Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I can't remove a Trojan Gen. 2 [Solved]


  • This topic is locked This topic is locked

#16
hile

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OTL logfile created on: 5.12.2012 8:08:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hilkka\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040B | Country: Finland | Language: FIN | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,72% Memory free
3,98 Gb Paging File | 1,88 Gb Available in Paging File | 47,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,43 Gb Total Space | 147,45 Gb Free Space | 69,74% Space Free | Partition Type: NTFS
Drive D: | 21,16 Gb Total Space | 3,08 Gb Free Space | 14,56% Space Free | Partition Type: NTFS
Drive E: | 99,18 Mb Total Space | 89,04 Mb Free Space | 89,78% Space Free | Partition Type: FAT32

Computer Name: HPMINI | User Name: Hilkka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.01 21:44:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hilkka\Downloads\OTL.exe
PRC - [2012.10.06 17:01:48 | 003,084,176 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012.08.21 14:43:58 | 000,105,120 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hilkka\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.11.01 21:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.28 15:51:44 | 000,007,680 | ---- | M] (winreview.ru) -- C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe
PRC - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 17:01:02 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:01:02 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.09 15:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010.11.09 15:39:46 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010.11.09 15:39:44 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010.11.09 15:39:44 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010.11.09 15:39:44 | 000,353,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe
PRC - [2010.11.09 15:39:42 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010.11.09 15:39:42 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2010.11.09 15:39:38 | 000,159,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
PRC - [2010.08.24 02:06:58 | 000,584,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.08.24 02:06:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.08.06 04:50:56 | 000,210,488 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010.08.03 02:32:34 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010.08.03 02:32:32 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010.08.03 02:32:28 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2010.07.21 23:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010.06.18 00:07:32 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.06.08 19:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
PRC - [2010.02.17 09:53:18 | 001,422,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
PRC - [2010.02.17 09:53:18 | 000,484,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.16 03:41:14 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012.11.16 03:39:06 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.08.31 12:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.04.24 00:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.03.22 00:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.02.11 01:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012.01.04 12:42:39 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.12.25 22:42:15 | 005,255,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 03:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.11.04 00:48:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.06 17:01:48 | 003,084,176 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.07.03 11:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.28 15:51:44 | 000,007,680 | ---- | M] (winreview.ru) [Auto | Running] -- C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe -- (persdwmsrv)
SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010.11.09 15:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010.11.09 15:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010.11.09 15:39:44 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010.11.09 15:39:44 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010.11.09 15:39:42 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010.08.24 02:06:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.08.06 04:50:56 | 000,210,488 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.08.03 02:32:32 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.08.03 02:32:28 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2010.07.21 23:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.17 11:28:56 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.17 11:28:56 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.008\NAVENG.SYS -- (NAVENG)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.09 10:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 10:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.04.30 17:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011.12.16 20:17:21 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.05.19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.09 15:39:50 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010.11.09 15:39:50 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010.11.09 15:39:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010.11.09 15:39:36 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010.08.03 02:32:34 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.11.11 22:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.07.24 13:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPMTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPMTDF
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes,DefaultScope = {A80A8FEF-AE11-4269-98FE-F80BD7B4A47A}
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{A80A8FEF-AE11-4269-98FE-F80BD7B4A47A}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{DF7A7A83-AB17-419D-A0C4-67CA3F49D6FC}: "URL" = http://websearch.ask...D5-1D72DB63A548
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "https://moodle.helsinki.fi/my/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hilkka\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hilkka\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011.11.22 17:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 00:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.07.13 15:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.24 12:24:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 00:48:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.07.13 15:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Extensions
[2012.07.13 15:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012.12.03 18:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions
[2012.07.13 15:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Sunbird\Profiles\1umhuynu.default\extensions
[2012.01.03 14:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Hilkka\AppData\Roaming\mozilla\firefox\profiles\1isdl4ir.default\searchplugins\askcom.xml
[2012.11.04 00:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.04 00:48:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.04 00:48:26 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://encrypted.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://encrypted.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-haku = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google-kalenteri = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.3.1_0\
CHR - Extension: Gmail = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000..\Run: [Syncables] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hilkka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hilkka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Hilkka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Cake%20Mania%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC8009A-8F69-48A7-A139-0BA08E20E51A}: DhcpNameServer = 192.168.136.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42B1DCF8-624D-440C-9326-34519D2100EA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ac17726-2ecf-11e1-b62b-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac17726-2ecf-11e1-b62b-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ac1772b-2ecf-11e1-b62b-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac1772b-2ecf-11e1-b62b-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{60ccdf77-2aaf-11e1-b6c5-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{60ccdf77-2aaf-11e1-b6c5-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{60ccdf7c-2aaf-11e1-b6c5-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{60ccdf7c-2aaf-11e1-b6c5-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{af896153-1094-11e2-acfb-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{af896153-1094-11e2-acfb-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce35c1ea-0220-11e1-9922-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{ce35c1ea-0220-11e1-9922-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce35c1f2-0220-11e1-9922-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{ce35c1f2-0220-11e1-9922-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.03 18:37:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.01 22:31:01 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Hilkka\Desktop\aswMBR (1).exe
[2012.11.30 21:59:45 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\Desktop\RK_Quarantine
[2012.11.30 21:22:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.11.28 21:07:14 | 000,257,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012.11.28 20:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.11.28 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.11.28 19:57:07 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\Documents\Anti-Malware
[2012.11.27 18:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Filseclab
[2012.11.26 17:21:13 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\AppData\Roaming\Malwarebytes
[2012.11.26 17:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.26 17:20:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.26 17:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.26 17:18:42 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hilkka\Desktop\mbam-setup.exe
[2012.11.26 17:16:13 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Hilkka\Desktop\rkill.com
[2012.11.25 11:53:36 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\AppData\Roaming\SPE
[2012.11.22 19:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012.11.22 19:02:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.22 18:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012.11.18 20:45:20 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2012.11.18 20:45:20 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2012.11.18 20:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2012.11.18 20:45:19 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2012.11.18 20:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.11.18 20:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Mechanic
[2 C:\Users\Hilkka\Desktop\*.tmp files -> C:\Users\Hilkka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.05 08:23:44 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1032965959-4215194031-2116070490-1000UA.job
[2012.12.05 08:01:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.04 20:17:56 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012.12.04 18:27:31 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1032965959-4215194031-2116070490-1000Core.job
[2012.12.04 18:25:21 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHPMINI$.job
[2012.12.03 21:29:40 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 21:29:40 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 21:28:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.03 21:28:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.03 21:22:59 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012.12.03 21:20:47 | 000,655,360 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.12.03 21:19:08 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.02 13:19:31 | 000,000,512 | ---- | M] () -- C:\Users\Hilkka\Desktop\MBR.dat
[2012.12.01 22:31:46 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Hilkka\Desktop\aswMBR (1).exe
[2012.11.30 21:27:38 | 338,791,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.28 21:07:14 | 000,257,928 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012.11.28 21:07:14 | 000,000,036 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\housecall.guid.cache
[2012.11.28 20:07:17 | 000,001,037 | ---- | M] () -- C:\Users\Hilkka\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012.11.28 20:07:16 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.11.26 17:21:04 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.26 17:19:45 | 010,669,896 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hilkka\Desktop\mbam-setup.exe
[2012.11.26 17:16:22 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Hilkka\Desktop\rkill.com
[2012.11.25 12:16:50 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHilkka.job
[2012.11.22 19:07:32 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012.11.16 03:37:21 | 000,436,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\Hilkka\Desktop\*.tmp files -> C:\Users\Hilkka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.02 00:37:41 | 000,000,512 | ---- | C] () -- C:\Users\Hilkka\Desktop\MBR.dat
[2012.11.30 21:22:05 | 338,791,328 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.28 21:07:14 | 000,000,036 | ---- | C] () -- C:\Users\Hilkka\AppData\Local\housecall.guid.cache
[2012.11.28 20:07:17 | 000,001,037 | ---- | C] () -- C:\Users\Hilkka\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012.11.28 20:07:16 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.11.26 17:21:03 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.22 19:24:54 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHilkka.job
[2012.11.22 19:07:32 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012.11.19 20:53:07 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012.11.18 20:46:02 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2012.11.18 20:45:19 | 000,038,560 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.11.15 15:47:24 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 15:44:15 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.08.13 20:54:21 | 000,000,035 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.10.30 15:16:05 | 000,070,667 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011.08.09 14:23:24 | 000,000,128 | ---- | C] () -- C:\Users\Hilkka\AppData\Local\mv_Photo.xml
[2011.08.09 14:23:24 | 000,000,119 | ---- | C] () -- C:\Users\Hilkka\AppData\Local\mv_music.xml
[2011.04.02 19:28:59 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.02 19:23:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.04.02 19:22:47 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2011.04.02 19:22:47 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.07.30 14:45:27 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\8floor
[2011.10.30 15:19:58 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Birdstep Technology
[2012.12.05 08:47:00 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Dropbox
[2012.03.13 08:43:27 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Feedreader
[2012.08.14 22:33:29 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\funkitron
[2012.08.19 16:32:27 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Gaijin Ent
[2011.11.23 21:03:09 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Gamelab
[2012.08.10 17:50:36 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\iWin
[2012.07.30 16:51:33 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Jane s Hotel
[2012.01.04 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\OpenOffice.org
[2012.08.08 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\PlayFirst
[2012.01.05 17:38:46 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\qBittorrent
[2012.08.19 16:27:07 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Skip-Bo
[2012.11.25 11:53:36 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\SPE
[2011.11.20 16:31:19 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\SpinTop
[2011.08.24 12:24:24 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Thunderbird
[2011.08.22 18:39:39 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Windows Live Writer
[2011.08.09 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\ZumoDrive

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:517FAB99
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3D2DDD84
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3C6E4889
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:52A63A46
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:290A724C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D19F6C18
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D94162E1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:82111599
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:7D371AB2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:554C6431
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E70CF2C0

< End of report >
  • 0

Advertisements


#17
hile

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here!

I'm so grateful for your help.

My computer is quite slow, hmm, otherwise I don't know "how" it is doing.
  • 0

#18
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/us/online-scanner/
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

  • 0

#19
hile

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=886af3d99f4da043a4f4de66ce7c22fc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-07 11:43:05
# local_time=2012-12-08 01:43:05 (+0200, FLE Standard Time)
# country="Finland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776637 100 94 46854 106554976 0 0
# scanned=228803
# found=1
# cleaned=1
# scan_time=39479
C:\_OTL\MovedFiles\12032012_183749\C_ProgramData\Bcool\509fac2733af0.ocx Win32/Adware.MultiPlug.D application (cleaned by deleting - quarantined) 55B64F53328498D22D269DE2E65BE2FEEBA7DA00 C
  • 0

#20
hile

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Have I done something wrong? Anyway, I'm not getting the threat notifications anymore. Is that good or bad? Thanks!
  • 0

#21
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

I'm not getting the threat notifications anymore.

This is really good.

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.
  • 0

#22
hile

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I am getting the notifications again.
  • 0

#23
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Ok, Send me a new OTL log:
  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

  • 0

#24
hile

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OTL logfile created on: 12.12.2012 19:07:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hilkka\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040B | Country: Finland | Language: FIN | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,72% Memory free
3,98 Gb Paging File | 3,03 Gb Available in Paging File | 76,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,43 Gb Total Space | 142,51 Gb Free Space | 67,41% Space Free | Partition Type: NTFS
Drive D: | 21,16 Gb Total Space | 3,08 Gb Free Space | 14,56% Space Free | Partition Type: NTFS
Drive E: | 99,18 Mb Total Space | 89,04 Mb Free Space | 89,78% Space Free | Partition Type: FAT32

Computer Name: HPMINI | User Name: Hilkka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.01 21:44:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hilkka\Downloads\OTL.exe
PRC - [2012.09.27 13:41:08 | 000,525,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
PRC - [2012.08.21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012.08.21 14:43:58 | 000,105,120 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hilkka\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.08.21 17:16:54 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.28 15:51:44 | 000,007,680 | ---- | M] (winreview.ru) -- C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe
PRC - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 17:01:02 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:01:02 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:37 | 001,131,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.11.09 15:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010.11.09 15:39:46 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010.11.09 15:39:44 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010.11.09 15:39:44 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010.11.09 15:39:42 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010.11.09 15:39:38 | 000,159,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
PRC - [2010.08.24 02:06:58 | 000,584,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.08.24 02:06:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.08.06 04:50:56 | 000,210,488 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010.08.03 02:32:34 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010.08.03 02:32:32 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010.08.03 02:32:28 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2010.07.21 23:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010.06.18 00:07:32 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.06.08 19:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.16 03:41:14 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012.11.16 03:39:06 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.08.31 12:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.04.24 00:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.03.22 00:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.02.11 01:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012.01.04 12:42:39 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 03:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.11.04 00:48:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.07.03 11:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.28 15:51:44 | 000,007,680 | ---- | M] (winreview.ru) [Auto | Running] -- C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe -- (persdwmsrv)
SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010.11.09 15:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010.11.09 15:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010.11.09 15:39:44 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010.11.09 15:39:44 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010.11.09 15:39:42 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010.08.24 02:06:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.08.06 04:50:56 | 000,210,488 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.08.03 02:32:32 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.08.03 02:32:28 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2010.07.21 23:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - [2012.09.17 11:28:56 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121211.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.17 11:28:56 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121211.019\NAVENG.SYS -- (NAVENG)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.09 10:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 10:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.12.16 20:17:21 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.09 15:39:50 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010.11.09 15:39:50 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010.11.09 15:39:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010.11.09 15:39:36 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010.08.03 02:32:34 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.11.11 22:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.07.24 13:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPMTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPMTDF
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes,DefaultScope = {A80A8FEF-AE11-4269-98FE-F80BD7B4A47A}
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{A80A8FEF-AE11-4269-98FE-F80BD7B4A47A}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{DF7A7A83-AB17-419D-A0C4-67CA3F49D6FC}: "URL" = http://websearch.ask...D5-1D72DB63A548
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "https://moodle.helsinki.fi/my/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hilkka\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hilkka\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011.11.22 17:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 00:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.07.13 15:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.24 12:24:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 00:48:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.07.13 15:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Extensions
[2012.07.13 15:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012.12.03 18:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions
[2012.07.13 15:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Sunbird\Profiles\1umhuynu.default\extensions
[2012.01.03 14:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Hilkka\AppData\Roaming\mozilla\firefox\profiles\1isdl4ir.default\searchplugins\askcom.xml
[2012.11.04 00:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.04 00:48:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.04 00:48:26 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://encrypted.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://encrypted.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-haku = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google-kalenteri = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.3.1_0\
CHR - Extension: Gmail = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000..\Run: [Syncables] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hilkka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hilkka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Hilkka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Cake%20Mania%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC8009A-8F69-48A7-A139-0BA08E20E51A}: DhcpNameServer = 192.168.136.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42B1DCF8-624D-440C-9326-34519D2100EA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ac17726-2ecf-11e1-b62b-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac17726-2ecf-11e1-b62b-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ac1772b-2ecf-11e1-b62b-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac1772b-2ecf-11e1-b62b-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{60ccdf77-2aaf-11e1-b6c5-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{60ccdf77-2aaf-11e1-b6c5-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{60ccdf7c-2aaf-11e1-b6c5-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{60ccdf7c-2aaf-11e1-b6c5-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{af896153-1094-11e2-acfb-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{af896153-1094-11e2-acfb-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce35c1ea-0220-11e1-9922-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{ce35c1ea-0220-11e1-9922-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce35c1f2-0220-11e1-9922-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{ce35c1f2-0220-11e1-9922-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.11 17:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.11 17:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.11 17:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.12.07 10:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.12.03 18:37:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.01 22:31:01 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Hilkka\Desktop\aswMBR (1).exe
[2012.11.30 21:59:45 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\Desktop\RK_Quarantine
[2012.11.30 21:22:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.11.28 21:07:14 | 000,257,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012.11.28 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.11.28 19:57:07 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\Documents\Anti-Malware
[2012.11.27 18:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Filseclab
[2012.11.26 17:21:13 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\AppData\Roaming\Malwarebytes
[2012.11.26 17:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.26 17:18:42 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hilkka\Desktop\mbam-setup.exe
[2012.11.26 17:16:13 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Hilkka\Desktop\rkill.com
[2012.11.25 11:53:36 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\AppData\Roaming\SPE
[2012.11.22 19:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012.11.22 19:02:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.22 18:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012.11.18 20:45:20 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2012.11.18 20:45:20 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2012.11.18 20:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2012.11.18 20:45:19 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2012.11.18 20:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.11.18 20:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Mechanic
[2 C:\Users\Hilkka\Desktop\*.tmp files -> C:\Users\Hilkka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.12 19:23:30 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1032965959-4215194031-2116070490-1000UA.job
[2012.12.12 19:01:13 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1032965959-4215194031-2116070490-1000Core.job
[2012.12.12 19:00:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.11 22:00:45 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012.12.11 19:47:00 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012.12.11 18:41:23 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 18:41:23 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 18:23:38 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.11 18:23:38 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.11 18:11:44 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.12.11 18:10:29 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.11 17:35:56 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.09 20:16:41 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHilkka.job
[2012.12.08 01:40:28 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012.12.07 10:22:02 | 000,068,174 | ---- | M] () -- C:\Users\Hilkka\Desktop\Junalippu.pdf
[2012.12.04 18:25:21 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHPMINI$.job
[2012.12.02 13:19:31 | 000,000,512 | ---- | M] () -- C:\Users\Hilkka\Desktop\MBR.dat
[2012.12.01 22:31:46 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Hilkka\Desktop\aswMBR (1).exe
[2012.11.30 21:27:38 | 338,791,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.28 21:07:14 | 000,257,928 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012.11.28 21:07:14 | 000,000,036 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\housecall.guid.cache
[2012.11.26 17:19:45 | 010,669,896 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hilkka\Desktop\mbam-setup.exe
[2012.11.26 17:16:22 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Hilkka\Desktop\rkill.com
[2012.11.22 19:07:32 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012.11.16 03:37:21 | 000,436,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\Hilkka\Desktop\*.tmp files -> C:\Users\Hilkka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.11 17:35:56 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.08 01:40:27 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012.12.07 10:21:53 | 000,068,174 | ---- | C] () -- C:\Users\Hilkka\Desktop\Junalippu.pdf
[2012.12.05 19:34:44 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHilkka.job
[2012.12.02 00:37:41 | 000,000,512 | ---- | C] () -- C:\Users\Hilkka\Desktop\MBR.dat
[2012.11.30 21:22:05 | 338,791,328 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.28 21:07:14 | 000,000,036 | ---- | C] () -- C:\Users\Hilkka\AppData\Local\housecall.guid.cache
[2012.11.22 19:07:32 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012.11.19 20:53:07 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012.11.18 20:46:02 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2012.11.18 20:45:19 | 000,038,560 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.11.15 15:47:24 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 15:44:15 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.08.13 20:54:21 | 000,000,035 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.10.30 15:16:05 | 000,070,667 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011.08.09 14:23:24 | 000,000,128 | ---- | C] () -- C:\Users\Hilkka\AppData\Local\mv_Photo.xml
[2011.08.09 14:23:24 | 000,000,119 | ---- | C] () -- C:\Users\Hilkka\AppData\Local\mv_music.xml
[2011.04.02 19:28:59 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.02 19:23:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.04.02 19:22:47 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2011.04.02 19:22:47 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.07.30 14:45:27 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\8floor
[2011.10.30 15:19:58 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Birdstep Technology
[2012.12.12 19:32:20 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Dropbox
[2012.03.13 08:43:27 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Feedreader
[2012.08.14 22:33:29 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\funkitron
[2012.08.19 16:32:27 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Gaijin Ent
[2011.11.23 21:03:09 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Gamelab
[2012.08.10 17:50:36 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\iWin
[2012.07.30 16:51:33 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Jane s Hotel
[2012.01.04 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\OpenOffice.org
[2012.08.08 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\PlayFirst
[2012.01.05 17:38:46 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\qBittorrent
[2012.08.19 16:27:07 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Skip-Bo
[2012.11.25 11:53:36 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\SPE
[2011.11.20 16:31:19 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\SpinTop
[2011.08.24 12:24:24 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Thunderbird
[2011.08.22 18:39:39 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\Windows Live Writer
[2011.08.09 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Hilkka\AppData\Roaming\ZumoDrive

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:517FAB99
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3D2DDD84
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3C6E4889
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6ECD2470
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:52A63A46
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:290A724C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D19F6C18
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D94162E1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:82111599
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:7D371AB2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:554C6431
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E70CF2C0
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

#25
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

I am getting the notifications again.

This notifications are from your antivirus, correct? If yes, can you tell me what file he alert as a virus? You can find these informations on the own quarantine.
  • 0

Advertisements


#26
hile

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
So, the notifications are sent from my antivirus, and they look like this:

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Users\Hilkka\AppData\Local\Temp\DWH9D86.tmp
Location: C:\Users\Hilkka\AppData\Local\Temp
Computer: HPMINI
User: Hilkka
Action taken: Pending Side Effects Analysis : Access denied
Date found: 13. joulukuuta 2012 17:20:52

I couldn't find how to copy the whole log, but there are some 4000 notifications
  • 0

#27
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

#28
hile

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hilkka
->Temp folder emptied: 543345719 bytes
->Temporary Internet Files folder emptied: 170920 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20770849 bytes
->Google Chrome cache emptied: 292419020 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29931088 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 846,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12162012_102753

Files\Folders moved on Reboot...
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_F3ABF9C8-F965-4BB2-BC17-C537E6BC3CE7.0\56B75879. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_D195CF35-2AF6-4105-A180-3FC5BE2F89CD.0\11C843FE. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_B9104D55-C421-4756-9CDF-CBE4C176EF17.0\6CA62590. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_83A5BEAA-7028-4C95-B254-EC760ADA43D6.0\DED1C0DD. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_81BBA8A1-E071-4190-B05B-AF7765320C30.0\9A35094C. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_78B2619A-FEB1-45CB-B0A1-CB471B0D8CB3.0\8202E721. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_7676D357-3254-4A86-905E-111DEEF8D88E.0\E52B1A49. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_57E7CBEF-F2D2-40ED-BE8E-24B3C6EA1817.0\71A1EEB7. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\DWH3167.tmp not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\DWH400F.tmp not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\DWH4B33.tmp not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\DWH562F.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#29
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Your antivirus still warning you?
  • 0

#30
hile

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
No! Is it gone? :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP