[WhiteHat]

No! Is it gone?

Probably yes.

If you don't have any more problems I will close the topic, ok?

[Advertisements]

Thank you SO much! How could I thank you enough? I'm afraid I can't give any computering advice to you in return...

[hile]

Thank you SO much! How could I thank you enough? I'm afraid I can't give any computering advice to you in return...

[hile]

Wait! Don't go! Just got this one:

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Users\Hilkka\AppData\Local\Temp\DWH2145.tmp
Location: C:\Users\Hilkka\AppData\Local\Temp
Computer: HPMINI
User: Hilkka
Action taken: Pending Side Effects Analysis : Access denied
Date found: 18. joulukuuta 2012 20:35:56

[WhiteHat]

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks





When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.

[hile]

ComboFix 12-12-17.02 - Hilkka 19.12.2012 8:39.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.358.1033.18.2036.940 [GMT 2:00]
Sijainti: c:\users\Hilkka\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iWin Games\iWINgameshookie.dll
C:\Thumbs.db
c:\users\Hilkka\Favorites\The Wine Lecture.pptx
c:\users\Hilkka\Favorites\??? ? ?????.docx . . . . poisto epäonnistui
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-11-19 to 2012-12-19 )))))))))))))))))
.
.
2012-12-18 17:39 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{904B1FC8-1217-4ED1-A590-482C4D17E2F3}\mpengine.dll
2012-12-17 19:49 . 2012-12-17 19:49 -------- d-----w- C:\Games
2012-12-15 08:47 . 2012-11-14 02:00 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-15 08:47 . 2012-11-14 02:01 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-12-15 08:47 . 2012-11-14 01:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-14 09:29 . 2012-11-05 20:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 09:29 . 2012-11-05 20:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 09:29 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 15:35 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-11 15:32 . 2012-12-11 15:32 -------- d-----w- c:\program files\iPod
2012-12-11 15:32 . 2012-12-11 15:35 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-07 08:03 . 2012-12-07 08:03 -------- d-----w- c:\program files\ESET
2012-12-03 16:37 . 2012-12-03 16:37 -------- d-----w- C:\_OTL
2012-12-01 19:06 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-12-01 19:06 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-12-01 19:05 . 2012-08-23 14:10 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-12-01 19:05 . 2012-08-23 13:52 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-12-01 19:05 . 2012-08-23 14:40 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-12-01 19:04 . 2012-08-23 13:18 37376 ----a-w- c:\windows\system32\tsgqec.dll
2012-12-01 19:04 . 2012-08-23 13:46 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2012-12-01 19:04 . 2012-08-23 13:32 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-12-01 19:04 . 2012-08-23 13:47 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-12-01 19:04 . 2012-08-23 11:15 269312 ----a-w- c:\windows\system32\aaclient.dll
2012-12-01 19:04 . 2012-08-23 11:40 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-12-01 19:04 . 2012-08-23 14:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
2012-12-01 19:04 . 2012-08-23 11:12 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-12-01 19:04 . 2012-08-23 11:32 317440 ----a-w- c:\windows\system32\wksprt.exe
2012-12-01 19:03 . 2012-08-23 10:39 1048064 ----a-w- c:\windows\system32\mstsc.exe
2012-12-01 19:03 . 2012-08-23 10:08 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2012-12-01 19:03 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\system32\mstscax.dll
2012-12-01 18:58 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-12-01 18:58 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-12-01 18:57 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-01 18:57 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-01 18:57 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-01 18:57 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-28 19:07 . 2012-11-28 19:07 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-11-28 17:57 . 2012-12-09 18:15 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-11-27 16:51 . 2012-12-01 18:53 -------- d-----w- c:\program files\Filseclab
2012-11-26 15:21 . 2012-11-26 15:21 -------- d-----w- c:\users\Hilkka\AppData\Roaming\Malwarebytes
2012-11-26 15:21 . 2012-11-26 15:21 -------- d-----w- c:\programdata\Malwarebytes
2012-11-25 09:53 . 2012-11-25 09:53 -------- d-----w- c:\users\Hilkka\AppData\Roaming\SPE
2012-11-22 16:53 . 2012-11-22 16:53 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-17 11:15 . 2012-10-17 11:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-17 11:15 . 2012-10-17 11:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 07:39 . 2012-11-27 23:22 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-13 09:45 . 2011-10-30 13:16 70667 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2012-10-09 17:40 . 2012-11-15 13:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 13:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-15 13:34 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-15 13:34 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-15 13:34 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-15 13:34 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 13:34 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-15 13:34 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-15 13:34 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-15 13:34 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-15 13:33 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-03 22:48 . 2012-11-03 22:48 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hilkka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hilkka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hilkka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-17 1897768]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-08-03 495708]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-24 584760]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-11-09 115560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
.
c:\users\Hilkka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hilkka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Päivitysagentti.lnk - c:\program files\Mobiililaajakaista\Mobiililaajakaista\AutoUpdateSrv.exe [2011-10-30 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 persdwmsrv;Personalization Panel DWM controller;c:\program files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1032965959-4215194031-2116070490-1000Core.job
- c:\users\Hilkka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 13:13]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1032965959-4215194031-2116070490-1000UA.job
- c:\users\Hilkka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 13:13]
.
2012-12-09 c:\windows\Tasks\HPCeeScheduleForHilkka.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-12-04 c:\windows\Tasks\HPCeeScheduleForHPMINI$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-12-19 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-11-27 15:56]
.
2012-12-18 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-11-27 15:56]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Hilkka\AppData\Roaming\Mozilla\Firefox\Profiles\1isdl4ir.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://moodle.helsinki.fi/my/
FF - prefs.js: network.proxy.type - 0
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
HKCU-Run-Syncables - c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe
HKCU-Run-Power2GoExpress - (no file)
SafeBoot-Symantec Antvirus
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Prosesseihin ladatut DLLt ---------------------
.
- - - - - - - > 'Explorer.exe'(2188)
c:\users\Hilkka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Muut prosessit ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Support Framework\HPSF.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-12-19 09:56:57 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-12-19 07:56
.
Ennen ajoa: 156 926 943 232 bytes free
Ajon jälkeen: 156 841 951 232 bytes free
.
- - End Of File - - 9D3B6064F8A4C5C468F8CBB2729258B5

[hile]

Ok, it seems that some details are in Finnish... Tell me if (and how) I need to change some settings to English

[WhiteHat]

Ok, it seems that some details are in Finnish... Tell me if (and how) I need to change some settings to English

I think this is not possible. Just for curiosity, the language set in your operacional system is Finnish?

Close any open browsers.

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box:
• Write (Copy/Paste)Notepad.exe. Then click in Ok.
• copy/paste the text in the codebox below to notepad
  
  

  File::
  c:\users\Hilkka\Favorites\??? ? ?????.docx

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
• Refering to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply

[hile]

ComboFix 12-12-17.02 - Hilkka 21.12.2012 8:34.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.358.1033.18.2036.873 [GMT 2:00]
Sijainti: c:\users\Hilkka\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Hilkka\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hilkka\Favorites\??? ? ?????.docx . . . . poisto epäonnistui
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-11-21 to 2012-12-21 )))))))))))))))))
.
.
2012-12-21 07:04 . 2012-12-21 07:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-18 17:39 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{904B1FC8-1217-4ED1-A590-482C4D17E2F3}\mpengine.dll
2012-12-17 19:49 . 2012-12-17 19:49 -------- d-----w- C:\Games
2012-12-15 08:47 . 2012-11-14 02:00 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-15 08:47 . 2012-11-14 02:01 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-12-15 08:47 . 2012-11-14 01:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-14 09:29 . 2012-11-05 20:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 09:29 . 2012-11-05 20:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 09:29 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 15:35 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-11 15:32 . 2012-12-11 15:32 -------- d-----w- c:\program files\iPod
2012-12-11 15:32 . 2012-12-11 15:35 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-07 08:03 . 2012-12-07 08:03 -------- d-----w- c:\program files\ESET
2012-12-03 16:37 . 2012-12-03 16:37 -------- d-----w- C:\_OTL
2012-12-01 19:06 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-12-01 19:06 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-12-01 19:05 . 2012-08-23 14:10 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-12-01 19:05 . 2012-08-23 13:52 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-12-01 19:05 . 2012-08-23 14:40 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-12-01 19:04 . 2012-08-23 13:18 37376 ----a-w- c:\windows\system32\tsgqec.dll
2012-12-01 19:04 . 2012-08-23 13:46 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2012-12-01 19:04 . 2012-08-23 13:32 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-12-01 19:04 . 2012-08-23 13:47 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-12-01 19:04 . 2012-08-23 11:15 269312 ----a-w- c:\windows\system32\aaclient.dll
2012-12-01 19:04 . 2012-08-23 11:40 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-12-01 19:04 . 2012-08-23 14:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
2012-12-01 19:04 . 2012-08-23 11:12 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-12-01 19:04 . 2012-08-23 11:32 317440 ----a-w- c:\windows\system32\wksprt.exe
2012-12-01 19:03 . 2012-08-23 10:39 1048064 ----a-w- c:\windows\system32\mstsc.exe
2012-12-01 19:03 . 2012-08-23 10:08 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2012-12-01 19:03 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\system32\mstscax.dll
2012-12-01 18:58 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-12-01 18:58 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-12-01 18:57 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-01 18:57 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-01 18:57 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-01 18:57 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-28 19:07 . 2012-11-28 19:07 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-11-28 17:57 . 2012-12-09 18:15 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-11-27 16:51 . 2012-12-01 18:53 -------- d-----w- c:\program files\Filseclab
2012-11-26 15:21 . 2012-11-26 15:21 -------- d-----w- c:\users\Hilkka\AppData\Roaming\Malwarebytes
2012-11-26 15:21 . 2012-11-26 15:21 -------- d-----w- c:\programdata\Malwarebytes
2012-11-25 09:53 . 2012-11-25 09:53 -------- d-----w- c:\users\Hilkka\AppData\Roaming\SPE
2012-11-22 16:53 . 2012-11-22 16:53 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-17 11:15 . 2012-10-17 11:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-17 11:15 . 2012-10-17 11:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 07:39 . 2012-11-27 23:22 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-13 09:45 . 2011-10-30 13:16 70667 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2012-10-09 17:40 . 2012-11-15 13:33 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 13:33 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-15 13:34 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-15 13:34 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-15 13:34 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-15 13:34 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 13:34 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-15 13:34 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-15 13:34 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-15 13:34 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-15 13:33 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-03 22:48 . 2012-11-03 22:48 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hilkka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hilkka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hilkka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-17 1897768]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-08-03 495708]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-24 584760]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-11-09 115560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
.
c:\users\Hilkka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hilkka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Päivitysagentti.lnk - c:\program files\Mobiililaajakaista\Mobiililaajakaista\AutoUpdateSrv.exe [2011-10-30 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 persdwmsrv;Personalization Panel DWM controller;c:\program files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1032965959-4215194031-2116070490-1000Core.job
- c:\users\Hilkka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 13:13]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1032965959-4215194031-2116070490-1000UA.job
- c:\users\Hilkka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09 13:13]
.
2012-12-09 c:\windows\Tasks\HPCeeScheduleForHilkka.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-12-04 c:\windows\Tasks\HPCeeScheduleForHPMINI$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-12-21 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-11-27 15:56]
.
2012-12-20 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-11-27 15:56]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Hilkka\AppData\Roaming\Mozilla\Firefox\Profiles\1isdl4ir.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://moodle.helsinki.fi/my/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Prosesseihin ladatut DLLt ---------------------
.
- - - - - - - > 'Explorer.exe'(3112)
c:\users\Hilkka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Muut prosessit ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Support Framework\HPSF.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-12-21 14:02:14 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-12-21 12:02
ComboFix2.txt 2012-12-19 07:56
.
Ennen ajoa: 155 633 614 848 bytes free
Ajon jälkeen: 154 701 766 656 bytes free
.
- - End Of File - - 63866707A08C750AA180EADAF93BC5FA

[WhiteHat]

Please reopen on your desktop.

• Under the box at the bottom, paste in the following
  
  

  :Files
  c:\users\Hilkka\Favorites\??? ? ?????.docx
  
  :Commands
  [CREATERESTOREPOINT]
  [EMPTYTEMP]
  

• Then click the button at the top
• Let the program run unhindered, reboot the PC when it is done
• Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[hile]

All processes killed
========== FILES ==========
c:\users\Hilkka\Favorites\Что я думаю.docx moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hilkka
->Temp folder emptied: 884269 bytes
->Temporary Internet Files folder emptied: 37797 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 47046449 bytes
->Flash cache emptied: 672 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3502 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12222012_014516

Files\Folders moved on Reboot...
File\Folder C:\Users\Hilkka\AppData\Local\Temp\~DF9B43056F1C7AF881.TMP not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\~DFD471F5B13195E185.TMP not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\~DFE6B3E3468BEC1C52.TMP not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\~DFFE5626D1776F7030.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[hile]

By the way, I may not be able to reply for a couple of days... No notifications so far. Otherwise everything seems to be fine.

[WhiteHat]

By the way, I may not be able to reply for a couple of days... No notifications so far. Otherwise everything seems to be fine.

Ok. Keep me update about the situation of the computer.

Please go to: VirusTotal

• Click the Choose File button and search for the following file (one by one):
  
  

  c:\program files\Mobiililaajakaista\Mobiililaajakaista\AutoUpdateSrv.exe

• Click Open > Scan It!.
• Please be patient while the file is scanned.
• Copy and past the Link (URL) with the results.

[hile]

https://www.virustot...sis/1356640684/

[hile]

So, I didn't use the computer for a couple of days. The antivirus doesn't alarm so far. ?

[hile]

Ok, so now I'm getting the posts again... What's going on