Active Suspected malware

poptimism · 2010/09/26

[Active] Suspected malware

It's been driving me nuts, but I think I got malware or the likes in my computer. I've run Comodo, Ad Aware, Malwarebytes and Spybot - Search & Destroy and nothing. It's very sneaky.

It's causing my computer to do quite a few things. Generic Host Process for Win 32 Services shows up everytime I start the computer, there's pop up ads in my browser at times, my sound doesn't work at times. For example, I can sometimes listen in Winamp yet when I try watching a YouTube video the sound doesn't work so I have to reboot, then for a while the sound works no matter what I do, watch a vid or listen to music.

Help me :/

DDS (Ver_10-03-17.01) - NTFSx86
Run by Emma at 6:05:53,00 on 2010-09-27
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1287 [GMT 2:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Mozilla Firefox\plugin-container.exe
C:\AnvÃ¤ndare\Emma\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.se/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll
BHO: Windows Live inloggningshjÃ¤lpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program\ekort\EKortHelper.dll
BHO: : {b19104d3-5301-4267-b113-877a06aca075} - c:\windows\system32\dlob7.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program\ekort\EKortToolbar.dll
uRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background
uRun: [ccleaner] "c:\program\ccleaner\CCleaner.exe" /AUTO
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [COMODO Internet Security] "c:\program\comodo\comodo internet security\cfp.exe" -h
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [VF0560Inst] RunDll32.exe c:\windows\system32\V0560Pin.dll,RunDLL32EP 515
IE: Download all with Free Download Manager - file://c:\program\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program\free download manager\dllink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266702818046
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\anvnda~1\emma\applic~1\mozilla\firefox\profiles\0llk67ck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.visited_color ", "#551A8B ");
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref( "browser.fixup.alternate.suffix ", ".se ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.videoFeeds.handler ", "ask ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

2008-04-14 19:35:14 60416 --sha-w- c:\windows\bricopacks\sysfiles\80_msimn.exe

============= FINISH: 6:08:38,50 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2010-02-14 21:43:48
System Uptime: 2010-09-27 05:46:28 (1 hours ago)

Motherboard: MSI | | MS-7260
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | CPU 1 | 2199/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 105,465 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&E0244F4&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&E0244F4&0&00
Service: NVENETFD

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

==== End Of File ===========================

Admin. · 2010/09/27

You also need to post Attach.txt

poptimism · 2010/09/27

I did. Somehow most of it, when I compared to other Attach files, didn't show up when it searched my computer. I don't know why. Of course, it did say that it didn't have enough memory to do the sorting, whatever that means.

poptimism · 2010/09/27

I did but somehow when I did the search it left a lot out. There was some error message that it didn't have enough memory to do the sorting?

Admin. · 2010/09/27

OK, please wait for a Malware expert to comment/advise.

crunchie · 2010/09/27

Can you please post your MalwareBytesAnti-Malware log.

==

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

c:\windows\system32\dlob7.dll

poptimism · 2010/09/27

Jotti's said this:

http://virusscan.jotti.org/en/scanresult/8d784ac76e80742d2c672530f2732372f3cd73f6

Which amused me. I tried virustotal just in case and got:

Antivirus Version Last Update Result
AhnLab-V3 2010.09.27.01 2010.09.27 Win-Trojan/Agent.729600.H
AntiVir 7.10.12.34 2010.09.27 TR/Spy.729600.3
Antiy-AVL 2.0.3.7 2010.09.27 -
Authentium 5.2.0.5 2010.09.27 -
Avast 4.8.1351.0 2010.09.27 Win32:Malware-gen
Avast5 5.0.594.0 2010.09.27 Win32:Malware-gen
AVG 9.0.0.851 2010.09.26 -
BitDefender 7.2 2010.09.27 Gen:Trojan.Heur.SC8aym92!Aoc
CAT-QuickHeal 11.00 2010.09.27 -
ClamAV 0.96.2.0-git 2010.09.27 Trojan.Agent-169538
Comodo 6210 2010.09.27 -
DrWeb 5.0.2.03300 2010.09.27 Trojan.Inject.10033
Emsisoft 5.0.0.37 2010.09.27 Virus.Win32.Spyware!IK
eSafe 7.0.17.0 2010.09.26 -
eTrust-Vet 36.1.7875 2010.09.25 -
F-Prot 4.6.2.117 2010.09.27 -
F-Secure 9.0.15370.0 2010.09.27 Gen:Trojan.Heur.SC8aym92!Aoc
Fortinet 4.1.143.0 2010.09.26 -
GData 21 2010.09.27 Gen:Trojan.Heur.SC8aym92!Aoc
Ikarus T3.1.1.88.0 2010.09.27 Virus.Win32.Spyware
Jiangmin 13.0.900 2010.09.27 -
K7AntiVirus 9.63.2608 2010.09.25 -
Kaspersky 7.0.0.125 2010.09.27 Trojan.Win32.Agent.fjus
McAfee 5.400.0.1158 2010.09.27 BackDoor-EWZ
McAfee-GW-Edition 2010.1C 2010.09.27 BackDoor-EWZ
Microsoft 1.6201 2010.09.27 -
NOD32 5482 2010.09.27 -
Norman 6.06.06 2010.09.26 -
nProtect 2010-09-27.03 2010.09.27 Trojan/W32.Agent.729600.R
Panda 10.0.2.7 2010.09.26 Suspicious file
PCTools 7.0.3.5 2010.09.27 -
Prevx 3.0 2010.09.27 High Risk Cloaked Malware
Rising 22.66.06.01 2010.09.27 -
Sophos 4.58.0 2010.09.27 -
Sunbelt 6932 2010.09.27 -
SUPERAntiSpyware 4.40.0.1006 2010.09.27 Trojan.Agent/Gen-Falcomp[Cont]
Symantec 20101.1.1.7 2010.09.27 -
TheHacker 6.7.0.0.035 2010.09.27 -
TrendMicro 9.120.0.1004 2010.09.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.27 -
VBA32 3.12.14.1 2010.09.27 -
ViRobot 2010.8.31.4017 2010.09.27 -
VirusBuster 12.65.27.3 2010.09.26 -

poptimism · 2010/09/27

I'll try another Malwarebytes full scan and get back to you.

crunchie · 2010/09/27

Make sure MBA-M is updated

poptimism · 2010/09/27

Finally. Here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4702

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-09-27 17:04:31
mbam-log-2010-09-27 (17-04-31).txt

Scan type: Full scan (C:\|)
Objects scanned: 201860
Time elapsed: 57 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

crunchie · 2010/09/27

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

poptimism · 2010/09/27

OTL:

OTL logfile created on: 2010-09-28 01:00:55 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\AnvÃ¤ndare\Emma\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 232,88 Gb Total Space | 106,78 Gb Free Space | 45,85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: -
Current User Name: -
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-09-28 00:56:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\AnvÃ¤ndare\Emma\Skrivbord\OTL.exe
PRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-07-12 18:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program\Winamp\winamp.exe
PRC - [2010-06-01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010-06-01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009-09-30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Contacts\wlcomm.exe
PRC - [2009-03-19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program\Last.fm\LastFM.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-04-14 21:35:08 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-04-25 13:34:44 | 000,073,728 | ---- | M] () -- C:\Program\Delade filer\Portrait Displays\Shared\DTSRVC.exe

========== Modules (SafeList) ==========

MOD - [2010-09-28 00:56:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\AnvÃ¤ndare\Emma\Skrivbord\OTL.exe
MOD - [2010-06-01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008-04-14 21:33:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\dloB7.dll -- (wkwmpeaf) Realtek RTL8139(A/B/C)
SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-06-01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010-02-23 21:16:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007-04-25 13:34:44 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program\Delade filer\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006-10-26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-03-09 06:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010-07-11 22:15:05 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010-07-11 22:14:40 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010-07-11 22:14:40 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010-06-04 11:55:58 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010-06-01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010-06-01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010-06-01 19:00:20 | 000,015,464 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010-05-10 10:44:48 | 000,022,328 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys -- (MSI_DVD_010507)
DRV - [2010-05-10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010-05-10 10:44:36 | 000,016,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys -- (MSI_VGASYS_010507)
DRV - [2009-12-25 19:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-11-18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-09-30 06:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-09-14 12:32:30 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OlyCamComm.sys -- (OlyCamComm)
DRV - [2008-06-18 03:00:00 | 000,286,592 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0560Vid.sys -- (V0560Vid)
DRV - [2008-05-28 20:21:09 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008-05-07 12:20:10 | 000,145,952 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008-04-30 09:43:42 | 000,160,768 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0560Afx.sys -- (V0560Afx)
DRV - [2008-04-14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-ljuddrivrutiner (WDM)
DRV - [2008-04-13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-04-24 11:49:34 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007-01-15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006-11-16 18:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006-09-11 20:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-09-11 20:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-08-21 19:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005-03-09 16:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001-08-17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gmail.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106

FF - HKLM\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program\ekort [2010-08-09 16:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program\Mozilla Firefox\components [2010-09-27 11:05:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2010-09-27 11:05:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program\Mozilla Firefox 4.0 Beta 4\components [2010-09-27 11:05:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program\Mozilla Firefox 4.0 Beta 4\plugins

[2010-02-20 20:19:29 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Extensions
[2010-09-27 16:17:33 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Firefox\Profiles\0llk67ck.default\extensions
[2010-08-28 19:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Firefox\Profiles\0llk67ck.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010-08-18 16:55:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Firefox\Profiles\0llk67ck.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-02-23 16:29:04 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Firefox\Profiles\0llk67ck.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010-09-16 17:14:01 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Firefox\Profiles\0llk67ck.default\extensions\personas@christopher.beard
[2010-09-27 16:17:33 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions
[2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program\Mozilla Firefox\plugins\npwachk.dll
[2010-08-25 02:42:15 | 000,001,470 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
[2010-08-25 02:42:15 | 000,002,670 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
[2010-08-25 02:42:15 | 000,000,948 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
[2010-08-25 02:42:15 | 000,001,174 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
[2010-08-25 02:42:15 | 000,000,951 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010-09-20 01:53:01 | 000,419,118 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 14485 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live inloggningshjÃ¤lpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program\ekort\EKortHelper.dll ()
O2 - BHO: () - {B19104D3-5301-4267-B113-877A06ACA075} - C:\WINDOWS\System32\dlob7.dll File not found
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program\ekort\EKortToolbar.dll ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [ccleaner] C:\Program\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program\Free Download Manager\dllink.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1266702818046 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.244.127.161 130.244.127.169
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-02-14 22:42:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a0a63f61-68c5-11df-a0b2-001e2ac05a20}\Shell\AutoRun\command - " " = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{f48b9fa8-1fd7-11df-9fc9-001617b746a6}\Shell - " " = AutoRun
O33 - MountPoints2\{f48b9fa8-1fd7-11df-9fc9-001617b746a6}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: wkwmpeaf - C:\WINDOWS\System32\dloB7.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (71508254835867648)

========== Files/Folders - Created Within 90 Days ==========

[2010-09-28 00:56:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\AnvÃ¤ndare\Emma\Skrivbord\OTL.exe
[2010-09-28 00:52:12 | 000,000,000 | -HSD | C] -- C:\AnvÃ¤ndare\Emma\Recent
[2010-09-27 11:45:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-09-27 11:45:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-09-27 11:08:02 | 000,000,000 | ---D | C] -- C:\Program\iPod
[2010-09-27 11:07:58 | 000,000,000 | ---D | C] -- C:\Program\iTunes
[2010-09-27 11:04:41 | 000,000,000 | ---D | C] -- C:\Program\QuickTime
[2010-09-27 11:03:28 | 000,000,000 | ---D | C] -- C:\Program\Bonjour
[2010-09-27 11:00:01 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\LocalService\Lokala instÃ¤llningar\Application Data\Apple
[2010-09-27 05:51:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-09-26 02:14:21 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010-09-26 02:09:39 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\Sunbelt Software
[2010-09-26 02:08:56 | 000,000,000 | -H-D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\~0
[2010-09-26 02:07:49 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\Lavasoft
[2010-09-25 22:48:23 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010-09-22 17:10:45 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\NetworkService\Lokala instÃ¤llningar\Application Data\Adobe
[2010-09-20 23:40:09 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Application Data\download2
[2010-09-20 02:45:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-09-20 01:41:58 | 000,000,000 | ---D | C] -- C:\Program\Spybot - Search & Destroy
[2010-09-20 01:41:58 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\Spybot - Search & Destroy
[2010-09-16 22:21:12 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Application Data\Malwarebytes
[2010-09-16 22:21:04 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\Malwarebytes
[2010-09-16 22:21:03 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[2010-09-13 13:40:12 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\LocalService\Application Data\Macromedia
[2010-09-13 13:40:11 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\LocalService\Application Data\Adobe
[2010-09-11 10:59:16 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\NetworkService\Application Data\Macromedia
[2010-09-11 10:56:03 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\NetworkService\Application Data\Adobe
[2010-09-11 00:55:32 | 000,000,000 | -HSD | C] -- C:\AnvÃ¤ndare\Emma\.COMMgr
[2010-09-11 00:55:16 | 000,000,000 | -H-D | C] -- C:\AnvÃ¤ndare\All Users\Dokument\Server
[2010-09-07 09:47:35 | 000,000,000 | ---D | C] -- C:\Program\Mozilla Firefox 4.0 Beta 4
[2010-08-31 19:19:32 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Application Data\vlc
[2010-08-22 00:31:15 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Skrivbord\**** Yeah Quantum Leap
[2010-08-18 21:10:31 | 000,000,000 | ---D | C] -- C:\Program\Winamp Detect
[2010-08-18 21:09:30 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Application Data\Winamp
[2010-08-09 16:39:40 | 000,000,000 | ---D | C] -- C:\Program\ekort
[2010-07-28 14:24:27 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\COMODO
[2010-07-28 14:23:18 | 000,000,000 | ---D | C] -- C:\Program\COMODO
[2010-07-28 14:16:57 | 000,000,000 | ---D | C] -- C:\temp
[2010-07-28 14:16:17 | 000,000,000 | ---D | C] -- C:\Program\Sim File Maid 2
[2010-07-28 13:19:56 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010-07-28 12:39:53 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\EA Logs
[2010-07-27 20:13:22 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Skype
[2010-07-11 22:15:06 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys
[2010-07-11 22:14:44 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010-07-11 22:14:43 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010-07-11 22:14:25 | 000,000,000 | ---D | C] -- C:\Program\Sony Ericsson
[2010-07-10 17:26:38 | 000,000,000 | ---D | C] -- C:\Program\Speccy
[2010-06-30 14:21:57 | 000,000,000 | ---D | C] -- C:\Program\Cryptic Studios
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-09-28 01:09:12 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010-09-28 00:56:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\AnvÃ¤ndare\Emma\Skrivbord\OTL.exe
[2010-09-28 00:49:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-09-28 00:49:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-09-27 19:15:32 | 010,223,616 | -H-- | M] () -- C:\AnvÃ¤ndare\Emma\NTUSER.DAT
[2010-09-27 19:15:32 | 000,000,192 | -HS- | M] () -- C:\AnvÃ¤ndare\Emma\ntuser.ini
[2010-09-27 17:26:31 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010-09-27 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-09-27 06:30:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-27 06:02:55 | 000,525,824 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\dds.scr
[2010-09-27 05:49:49 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-09-26 18:39:55 | 000,226,304 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-26 02:14:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010-09-23 02:42:44 | 003,438,349 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\nru3c.gif
[2010-09-21 21:59:33 | 000,025,088 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\
[2010-09-20 03:05:56 | 000,020,767 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\4184361.gif
[2010-09-20 01:53:01 | 000,419,118 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-09-19 02:03:12 | 000,019,458 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\rand.jpg
[2010-09-18 17:41:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-09-15 13:52:06 | 000,001,568 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-09-15 13:52:06 | 000,001,550 | ---- | M] () -- C:\AnvÃ¤ndare\All Users\Skrivbord\Mozilla Firefox.lnk
[2010-09-01 11:46:45 | 000,030,208 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\
[2010-08-18 21:10:31 | 000,000,632 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010-08-12 12:41:11 | 002,070,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-12 12:36:58 | 000,984,488 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-12 12:36:58 | 000,434,528 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2010-08-12 12:36:58 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-12 12:36:58 | 000,078,734 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2010-08-12 12:36:58 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-10 03:02:51 | 005,325,624 | -H-- | M] () -- C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\IconCache.db
[2010-07-28 13:19:56 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010-07-28 13:06:22 | 000,001,615 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\Star Trek Online.lnk
[2010-07-11 22:19:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-07-11 22:15:05 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys
[2010-07-11 22:14:40 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010-07-11 22:14:40 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-09-27 06:02:55 | 000,525,824 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\dds.scr
[2010-09-26 02:15:52 | 000,000,468 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-09-23 02:42:43 | 003,438,349 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\nru3c.gif
[2010-09-20 18:12:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-20 03:05:56 | 000,020,767 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\4184361.gif
[2010-09-19 23:40:58 | 000,001,366 | ---- | C] () -- C:\AnvÃ¤ndare\LocalService\Lokala instÃ¤llningar\Application Data\B19104D3-5301-4267-B113-877A06ACA075.txt
[2010-09-19 02:03:12 | 000,019,458 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\rand.jpg
[2010-09-15 13:52:06 | 000,001,568 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-09-15 13:52:06 | 000,001,550 | ---- | C] () -- C:\AnvÃ¤ndare\All Users\Skrivbord\Mozilla Firefox.lnk
[2010-09-11 15:41:52 | 000,002,950 | ---- | C] () -- C:\AnvÃ¤ndare\NetworkService\Lokala instÃ¤llningar\Application Data\B19104D3-5301-4267-B113-877A06ACA075.txt
[2010-09-11 12:05:44 | 000,003,786 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\B19104D3-5301-4267-B113-877A06ACA075.txt
[2010-08-09 16:39:40 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\OBroker.exe
[2010-08-09 16:02:53 | 000,025,088 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\
[2010-07-11 22:19:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-07-11 20:35:26 | 000,030,208 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\
[2010-06-30 15:12:19 | 000,001,615 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\Star Trek Online.lnk
[2010-04-29 21:14:36 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010-02-22 02:58:52 | 000,000,191 | ---- | C] () -- C:\AnvÃ¤ndare\All Users\Application Data\hpzinstall.log
[2010-02-21 17:01:54 | 000,226,304 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-21 00:33:29 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2003-03-09 06:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2010-07-28 12:39:53 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\EA Logs
[2010-03-23 00:33:35 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\Electronic Arts
[2010-06-29 01:16:39 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\Last.fm
[2010-05-26 16:09:58 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\OLYMPUS
[2010-05-08 18:05:54 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\Recisio
[2010-02-23 02:42:15 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\Soulseek
[2010-05-26 16:29:30 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\TEMP
[2010-03-21 17:27:11 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\TinyPic
[2010-04-05 20:24:26 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-02-20 20:57:27 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-09-27 05:51:08 | 000,000,000 | -H-D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\~0
[2010-02-22 22:11:54 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\acccore
[2010-05-03 18:53:57 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Agency9
[2010-02-25 20:01:06 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\DiskAid
[2010-02-21 03:08:20 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\DisplayTune
[2010-06-03 16:52:44 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Doctor Who
[2010-09-20 23:40:09 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\download2
[2010-04-29 20:39:48 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Facebook
[2010-09-27 17:26:51 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Free Download Manager
[2010-02-23 05:07:38 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\gtk-2.0
[2010-02-22 13:47:22 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Personal
[2010-09-25 20:45:45 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Spotify
[2010-04-15 01:29:17 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\SystemRequirementsLab
[2010-09-22 00:44:50 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\uTorrent
[2010-09-27 05:49:49 | 000,000,468 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010-06-06 02:05:32 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1266800662.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007-11-07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: AGP440.SYS >
[2008-04-14 21:45:56 | 020,095,330 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: AHCIX86.SYS >
[2007-03-07 12:47:30 | 000,119,808 | ---- | M] (ATI Technologies Inc.) MD5=F1B9E3A223CA684D98BB91FD82157601 -- C:\WINDOWS\DriverPacks\M\AT\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2008-04-14 21:45:56 | 020,095,330 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-14 21:34:40 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=0A6DF967AE8E836D053DB46398F603E5 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-14 21:34:40 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=0A6DF967AE8E836D053DB46398F603E5 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007-09-30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\DriverPacks\M\I3\IASTOR.sys

< MD5 for: NETLOGON.DLL >
[2008-04-14 21:34:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=4F4A16EAEB932AE413E48923E6A400E0 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008-04-14 21:34:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=4F4A16EAEB932AE413E48923E6A400E0 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006-08-21 19:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006-02-26 17:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\DriverPacks\M\N\123\NVATABUS.sys
[2006-04-24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\DriverPacks\M\N\TM\NVATABUS.sys
[2008-05-28 20:21:09 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2008-04-14 21:34:48 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=3B50B494647E60CE6AC516E3F5C82B25 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008-04-14 21:34:48 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=3B50B494647E60CE6AC516E3F5C82B25 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2008-01-22 20:02:24 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=3A82A61E312ADDB3BE8F1FE3481842B1 -- C:\WINDOWS\DriverPacks\M\V\viamraid.sys

< MD5 for: VIPRT.SYS >
[2007-12-07 18:10:10 | 000,052,736 | ---- | M] (VIA Technologies, Inc.) MD5=884D400F106C5206602185D9B8E34FE4 -- C:\WINDOWS\DriverPacks\M\V4\VIPRT.SYS

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2010-02-14 23:35:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010-02-14 23:35:43 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010-02-14 23:35:43 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\AnvÃ¤ndare\All Users\Application Data\TEMP:24051EFF
< End of report >

poptimism · 2010/09/27

-----

poptimism · 2010/09/27

Trying to post Extras but it doesn't work, just goes all page not available on me *sigh*

poptimism · 2010/09/27

OTL Extras logfile created on: 2010-09-28 01:00:55 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\AnvÃ¤ndare\Emma\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 232,88 Gb Total Space | 106,78 Gb Free Space | 45,85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: -
Current User Name: Emma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"41209:TCP" = 41209:TCP:*:Enabledxpsp2res.dll,-22009
"80:TCP" = 80:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program\Free Download Manager\fdmwi.exe" = C:\Program\Free Download Manager\fdmwi.exe:*:Enabled:fdmwi -- ()
"C:\Program\uTorrent\uTorrent.exe" = C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program\Spotify\spotify.exe" = C:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program\AIM\aim.exe" = C:\Program\AIM\aim.exe:*:Enabled:AIM -- File not found
"C:\Program\SoulseekNS\slsk.exe" = C:\Program\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program\Electronic Arts\EADM\Core.exe" = C:\Program\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program\Steam\SteamApps\poptimism\team fortress 2\hl2.exe" = C:\Program\Steam\SteamApps\poptimism\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program\Winamp Remote\bin\Orb.exe" = C:\Program\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program\Winamp Remote\bin\OrbTray.exe" = C:\Program\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
"C:\Program\iTunes\iTunes.exe" = C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

poptimism · 2010/09/27

Part 2:

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{31C44235-A613-4E95-B297-207BF6C6A8C1}" = Creative ZEN Vision M Series
"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B99E90E-2AC4-4D72-8D88-39030783172B}" = e-kort
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto och bilduppbyggnad 2.0 - All-in-One Drivrutin
"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto och bilduppbyggnad 2.0 - All-in-One
"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1053-7B44-A93000000001}" = Adobe Reader 9.3.4 - Svenska
"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BA9632CB-2B93-4FD6-905C-BB325CE1C4DD}" = e-kort
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"All ATI Software" = ATI - HjÃ¤lp fÃ¶r avinstallation av program
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"Creative Live! Central" = Creative Live! Central
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Creative VF0560" = Creative Live! Cam Optia AF (VF0560) Driver (1.00.06.00)
"Defraggler" = Defraggler
"DiskAid_is1" = DiskAid 3.11
"DivX Setup.divx.com" = DivX Setup
"Doctor Who - The Adventure Games" = Doctor Who - The Adventure Games 3.0
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-drivrutinspaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Download Manager_is1" = Free Download Manager 3.0
"HP PSC 2170 Series" = HP Foto och bilduppbyggnad 2.0 - hp psc 2170 series
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Firefox 4.0b5 (x86 sv-SE)" = Mozilla Firefox 4.0b5 (x86 sv-SE)
"NVIDIA Drivers" = NVIDIA Drivers
"Personal" = BankID sÃ¤kerhetsprogram 4.10.4
"Soulseek2" = SoulSeek 157 NS 13e
"Speccy" = Speccy
"Spotify" = Spotify
"Star Trek Online" = Star Trek Online
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SysInfo" = Creative System Information
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"VLC media player" = VLC media player 1.1.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

crunchie · 2010/09/27

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: () - {B19104D3-5301-4267-B113-877A06ACA075} - C:\WINDOWS\System32\dlob7.dll File not found
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\dloB7.dll -- (wkwmpeaf) Realtek RTL8139(A/B/C)
O4 - HKLM..\Run: [UserFaultCheck] File not found
:Commands
[emptytemp]
[purity]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top.

Let the program run unhindered, reboot the PC when it is done.

Post log from this run.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
============

Let me know how things are now please.

poptimism · 2010/09/28

-----

poptimism · 2010/09/28

Ok, did as you said, here's the log...

OTL logfile created on: 2010-09-28 22:51:41 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\AnvÃ¤ndare\Emma\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 232,88 Gb Total Space | 107,23 Gb Free Space | 46,04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: -
Current User Name: Emma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-09-28 22:41:14 | 002,500,552 | ---- | M] (COMODO) -- C:\Program\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010-09-28 22:41:07 | 001,901,056 | ---- | M] (COMODO) -- C:\Program\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010-09-28 00:56:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\AnvÃ¤ndare\Emma\Skrivbord\OTL.exe
PRC - [2010-09-16 18:38:47 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\firefox.exe
PRC - [2010-09-16 18:38:47 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\plugin-container.exe
PRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009-09-30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Contacts\wlcomm.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-04-14 21:35:08 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-04-25 13:34:44 | 000,073,728 | ---- | M] () -- C:\Program\Delade filer\Portrait Displays\Shared\DTSRVC.exe

========== Modules (SafeList) ==========

MOD - [2010-09-28 22:42:15 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010-09-28 00:56:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\AnvÃ¤ndare\Emma\Skrivbord\OTL.exe
MOD - [2008-04-14 21:33:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\dloB7.dll -- (wkwmpeaf) Realtek RTL8139(A/B/C)
SRV - [2010-09-28 22:41:07 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-02-23 21:16:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007-04-25 13:34:44 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program\Delade filer\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006-10-26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-03-09 06:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010-09-28 22:42:14 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010-09-28 22:42:14 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010-09-28 22:42:13 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010-09-28 22:42:13 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010-07-11 22:15:05 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010-07-11 22:14:40 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010-07-11 22:14:40 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010-05-10 10:44:48 | 000,022,328 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys -- (MSI_DVD_010507)
DRV - [2010-05-10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010-05-10 10:44:36 | 000,016,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys -- (MSI_VGASYS_010507)
DRV - [2009-12-25 19:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-11-18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-09-30 06:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-09-14 12:32:30 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OlyCamComm.sys -- (OlyCamComm)
DRV - [2008-06-18 03:00:00 | 000,286,592 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0560Vid.sys -- (V0560Vid)
DRV - [2008-05-28 20:21:09 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008-05-07 12:20:10 | 000,145,952 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008-04-30 09:43:42 | 000,160,768 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0560Afx.sys -- (V0560Afx)
DRV - [2008-04-14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-ljuddrivrutiner (WDM)
DRV - [2008-04-13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-04-24 11:49:34 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007-01-15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006-11-16 18:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006-09-11 20:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-09-11 20:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-08-21 19:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005-03-09 16:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001-08-17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gmail.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106

FF - HKLM\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program\ekort [2010-08-09 16:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program\Mozilla Firefox\components [2010-09-27 11:05:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2010-09-28 01:10:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program\Mozilla Firefox 4.0 Beta 4\components [2010-09-27 11:05:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program\Mozilla Firefox 4.0 Beta 4\plugins

[2010-02-20 20:19:29 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Extensions
[2010-09-27 16:17:33 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Firefox\Profiles\0llk67ck.default\extensions
[2010-08-28 19:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Firefox\Profiles\0llk67ck.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010-08-18 16:55:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Firefox\Profiles\0llk67ck.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-02-23 16:29:04 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Firefox\Profiles\0llk67ck.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010-09-16 17:14:01 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Mozilla\Firefox\Profiles\0llk67ck.default\extensions\personas@christopher.beard
[2010-09-27 16:17:33 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions
[2010-08-25 02:42:15 | 000,001,470 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
[2010-08-25 02:42:15 | 000,002,670 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
[2010-08-25 02:42:15 | 000,000,948 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
[2010-08-25 02:42:15 | 000,001,174 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
[2010-08-25 02:42:15 | 000,000,951 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010-09-20 01:53:01 | 000,419,118 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 14485 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live inloggningshjÃ¤lpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program\ekort\EKortHelper.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program\ekort\EKortToolbar.dll ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKCU..\Run: [ccleaner] C:\Program\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program\Free Download Manager\dllink.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1266702818046 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.244.127.161 130.244.127.169
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-02-14 22:42:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a0a63f61-68c5-11df-a0b2-001e2ac05a20}\Shell\AutoRun\command - " " = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{f48b9fa8-1fd7-11df-9fc9-001617b746a6}\Shell - " " = AutoRun
O33 - MountPoints2\{f48b9fa8-1fd7-11df-9fc9-001617b746a6}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010-09-28 22:48:06 | 000,000,000 | -HSD | C] -- C:\AnvÃ¤ndare\Emma\Recent
[2010-09-28 22:44:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-09-28 00:56:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\AnvÃ¤ndare\Emma\Skrivbord\OTL.exe
[2010-09-27 11:45:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-09-27 11:45:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-09-27 11:08:02 | 000,000,000 | ---D | C] -- C:\Program\iPod
[2010-09-27 11:07:58 | 000,000,000 | ---D | C] -- C:\Program\iTunes
[2010-09-27 11:04:41 | 000,000,000 | ---D | C] -- C:\Program\QuickTime
[2010-09-27 11:03:28 | 000,000,000 | ---D | C] -- C:\Program\Bonjour
[2010-09-27 11:00:01 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\LocalService\Lokala instÃ¤llningar\Application Data\Apple
[2010-09-27 05:51:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-09-26 02:14:21 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010-09-26 02:09:39 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\Sunbelt Software
[2010-09-26 02:08:56 | 000,000,000 | -H-D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\~0
[2010-09-26 02:07:49 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\Lavasoft
[2010-09-25 22:48:23 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010-09-22 17:10:45 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\NetworkService\Lokala instÃ¤llningar\Application Data\Adobe
[2010-09-20 23:40:09 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Application Data\download2
[2010-09-20 02:45:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-09-20 01:41:58 | 000,000,000 | ---D | C] -- C:\Program\Spybot - Search & Destroy
[2010-09-20 01:41:58 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\Spybot - Search & Destroy
[2010-09-16 22:21:12 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Application Data\Malwarebytes
[2010-09-16 22:21:04 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\Malwarebytes
[2010-09-16 22:21:03 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[2010-09-13 13:40:12 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\LocalService\Application Data\Macromedia
[2010-09-13 13:40:11 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\LocalService\Application Data\Adobe
[2010-09-11 10:59:16 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\NetworkService\Application Data\Macromedia
[2010-09-11 10:56:03 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\NetworkService\Application Data\Adobe
[2010-09-11 00:55:32 | 000,000,000 | -HSD | C] -- C:\AnvÃ¤ndare\Emma\.COMMgr
[2010-09-11 00:55:16 | 000,000,000 | -H-D | C] -- C:\AnvÃ¤ndare\All Users\Dokument\Server
[2010-09-07 09:47:35 | 000,000,000 | ---D | C] -- C:\Program\Mozilla Firefox 4.0 Beta 4
[2010-08-31 19:19:32 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Application Data\vlc
[2010-08-22 00:31:15 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Skrivbord\**** Yeah Quantum Leap
[2010-08-18 21:09:30 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\Emma\Application Data\Winamp
[2010-08-09 16:39:40 | 000,000,000 | ---D | C] -- C:\Program\ekort
[2010-07-28 14:24:27 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\COMODO
[2010-07-28 14:23:18 | 000,000,000 | ---D | C] -- C:\Program\COMODO
[2010-07-28 14:16:57 | 000,000,000 | ---D | C] -- C:\temp
[2010-07-28 14:16:17 | 000,000,000 | ---D | C] -- C:\Program\Sim File Maid 2
[2010-07-28 13:19:56 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010-07-28 12:39:53 | 000,000,000 | ---D | C] -- C:\AnvÃ¤ndare\All Users\Application Data\EA Logs
[2010-07-27 20:13:22 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Skype
[2010-07-11 22:15:06 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys
[2010-07-11 22:14:44 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010-07-11 22:14:43 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010-07-11 22:14:25 | 000,000,000 | ---D | C] -- C:\Program\Sony Ericsson
[2010-07-10 17:26:38 | 000,000,000 | ---D | C] -- C:\Program\Speccy

========== Files - Modified Within 90 Days ==========

[2010-09-28 22:55:31 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010-09-28 22:45:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-09-28 22:45:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-09-28 22:45:01 | 010,223,616 | -H-- | M] () -- C:\AnvÃ¤ndare\Emma\NTUSER.DAT
[2010-09-28 22:45:01 | 000,000,192 | -HS- | M] () -- C:\AnvÃ¤ndare\Emma\ntuser.ini
[2010-09-28 00:56:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\AnvÃ¤ndare\Emma\Skrivbord\OTL.exe
[2010-09-27 17:26:31 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010-09-27 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-09-27 06:30:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-27 06:02:55 | 000,525,824 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\dds.scr
[2010-09-27 05:49:49 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-09-26 18:39:55 | 000,226,304 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-26 02:14:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010-09-23 02:42:44 | 003,438,349 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\nru3c.gif
[2010-09-21 21:59:33 | 000,025,088 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\
[2010-09-20 03:05:56 | 000,020,767 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\4184361.gif
[2010-09-20 01:53:01 | 000,419,118 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-09-19 02:03:12 | 000,019,458 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\rand.jpg
[2010-09-18 17:41:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-09-15 13:52:06 | 000,001,568 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-09-15 13:52:06 | 000,001,550 | ---- | M] () -- C:\AnvÃ¤ndare\All Users\Skrivbord\Mozilla Firefox.lnk
[2010-09-01 11:46:45 | 000,030,208 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\
[2010-08-18 21:10:31 | 000,000,632 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010-08-12 12:41:11 | 002,070,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-12 12:36:58 | 000,984,488 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-12 12:36:58 | 000,434,528 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2010-08-12 12:36:58 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-12 12:36:58 | 000,078,734 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2010-08-12 12:36:58 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-10 03:02:51 | 005,325,624 | -H-- | M] () -- C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\IconCache.db
[2010-07-28 13:19:56 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010-07-28 13:06:22 | 000,001,615 | ---- | M] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\Star Trek Online.lnk
[2010-07-11 22:19:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-07-11 22:15:05 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys
[2010-07-11 22:14:40 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010-07-11 22:14:40 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys

========== Files Created - No Company Name ==========

[2010-09-27 06:02:55 | 000,525,824 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\dds.scr
[2010-09-26 02:15:52 | 000,000,468 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-09-23 02:42:43 | 003,438,349 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\nru3c.gif
[2010-09-20 18:12:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-20 03:05:56 | 000,020,767 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\4184361.gif
[2010-09-19 23:40:58 | 000,001,366 | ---- | C] () -- C:\AnvÃ¤ndare\LocalService\Lokala instÃ¤llningar\Application Data\B19104D3-5301-4267-B113-877A06ACA075.txt
[2010-09-19 02:03:12 | 000,019,458 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\rand.jpg
[2010-09-15 13:52:06 | 000,001,568 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-09-15 13:52:06 | 000,001,550 | ---- | C] () -- C:\AnvÃ¤ndare\All Users\Skrivbord\Mozilla Firefox.lnk
[2010-09-11 15:41:52 | 000,002,950 | ---- | C] () -- C:\AnvÃ¤ndare\NetworkService\Lokala instÃ¤llningar\Application Data\B19104D3-5301-4267-B113-877A06ACA075.txt
[2010-09-11 12:05:44 | 000,003,786 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\B19104D3-5301-4267-B113-877A06ACA075.txt
[2010-08-09 16:39:40 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\OBroker.exe
[2010-08-09 16:02:53 | 000,025,088 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\
[2010-07-11 22:19:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-07-11 20:35:26 | 000,030,208 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Skrivbord\
[2010-04-29 21:14:36 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010-02-22 02:58:52 | 000,000,191 | ---- | C] () -- C:\AnvÃ¤ndare\All Users\Application Data\hpzinstall.log
[2010-02-21 17:01:54 | 000,226,304 | ---- | C] () -- C:\AnvÃ¤ndare\Emma\Lokala instÃ¤llningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-21 00:33:29 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2003-03-09 06:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2010-07-28 12:39:53 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\EA Logs
[2010-03-23 00:33:35 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\Electronic Arts
[2010-06-29 01:16:39 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\Last.fm
[2010-05-26 16:09:58 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\OLYMPUS
[2010-05-08 18:05:54 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\Recisio
[2010-02-23 02:42:15 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\Soulseek
[2010-05-26 16:29:30 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\TEMP
[2010-03-21 17:27:11 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\TinyPic
[2010-04-05 20:24:26 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-02-20 20:57:27 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-09-27 05:51:08 | 000,000,000 | -H-D | M] -- C:\AnvÃ¤ndare\All Users\Application Data\~0
[2010-02-22 22:11:54 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\acccore
[2010-05-03 18:53:57 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Agency9
[2010-02-25 20:01:06 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\DiskAid
[2010-02-21 03:08:20 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\DisplayTune
[2010-06-03 16:52:44 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Doctor Who
[2010-09-20 23:40:09 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\download2
[2010-04-29 20:39:48 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Facebook
[2010-09-27 17:26:51 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Free Download Manager
[2010-02-23 05:07:38 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\gtk-2.0
[2010-02-22 13:47:22 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Personal
[2010-09-25 20:45:45 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\Spotify
[2010-04-15 01:29:17 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\SystemRequirementsLab
[2010-09-22 00:44:50 | 000,000,000 | ---D | M] -- C:\AnvÃ¤ndare\Emma\Application Data\uTorrent
[2010-09-27 05:49:49 | 000,000,468 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010-06-06 02:05:32 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1266800662.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\AnvÃ¤ndare\All Users\Application Data\TEMP:24051EFF
< End of report >

poptimism · 2010/09/28

But even before I did all that stuff my computer was behaving all of a sudden. Odd. Maybe the malware got scared and ran But yeah it's behaving now. No Win 32 process shut down which is wonderful. Have to surf for a while to see if pop ups occur, though. Been rebooting now a few times xD

Log in or Sign up

Active Suspected malware

poptimism Inactive Thread Starter

Admin. Administrator Administrator Staff

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

Admin. Administrator Administrator Staff

crunchie Inactive

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

crunchie Inactive

poptimism Inactive Thread Starter

crunchie Inactive

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

crunchie Inactive

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

Share This Page

Log in or Sign up

Active Suspected malware

poptimism Inactive Thread Starter

Admin. Administrator Administrator Staff

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

Admin. Administrator Administrator Staff

crunchie Inactive

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

crunchie Inactive

poptimism Inactive Thread Starter

crunchie Inactive

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

crunchie Inactive

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

poptimism Inactive Thread Starter

Share This Page

Useful Searches