43 | 000,807,424 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\wx._windows_.pyd
MOD - [2012-09-03 23:55:43 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\wx._misc_.pyd
MOD - [2012-09-03 23:55:43 | 000,645,120 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\_ssl.pyd
MOD - [2012-09-03 23:55:43 | 000,585,728 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\unicodedata.pyd
MOD - [2012-09-03 23:55:43 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\pythoncom26.dll
MOD - [2012-09-03 23:55:43 | 000,311,808 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\_hashlib.pyd
MOD - [2012-09-03 23:55:43 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\wx._wizard.pyd
MOD - [2012-09-03 23:55:43 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\win32file.pyd
MOD - [2012-09-03 23:55:43 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\PyWinTypes26.dll
MOD - [2012-09-03 23:55:43 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\_ctypes.pyd
MOD - [2012-09-03 23:55:43 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\win32inet.pyd
MOD - [2012-09-03 23:55:43 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\win32process.pyd
MOD - [2012-09-03 23:55:43 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\win32pdh.pyd
MOD - [2012-09-03 23:55:43 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\win32event.pyd
MOD - [2012-09-03 23:55:43 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI34202\select.pyd
MOD - [2012-03-11 14:55:40 | 000,088,656 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2012-01-08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program\FileZilla FTP Client\fzshellext.dll
MOD - [2011-02-15 09:39:16 | 000,578,611 | ---- | M] () -- C:\Program\SMS2PC\adb.exe
MOD - [2009-05-27 23:20:50 | 000,038,424 | ---- | M] () -- C:\Program\EditPlus 3\eppshell.dll
MOD - [2009-05-01 00:31:06 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2009-02-27 19:23:48 | 000,311,296 | ---- | M] () -- C:\Program\Delade filer\Adobe\Acrobat\ActiveX\pdfshell.SVE
MOD - [2007-05-22 11:59:22 | 000,128,512 | ---- | M] () -- C:\Program\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-08-29 15:39:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program\Delade filer\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2003-04-07 22:21:46 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\ifsmount.sys -- (IfsMount)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\ext2fs.sys -- (Ext2fs)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\EAPPkt.sys -- (EAPPkt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Milad\LOKALA~1\Temp\catchme.sys -- (catchme)
DRV - [2012-01-18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012-01-18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-06-15 22:52:42 | 000,021,376 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\droidcam.sys -- (DroidCam)
DRV - [2010-10-20 16:09:28 | 000,009,216 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2010-10-18 14:24:14 | 000,032,408 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2010-10-18 14:12:32 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsdiag.sys -- (zghsdiag)
DRV - [2010-05-07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009-10-24 21:04:16 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009-05-03 23:16:58 | 000,105,856 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hwusbser.sys -- (qcusbser)
DRV - [2007-07-10 09:42:32 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (c65013264)
DRV - [2005-09-30 12:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-09-30 12:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005-08-18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2004-08-13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {4B99678A-87FC-4340-AD79-FFCFA985804B}
IE - HKCU\..\SearchScopes\{4B99678A-87FC-4340-AD79-FFCFA985804B}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Milad\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Milad\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)


[2012-09-03 21:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2012-08-23 19:56:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\mozilla firefox\plugins\npdeployJava1.dll
[2009-01-09 10:57:10 | 000,111,856 | ---- | M] (SecMaker AB) -- C:\Program\mozilla firefox\plugins\npiidplg.dll

========== Chrome ==========

CHR - homepage: http://www.google.se/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.se/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Milad\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Milad\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Net iD (Enabled) = C:\Program\Mozilla Firefox\plugins\npiidplg.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program\Personal\bin\np_prsnl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Open Tennis = C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\akgcgcpodojekcocdiamcenmanalhfmn\1.3_0\
CHR - Extension: 2 wheeler stunt = C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\hepefibopcnpdbkahaopilcdembgkmcb\1.5_0\
CHR - Extension: Open Tennis = C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\akgcgcpodojekcocdiamcenmanalhfmn\1.3_0\
CHR - Extension: 2 wheeler stunt = C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\hepefibopcnpdbkahaopilcdembgkmcb\1.5_0\

O1 HOSTS File: ([2012-09-03 21:56:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program\Delade filer\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] C:\Program\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Net iD] C:\Program\Net iD\iid.exe (SecMaker AB)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Logitech Vid] C:\Program\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Steam] c:\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\hp psc 1000 series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} http://192.168.0.11/dcsclictrl.cab (Camera Stream Client Control Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} http://www.fujidirek...aderactivex.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.255.245.11 193.150.193.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4865552-4657-40E8-826F-E6588CB59E94}: DhcpNameServer = 83.255.245.11 193.150.193.150
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-24 19:41:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-03 22:49:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-09-03 21:42:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-09-03 21:40:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-09-03 21:40:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-09-03 21:40:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-09-03 21:40:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-09-03 21:29:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-03 21:29:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Milad\Start-meny\Program\Administrationsverktyg
[2012-09-03 21:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012-09-03 21:28:23 | 004,742,575 | R--- | C] (Swearware) -- C:\Documents and Settings\Milad\Skrivbord\ComboFix.exe
[2012-08-31 17:09:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-08-29 23:06:33 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Milad\Skrivbord\OTL.exe
[2012-08-29 14:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Application Data\AVG2012
[2012-08-29 01:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Application Data\SUPERAntiSpyware.com
[2012-08-29 01:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012-08-29 01:04:28 | 000,000,000 | ---D | C] -- C:\Program\SUPERAntiSpyware
[2012-08-28 21:55:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012-08-28 17:51:29 | 000,000,000 | ---D | C] -- C:\Program\Yieldmanager Removal Tool
[2012-08-28 17:39:23 | 000,000,000 | ---D | C] -- C:\Program\Trend Micro
[2012-08-28 17:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Start-meny\Program\HiJackThis
[2012-08-28 16:01:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012-08-28 07:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2012-08-28 07:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012-08-27 16:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012-08-27 16:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Downloaded Installations
[2012-08-27 16:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\adawarebp
[2012-08-27 09:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Application Data\Malwarebytes
[2012-08-27 09:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-08-27 08:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Help
[2012-08-21 22:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Application Data\ooVoo Details
[2012-08-21 22:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\APN
[2012-08-18 21:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\PokerStars.EU
[2012-08-18 21:45:47 | 000,000,000 | ---D | C] -- C:\Program\PokerStars.EU

========== Files - Modified Within 30 Days ==========

[2012-09-04 21:38:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-04 21:36:00 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-04 21:36:00 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-04 17:04:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 64f3b666-89d6-4f9e-b5b5-f99f4211376a.job
[2012-09-04 02:00:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b85da8f6-046d-4b7a-9629-62ef26246363.job
[2012-09-03 21:56:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-09-03 21:42:49 | 000,000,437 | RHS- | M] () -- C:\boot.ini
[2012-09-03 21:28:34 | 004,742,575 | R--- | M] (Swearware) -- C:\Documents and Settings\Milad\Skrivbord\ComboFix.exe
[2012-09-03 17:48:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-09-03 11:18:12 | 000,000,489 | ---- | M] () -- C:\WINDOWS\System\C6501.ini
[2012-09-03 02:43:33 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Milad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-09-03 01:08:09 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012-09-03 01:07:48 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-09-03 01:07:31 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012-09-03 01:07:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-09-01 03:19:57 | 000,002,360 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\Google Chrome (2).lnk
[2012-08-30 22:03:05 | 000,511,265 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\adwcleaner.exe
[2012-08-30 00:24:45 | 000,451,975 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\tavla.jpg
[2012-08-29 23:06:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Milad\Skrivbord\OTL.exe
[2012-08-29 18:26:49 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Adobe Reader 9.lnk
[2012-08-29 13:49:25 | 000,174,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-08-29 12:23:17 | 000,112,568 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\lunch.pdf
[2012-08-29 08:36:46 | 000,028,494 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\Bookmarks
[2012-08-29 03:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-08-29 01:04:33 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\SUPERAntiSpyware Free Edition.lnk
[2012-08-28 23:18:48 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Milad\Application Data\Microsoft\Internet Explorer\Quick Launch\Starta webbläsaren Internet Explorer.lnk
[2012-08-28 17:39:27 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\HiJackThis.lnk
[2012-08-28 17:36:55 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\HiJackThis.msi
[2012-08-28 17:08:15 | 000,435,010 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2012-08-28 17:08:15 | 000,432,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-08-28 17:08:15 | 000,079,216 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2012-08-28 17:08:15 | 000,067,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-08-28 16:58:30 | 000,157,790 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\bookmark.htm
[2012-08-27 09:50:51 | 000,208,507 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\census.cache
[2012-08-27 09:50:49 | 000,188,632 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\ars.cache
[2012-08-26 01:43:37 | 000,041,998 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\konst.jpg
[2012-08-26 01:37:35 | 000,051,420 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\opera.jpg
[2012-08-26 01:37:22 | 000,099,161 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\Opera 2012-2013.jpg
[2012-08-22 20:28:34 | 002,947,570 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\srecko.jpg
[2012-08-16 08:39:48 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012-08-14 21:36:37 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-10 21:58:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012-09-04 22:04:18 | 000,028,494 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\Bookmarks
[2012-09-03 21:42:49 | 000,000,321 | ---- | C] () -- C:\Boot.bak
[2012-09-03 21:42:46 | 000,260,784 | RHS- | C] () -- C:\cmldr
[2012-09-03 21:40:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-09-03 21:40:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-09-03 21:40:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-09-03 21:40:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-09-03 21:40:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-08-31 18:25:57 | 000,002,360 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\Google Chrome (2).lnk
[2012-08-30 22:03:05 | 000,511,265 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\adwcleaner.exe
[2012-08-30 00:24:45 | 000,451,975 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\tavla.jpg
[2012-08-29 18:26:49 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Adobe Reader 9.lnk
[2012-08-29 12:23:17 | 000,112,568 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\lunch.pdf
[2012-08-29 01:04:41 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b85da8f6-046d-4b7a-9629-62ef26246363.job
[2012-08-29 01:04:41 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 64f3b666-89d6-4f9e-b5b5-f99f4211376a.job
[2012-08-29 01:04:33 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\SUPERAntiSpyware Free Edition.lnk
[2012-08-28 17:39:23 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\HiJackThis.lnk
[2012-08-28 17:36:38 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\HiJackThis.msi
[2012-08-28 16:58:29 | 000,157,790 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\bookmark.htm
[2012-08-26 01:43:46 | 000,041,998 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\konst.jpg
[2012-08-26 01:37:39 | 000,051,420 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\opera.jpg
[2012-08-26 01:37:26 | 000,099,161 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\Opera 2012-2013.jpg
[2012-08-22 20:28:32 | 002,947,570 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\srecko.jpg
[2012-08-22 20:10:52 | 001,396,296 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\DSC00092.JPG
[2012-08-16 08:39:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012-07-22 23:58:42 | 000,208,507 | ---- | C] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\census.cache
[2012-07-22 23:58:40 | 000,188,632 | ---- | C] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\ars.cache
[2012-07-22 23:52:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\housecall.guid.cache
[2012-05-27 02:03:26 | 000,000,205 | -HS- | C] () -- C:\Documents and Settings\Milad\.ufsxsci.hbin
[2012-05-24 17:21:32 | 000,088,656 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012-05-11 14:12:16 | 005,584,046 | ---- | C] () -- C:\Program\FileZilla FTP Client.rar
[2012-02-15 09:17:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-08-12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011-06-15 22:56:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2011-04-07 19:22:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Encrypt.dll
[2011-04-07 19:22:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\zdlcsv.ds.dll
[2011-04-07 19:22:23 | 000,000,112 | ---- | C] () -- C:\WINDOWS\System32\Sales_MultiDL_MSM7227_V1.00.01.ini
[2011-04-07 19:22:15 | 000,578,611 | ---- | C] () -- C:\WINDOWS\adb.exe
[2011-04-07 19:22:14 | 000,000,022 | ---- | C] () -- C:\WINDOWS\sysdt.dll
[2011-01-14 20:59:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011-01-08 16:58:07 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Milad\.java.policy
[2010-11-10 04:45:32 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010-11-10 04:45:30 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010-11-10 04:45:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010-11-10 04:31:42 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010-02-26 00:01:54 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Milad\Application Data\fontdb.mdb
[2009-10-25 00:43:14 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009-11-06 11:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2011-06-16 08:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012-08-29 18:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2009-11-04 19:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-02-26 02:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2011-06-16 07:46:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009-11-01 02:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012-08-28 07:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2009-12-27 11:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012-07-11 22:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2012-03-25 19:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike
[2009-12-27 11:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012-06-20 12:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\4D
[2011-01-08 16:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Agency9
[2011-06-16 08:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\AVG10
[2012-08-29 14:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\AVG2012
[2010-02-26 00:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\BorWare
[2010-08-02 21:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\DesktopMirror
[2012-09-03 22:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\EditPlus 3
[2012-09-04 22:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\FileZilla
[2010-02-05 11:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Free YouTube to Mp3 Wma Converter
[2009-11-06 11:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\iid
[2011-09-09 13:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Leadertech
[2011-09-14 12:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\LEAPS
[2012-07-22 22:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Microgaming
[2009-12-27 11:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Nokia
[2012-08-21 22:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\ooVoo Details
[2009-12-27 11:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\PC Suite
[2011-09-14 12:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Pegasys Inc
[2009-11-11 14:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Personal
[2011-12-19 01:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\TeamViewer
[2010-05-14 23:25:03 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1264284264.job
[2012-09-03 01:07:31 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2012-09-04 17:04:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 64f3b666-89d6-4f9e-b5b5-f99f4211376a.job
[2012-09-04 02:00:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b85da8f6-046d-4b7a-9629-62ef26246363.job

========== Purity Check ==========



< End of report >




Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
  • 0

#21
milad77
Posted 04 September 2012 - 03:00 PM

milad77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I have Chrome and its working fineeeeeeeeee :)
  • 0

#22
Crowbar
Posted 05 September 2012 - 09:14 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi -
Sorry if I was confused, I get to that state very easily :)

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
Please go to your Control Panel, then to Add\Remove Programs, and remove all the listings for Java
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

Your Adobe Reader is out of date,
Update the Adobe Reader
The Adobe Reader is often updated to fix known security flaws so it is recommended that you update your copy

  • Go to Start > Control Panel > Add/Remove Programs
  • Remove any install of Adobe Reader that you may see
  • Re-boot your computer if required.
  • Once ALL versions of Adobe Reader have been uninstalled, please go to: http://get.adobe.com/reader/ to download and install the latest version of Adobe Reader

Now for your anti-virus,
Did you run the AVG removal tool? AVG is not fully uninstalled until the tool is run. I would like to make sure that you ran it before we are done here.
I recommend for a PAID anti-virus Avast! Pro or Avast! Internet Security from here
Good product and light on your computer resources.
For a free anti-virus, I recommend any of these three:
Avast! free
Microsoft Security Essentials - I think I previously gave you a link in the correct language, please forgive me if it's not.
Avira
Myself, I use Microsoft Security Essentials, there is no "paid" version of it, and it's very light on the computers resources.
Avast is a favorite of this community, and they do some very good work in the security field.
Please remember that you need only ONE anti-virus, and more is not better in this case.

No anti-virus program is going to protect you from everything, especially the newest infections. However a proper AV will protect you from all of the older infections.
The best way to keep from getting infected is to use your head. Be careful of the links you click on. Be careful of attachments you receive via email.
Install WOT (Web Of Trust) in your browswers that support it. Install spywareblaster. Spywareblaster prevents your browser from going to known bad websites. Consider using the MVPS hosts file . Those that use torrent sites are asking for trouble, most of the programs distributed are infected with all sorts of nasty malware, and sometimes the websites that allow you to search for torrents will try to infect you via a drive-by. Unfortunately, many porn sites operate the same way.

Please let me know your status on the AVG removal tool, and installing an anti-virus, and then I can remove my tools and send you on your way :)
  • 0

#23
milad77
Posted 06 September 2012 - 12:22 PM

milad77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I did upgrade Java and Acrobat reader but when I did restart my computer, guess what?? FFFF Yield ads again!!!!!! Please somebody shoot me!!
  • 0

#24
milad77
Posted 06 September 2012 - 12:22 PM

milad77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I havnt had the chance to install an AV yet :(
  • 0

#25
Crowbar
Posted 06 September 2012 - 12:55 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts

I did upgrade Java and Acrobat reader but when I did restart my computer, guess what?? FFFF Yield ads again!!!!!! Please somebody shoot me!!


Hate it when that happens :angry:

Can you run an OTL quick scan for me again?
  • 0

Advertisements

#26
milad77
Posted 06 September 2012 - 01:43 PM

milad77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here it is. Everytime I open Chrome another tab opens besides my startpage and its Babylon search :(


OTL logfile created on: 2012-09-06 21:37:28 - Run 6
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Milad\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 81,52% Memory free
4,84 Gb Paging File | 3,97 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 149,04 Gb Total Space | 17,02 Gb Free Space | 11,42% Space Free | Partition Type: NTFS
Drive F: | 74,53 Gb Total Space | 48,26 Gb Free Space | 64,75% Space Free | Partition Type: NTFS

Computer Name: MILAD-89686FC7A | User Name: Milad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-06 11:33:02 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program\Java\jre7\bin\jqs.exe
PRC - [2012-08-29 23:06:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Milad\Skrivbord\OTL.exe
PRC - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-08-08 21:04:06 | 000,070,656 | ---- | M] (Nike) -- C:\Program\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2012-07-20 15:17:14 | 012,218,904 | ---- | M] (Google) -- C:\Program\Google\Drive\googledrivesync.exe
PRC - [2012-07-03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Delade filer\Java\Java Update\jusched.exe
PRC - [2012-01-18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011-11-11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011-07-31 21:15:48 | 001,087,896 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe
PRC - [2010-10-29 22:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\Vid HD\Vid.exe
PRC - [2010-02-01 13:39:54 | 000,099,640 | ---- | M] (SecMaker AB) -- C:\Program\Net iD\iid.exe
PRC - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-08-18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-04-09 19:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003-04-09 18:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003-04-09 18:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-06 11:37:04 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\_elementtree.pyd
MOD - [2012-09-06 11:37:03 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\pysqlite2._sqlite.pyd
MOD - [2012-09-06 11:37:03 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\win32com.shell.shell.pyd
MOD - [2012-09-06 11:37:03 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\win32api.pyd
MOD - [2012-09-06 11:37:03 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\wx._html2.pyd
MOD - [2012-09-06 11:37:03 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\_socket.pyd
MOD - [2012-09-06 11:37:02 | 000,792,576 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\wx._gdi_.pyd
MOD - [2012-09-06 11:37:02 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\pyexpat.pyd
MOD - [2012-09-06 11:37:02 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\win32crypt.pyd
MOD - [2012-09-06 11:37:01 | 001,018,368 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\windows._cacheinvalidation.pyd
MOD - [2012-09-06 11:37:00 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\pythoncom26.dll
MOD - [2012-09-06 11:37:00 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\_ctypes.pyd
MOD - [2012-09-06 11:36:59 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\wx._misc_.pyd
MOD - [2012-09-06 11:36:58 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\PyWinTypes26.dll
MOD - [2012-09-06 11:36:57 | 000,645,120 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\_ssl.pyd
MOD - [2012-09-06 11:36:56 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\win32process.pyd
MOD - [2012-09-06 11:36:56 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\win32pdh.pyd
MOD - [2012-09-06 11:36:55 | 001,169,408 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\wx._core_.pyd
MOD - [2012-09-06 11:36:53 | 000,807,424 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\wx._windows_.pyd
MOD - [2012-09-06 11:36:53 | 000,311,808 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\_hashlib.pyd
MOD - [2012-09-06 11:36:51 | 001,056,256 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\wx._controls_.pyd
MOD - [2012-09-06 11:36:51 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\wx._wizard.pyd
MOD - [2012-09-06 11:36:51 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\win32file.pyd
MOD - [2012-09-06 11:36:51 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\win32inet.pyd
MOD - [2012-09-06 11:36:49 | 000,585,728 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\unicodedata.pyd
MOD - [2012-09-06 11:36:49 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\win32event.pyd
MOD - [2012-09-06 11:36:48 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\temp\_MEI21402\select.pyd
MOD - [2012-03-11 14:55:40 | 000,088,656 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2012-01-08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program\FileZilla FTP Client\fzshellext.dll
MOD - [2011-02-26 21:01:48 | 000,163,840 | ---- | M] () -- C:\Program\DroidCam\lib\DroidCam.dll
MOD - [2010-10-29 22:02:38 | 000,751,616 | ---- | M] () -- C:\Program\Logitech\Vid HD\vpxmd.dll
MOD - [2010-10-29 22:01:30 | 000,027,472 | ---- | M] () -- C:\Program\Logitech\Vid HD\SDL.dll
MOD - [2010-05-07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010-05-07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010-05-07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010-05-07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010-05-07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009-04-22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009-04-10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program\Logitech\Vid HD\QtCore4.dll
MOD - [2009-03-04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009-03-04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009-03-04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009-03-04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009-03-04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program\Logitech\Vid HD\QtXml4.dll
MOD - [2009-03-04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program\Logitech\Vid HD\QtSql4.dll
MOD - [2009-03-04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009-03-04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program\Logitech\Vid HD\QtGui4.dll
MOD - [2009-03-04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program\Logitech\Vid HD\phonon4.dll
MOD - [2008-04-14 18:04:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-09-06 11:33:02 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-08-29 15:39:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program\Delade filer\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2003-04-07 22:21:46 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\ifsmount.sys -- (IfsMount)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\ext2fs.sys -- (Ext2fs)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\EAPPkt.sys -- (EAPPkt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Milad\LOKALA~1\Temp\catchme.sys -- (catchme)
DRV - [2012-01-18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012-01-18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-06-15 22:52:42 | 000,021,376 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\droidcam.sys -- (DroidCam)
DRV - [2010-10-20 16:09:28 | 000,009,216 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2010-10-18 14:24:14 | 000,032,408 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2010-10-18 14:12:32 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsdiag.sys -- (zghsdiag)
DRV - [2010-05-07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009-10-24 21:04:16 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009-05-03 23:16:58 | 000,105,856 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hwusbser.sys -- (qcusbser)
DRV - [2007-07-10 09:42:32 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (c65013264)
DRV - [2005-09-30 12:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-09-30 12:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005-08-18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2004-08-13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {4B99678A-87FC-4340-AD79-FFCFA985804B}
IE - HKCU\..\SearchScopes\{4B99678A-87FC-4340-AD79-FFCFA985804B}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Milad\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Milad\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)


[2012-09-03 21:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2012-08-23 19:56:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\mozilla firefox\plugins\npdeployJava1.dll
[2009-01-09 10:57:10 | 000,111,856 | ---- | M] (SecMaker AB) -- C:\Program\mozilla firefox\plugins\npiidplg.dll

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Milad\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Milad\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Milad\Lokala inst\u00E4llningar\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program\Personal\bin\np_prsnl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: S\u00F6k p\u00E5 Google = C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: S\u00F6k p\u00E5 Google = C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-09-03 21:56:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program\Delade filer\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] C:\Program\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Net iD] C:\Program\Net iD\iid.exe (SecMaker AB)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Logitech Vid] C:\Program\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Steam] c:\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\hp psc 1000 series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} http://192.168.0.11/dcsclictrl.cab (Camera Stream Client Control Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} http://www.fujidirek...aderactivex.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.255.245.11 193.150.193.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4865552-4657-40E8-826F-E6588CB59E94}: DhcpNameServer = 83.255.245.11 193.150.193.150
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-24 19:41:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-06 11:33:26 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Java
[2012-09-04 22:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Start-meny\Program\Google Chrome
[2012-09-03 22:49:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-09-03 21:42:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-09-03 21:40:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-09-03 21:40:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-09-03 21:40:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-09-03 21:40:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-09-03 21:29:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-03 21:29:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Milad\Start-meny\Program\Administrationsverktyg
[2012-09-03 21:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012-09-03 21:28:23 | 004,742,575 | R--- | C] (Swearware) -- C:\Documents and Settings\Milad\Skrivbord\ComboFix.exe
[2012-08-31 17:09:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-08-29 23:06:33 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Milad\Skrivbord\OTL.exe
[2012-08-29 14:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Application Data\AVG2012
[2012-08-29 01:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Application Data\SUPERAntiSpyware.com
[2012-08-29 01:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012-08-29 01:04:28 | 000,000,000 | ---D | C] -- C:\Program\SUPERAntiSpyware
[2012-08-28 21:55:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012-08-28 17:51:29 | 000,000,000 | ---D | C] -- C:\Program\Yieldmanager Removal Tool
[2012-08-28 17:39:23 | 000,000,000 | ---D | C] -- C:\Program\Trend Micro
[2012-08-28 17:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Start-meny\Program\HiJackThis
[2012-08-28 16:01:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012-08-28 07:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2012-08-28 07:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012-08-27 16:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012-08-27 16:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Downloaded Installations
[2012-08-27 16:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\adawarebp
[2012-08-27 09:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Application Data\Malwarebytes
[2012-08-27 09:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-08-27 08:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\Help
[2012-08-21 22:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Application Data\ooVoo Details
[2012-08-21 22:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\APN
[2012-08-18 21:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\PokerStars.EU
[2012-08-18 21:45:47 | 000,000,000 | ---D | C] -- C:\Program\PokerStars.EU

========== Files - Modified Within 30 Days ==========

[2012-09-06 21:38:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-06 21:36:00 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-06 21:36:00 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-06 17:04:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 64f3b666-89d6-4f9e-b5b5-f99f4211376a.job
[2012-09-06 11:36:50 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-09-06 11:36:34 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012-09-06 11:36:08 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012-09-06 11:35:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-09-06 09:44:44 | 000,034,282 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\Showerama_8-5.jpg
[2012-09-06 02:00:05 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b85da8f6-046d-4b7a-9629-62ef26246363.job
[2012-09-05 12:04:15 | 000,057,448 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\Birds_dusch.jpg
[2012-09-04 23:36:22 | 000,069,927 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\vanadis.jpg
[2012-09-04 23:10:24 | 000,201,860 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\11.jpg
[2012-09-04 22:56:48 | 000,379,780 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\Ultra-Tan-Tower-of-Power.jpg
[2012-09-04 22:35:20 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Milad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-09-04 22:21:29 | 000,854,156 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\SecurityCheck.exe
[2012-09-03 21:56:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-09-03 21:42:49 | 000,000,437 | RHS- | M] () -- C:\boot.ini
[2012-09-03 21:28:34 | 004,742,575 | R--- | M] (Swearware) -- C:\Documents and Settings\Milad\Skrivbord\ComboFix.exe
[2012-09-03 17:48:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-09-03 11:18:12 | 000,000,489 | ---- | M] () -- C:\WINDOWS\System\C6501.ini
[2012-08-30 22:03:05 | 000,511,265 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\adwcleaner.exe
[2012-08-29 23:06:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Milad\Skrivbord\OTL.exe
[2012-08-29 13:49:25 | 000,174,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-08-29 12:23:17 | 000,112,568 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\lunch.pdf
[2012-08-29 08:36:46 | 000,028,494 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\Bookmarks
[2012-08-29 03:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-08-29 01:04:33 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\SUPERAntiSpyware Free Edition.lnk
[2012-08-28 23:18:48 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Milad\Application Data\Microsoft\Internet Explorer\Quick Launch\Starta webbläsaren Internet Explorer.lnk
[2012-08-28 17:39:27 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\HiJackThis.lnk
[2012-08-28 17:36:55 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\HiJackThis.msi
[2012-08-28 17:08:15 | 000,435,010 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2012-08-28 17:08:15 | 000,432,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-08-28 17:08:15 | 000,079,216 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2012-08-28 17:08:15 | 000,067,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-08-28 16:58:30 | 000,157,790 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\bookmark.htm
[2012-08-27 09:50:51 | 000,208,507 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\census.cache
[2012-08-27 09:50:49 | 000,188,632 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\ars.cache
[2012-08-26 01:43:37 | 000,041,998 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\konst.jpg
[2012-08-26 01:37:35 | 000,051,420 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\opera.jpg
[2012-08-26 01:37:22 | 000,099,161 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\Opera 2012-2013.jpg
[2012-08-22 20:28:34 | 002,947,570 | ---- | M] () -- C:\Documents and Settings\Milad\Skrivbord\srecko.jpg
[2012-08-16 08:39:48 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012-08-14 21:36:37 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-10 21:58:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012-09-06 09:44:50 | 000,034,282 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\Showerama_8-5.jpg
[2012-09-05 12:04:19 | 000,057,448 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\Birds_dusch.jpg
[2012-09-04 23:36:21 | 000,069,927 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\vanadis.jpg
[2012-09-04 22:56:53 | 000,379,780 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\Ultra-Tan-Tower-of-Power.jpg
[2012-09-04 22:35:20 | 000,002,316 | ---- | C] () -- C:\Documents and Settings\Milad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-09-04 22:21:26 | 000,854,156 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\SecurityCheck.exe
[2012-09-04 22:04:18 | 000,028,494 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\Bookmarks
[2012-09-03 21:42:49 | 000,000,321 | ---- | C] () -- C:\Boot.bak
[2012-09-03 21:42:46 | 000,260,784 | RHS- | C] () -- C:\cmldr
[2012-09-03 21:40:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-09-03 21:40:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-09-03 21:40:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-09-03 21:40:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-09-03 21:40:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-08-30 22:03:05 | 000,511,265 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\adwcleaner.exe
[2012-08-29 12:23:17 | 000,112,568 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\lunch.pdf
[2012-08-29 01:04:41 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b85da8f6-046d-4b7a-9629-62ef26246363.job
[2012-08-29 01:04:41 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 64f3b666-89d6-4f9e-b5b5-f99f4211376a.job
[2012-08-29 01:04:33 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\SUPERAntiSpyware Free Edition.lnk
[2012-08-28 17:39:23 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\HiJackThis.lnk
[2012-08-28 17:36:38 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\HiJackThis.msi
[2012-08-28 16:58:29 | 000,157,790 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\bookmark.htm
[2012-08-26 01:43:46 | 000,041,998 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\konst.jpg
[2012-08-26 01:37:39 | 000,051,420 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\opera.jpg
[2012-08-26 01:37:26 | 000,099,161 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\Opera 2012-2013.jpg
[2012-08-22 20:28:32 | 002,947,570 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\srecko.jpg
[2012-08-22 20:10:52 | 001,396,296 | ---- | C] () -- C:\Documents and Settings\Milad\Skrivbord\DSC00092.JPG
[2012-08-16 08:39:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012-07-22 23:58:42 | 000,208,507 | ---- | C] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\census.cache
[2012-07-22 23:58:40 | 000,188,632 | ---- | C] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\ars.cache
[2012-07-22 23:52:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\housecall.guid.cache
[2012-05-27 02:03:26 | 000,000,205 | -HS- | C] () -- C:\Documents and Settings\Milad\.ufsxsci.hbin
[2012-05-24 17:21:32 | 000,088,656 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012-05-11 14:12:16 | 005,584,046 | ---- | C] () -- C:\Program\FileZilla FTP Client.rar
[2012-02-15 09:17:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-08-12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011-06-15 22:56:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2011-04-07 19:22:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Encrypt.dll
[2011-04-07 19:22:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\zdlcsv.ds.dll
[2011-04-07 19:22:23 | 000,000,112 | ---- | C] () -- C:\WINDOWS\System32\Sales_MultiDL_MSM7227_V1.00.01.ini
[2011-04-07 19:22:15 | 000,578,611 | ---- | C] () -- C:\WINDOWS\adb.exe
[2011-04-07 19:22:14 | 000,000,022 | ---- | C] () -- C:\WINDOWS\sysdt.dll
[2011-01-14 20:59:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011-01-08 16:58:07 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Milad\.java.policy
[2010-11-10 04:45:32 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010-11-10 04:45:30 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010-11-10 04:45:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010-11-10 04:31:42 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010-02-26 00:01:54 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Milad\Application Data\fontdb.mdb
[2009-10-25 00:43:14 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\Milad\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009-11-06 11:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2011-06-16 08:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012-08-29 18:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2009-11-04 19:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-02-26 02:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2011-06-16 07:46:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009-11-01 02:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012-08-28 07:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2009-12-27 11:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012-07-11 22:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2012-03-25 19:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike
[2009-12-27 11:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012-06-20 12:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\4D
[2011-01-08 16:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Agency9
[2011-06-16 08:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\AVG10
[2012-08-29 14:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\AVG2012
[2010-02-26 00:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\BorWare
[2010-08-02 21:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\DesktopMirror
[2012-09-04 23:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\EditPlus 3
[2012-09-06 11:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\FileZilla
[2010-02-05 11:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Free YouTube to Mp3 Wma Converter
[2009-11-06 11:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\iid
[2011-09-09 13:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Leadertech
[2011-09-14 12:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\LEAPS
[2012-07-22 22:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Microgaming
[2009-12-27 11:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Nokia
[2012-08-21 22:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\ooVoo Details
[2009-12-27 11:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\PC Suite
[2011-09-14 12:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Pegasys Inc
[2009-11-11 14:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\Personal
[2011-12-19 01:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milad\Application Data\TeamViewer
[2010-05-14 23:25:03 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1264284264.job
[2012-09-06 11:36:08 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2012-09-06 17:04:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 64f3b666-89d6-4f9e-b5b5-f99f4211376a.job
[2012-09-06 02:00:05 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b85da8f6-046d-4b7a-9629-62ef26246363.job

========== Purity Check ==========



< End of report >
  • 0

#27
Crowbar
Posted 07 September 2012 - 08:38 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi,
Would you please install the anti-virus program that you have chosen to you and then:

Start Chrome and click the wrench icon tools menu on the browser toolbar. Posted Image
Select Settings.
Click Show advanced settings.
In the "Privacy" section, click the Content settings button.
In the "Cookies" section, you can change the following cookies settings:

Delete cookies
Click All cookies and site data to open the Cookies and Other Data dialog.
To delete all cookies, click Remove all at the bottom of the dialog.

Next after you have removed the cookies:


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that.
  • 0

#28
milad77
Posted 07 September 2012 - 09:24 AM

milad77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
# AdwCleaner v2.000 - Logfile created 09/07/2012 at 17:22:01
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Milad - MILAD-89686FC7A
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Milad\Skrivbord\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5145 octets] - [30/08/2012 22:04:00]
AdwCleaner[S1].txt - [5490 octets] - [30/08/2012 22:04:17]
AdwCleaner[R2].txt - [659 octets] - [07/09/2012 17:22:01]

########## EOF - C:\AdwCleaner[R2].txt - [718 octets] ##########
  • 0

#29
milad77
Posted 07 September 2012 - 09:25 AM

milad77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I had to turn off Avast to run adwcleaner.
  • 0

#30
milad77
Posted 07 September 2012 - 09:44 AM

milad77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry, here is the result when I did click the delete button (not only search like before).

# AdwCleaner v2.000 - Logfile created 09/07/2012 at 17:25:43
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Milad - MILAD-89686FC7A
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Milad\Skrivbord\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[R1].txt - [5145 octets] - [30/08/2012 22:04:00]
AdwCleaner[S1].txt - [5490 octets] - [30/08/2012 22:04:17]
AdwCleaner[R2].txt - [786 octets] - [07/09/2012 17:22:01]
AdwCleaner[S2].txt - [869 octets] - [07/09/2012 17:25:43]

########## EOF - C:\AdwCleaner[S2].txt - [928 octets] ##########
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP