WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


System Security Need help

2 posters

descriptionSystem Security Need help EmptySystem Security Need help21st February 2010, 8:59 pm

more_horiz
I ran the malwarebytes it found 6 infected files and i removed all of them but the virus still havnt been removed so im going to post my hijack logg here now and please help me ! :<

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:05, on 2010-02-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\mIRC\mirc.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\addi\Mina dokument\Hämtade filer\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "C:\Program\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\addi\Start-meny\Program\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.se

descriptionSystem Security Need help EmptyRe: System Security Need help21st February 2010, 9:17 pm

more_horiz
I checked some other topics and ran the OTL program aswell and i will post it now.

OTL logfile created on: 2010-02-21 22:13:01 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\addi\Skrivbord
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 93,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 99,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 148,67 Gb Total Space | 2,67 Gb Free Space | 1,80% Space Free | Partition Type: NTFS
Drive D: | 149,41 Gb Total Space | 38,68 Gb Free Space | 25,89% Space Free | Partition Type: NTFS
Drive E: | 512,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRACKHEAD
Current User Name: addi
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-21 22:12:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\addi\Skrivbord\OTL.exe
PRC - [2004-09-02 17:20:00 | 001,082,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010-02-21 22:12:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\addi\Skrivbord\OTL.exe
MOD - [2004-09-02 17:20:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SAVScan)
SRV - File not found [Disabled | Stopped] -- -- (NPFMntor)
SRV - File not found [Disabled | Stopped] -- -- (Bonjour Service)
SRV - [2010-01-24 06:22:42 | 000,075,064 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009-10-28 17:02:00 | 003,407,292 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009-10-25 17:00:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-09-22 16:20:09 | 001,028,432 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009-05-19 10:17:04 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-05-18 15:12:25 | 000,819,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009-04-30 23:30:18 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2009-02-05 21:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-02-05 21:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-02-05 21:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-02-05 21:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2004-09-02 17:20:00 | 000,206,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004-09-02 17:20:00 | 000,197,752 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004-09-02 17:20:00 | 000,173,160 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004-09-02 17:20:00 | 000,164,984 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004-09-02 17:20:00 | 000,078,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004-08-30 17:34:52 | 000,066,688 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program\Delade filer\Symantec Shared\script Blocking\SBServ.exe -- (SBService)


========== Driver Services (SafeList) ==========

DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-06-18 04:43:40 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-06-16 16:20:48 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009-05-18 15:12:25 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2009-04-30 21:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-08-20 18:58:58 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007-11-15 21:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2006-09-05 17:04:38 | 001,419,968 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)
DRV - [2005-09-30 05:52:22 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-09-30 05:52:20 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005-05-27 08:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004-09-02 17:20:00 | 000,266,464 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004-09-02 17:20:00 | 000,104,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004-09-02 17:20:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-06-03 03:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004-04-02 23:40:00 | 000,021,760 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.se
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program\Mozilla Firefox\components [2010-02-19 04:00:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2010-02-19 04:00:47 | 000,000,000 | ---D | M]

[2010-01-15 01:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\addi\Application Data\Mozilla\Extensions
[2010-01-15 01:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\addi\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009-11-11 03:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\addi\Application Data\Mozilla\Firefox\Profiles\a2x0wo8a.default\extensions
[2010-02-21 21:04:04 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions
[2009-06-18 04:45:20 | 000,227,696 | ---- | M] () -- C:\Program\Mozilla Firefox\components\AdVComponent.dll
[2009-07-03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009-10-05 21:48:00 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009-09-29 07:18:16 | 000,001,470 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
[2009-09-29 07:18:16 | 000,002,670 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
[2009-09-29 07:18:16 | 000,000,948 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
[2009-09-29 07:18:17 | 000,001,174 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
[2009-09-29 07:18:17 | 000,000,647 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010-02-20 21:30:29 | 000,000,828 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton SystemWorks\Norton AntiVirus\NavShExt.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton SystemWorks\Norton AntiVirus\NavShExt.dll File not found
O4 - HKLM..\Run: [avast!] C:\Program\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [C6501Sound] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\addi\Start-meny\Program\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.54.122.199 195.54.122.204
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\addi\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\addi\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-05-18 15:04:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001-04-18 16:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2001-04-30 18:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-21 22:12:21 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\addi\Skrivbord\OTL.exe
[2010-02-21 21:55:42 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\addi\Skrivbord\winlogon.scr
[2010-02-21 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\addi\Application Data\Malwarebytes
[2010-02-21 21:09:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-02-21 21:09:35 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-02-21 21:09:35 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes
[2010-02-21 21:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-02-19 17:50:18 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010-02-19 17:50:18 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010-02-19 17:47:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010-02-19 17:47:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010-02-19 17:47:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010-02-17 10:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\addi\Application Data\Publish Providers
[2010-02-17 10:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\addi\Mina dokument\My Videos
[2010-02-17 10:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\addi\Lokala inställningar\Application Data\Sony
[2010-02-17 10:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\addi\Application Data\Sony
[2010-02-15 23:29:42 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Designer
[2010-02-15 23:29:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2010-02-15 15:46:35 | 000,000,000 | ---D | C] -- C:\Program\Microsoft Office
[2010-02-15 15:46:32 | 000,000,000 | ---D | C] -- C:\Program\MSECache
[2010-01-24 06:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\addi\Lokala inställningar\Application Data\PunkBuster
[2010-01-24 06:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\addi\Application Data\id Software
[2010-01-24 06:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009-09-03 12:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft
[2009-05-18 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft
[2009-05-18 15:04:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009-05-18 15:04:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-02-21 22:12:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\addi\Skrivbord\OTL.exe
[2010-02-21 22:09:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-21 22:05:40 | 000,229,741 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-02-21 22:04:18 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\addi\NTUSER.DAT
[2010-02-21 22:04:18 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\addi\ntuser.ini
[2010-02-21 22:04:17 | 004,768,656 | -H-- | M] () -- C:\Documents and Settings\addi\Lokala inställningar\Application Data\IconCache.db
[2010-02-21 22:01:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-02-21 21:55:43 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\addi\Skrivbord\winlogon.scr
[2010-02-21 21:09:38 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2010-02-21 20:43:38 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-02-21 20:43:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-21 20:43:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-02-21 20:32:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-20 23:22:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-20 23:00:00 | 000,001,074 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-448539723-839522115-500UA.job
[2010-02-20 22:07:41 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System\C6501.ini
[2010-02-20 22:00:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-448539723-839522115-500Core.job
[2010-02-19 19:34:00 | 000,043,688 | ---- | M] () -- C:\Documents and Settings\addi\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT
[2010-02-19 19:05:08 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Mozilla Firefox.lnk
[2010-02-19 18:05:32 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Steam.lnk
[2010-02-19 17:49:43 | 001,015,350 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-02-19 17:49:43 | 000,430,036 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2010-02-19 17:49:43 | 000,427,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-02-19 17:49:43 | 000,077,388 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2010-02-19 17:49:43 | 000,066,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-02-19 17:44:14 | 000,000,136 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010-02-19 17:43:28 | 000,072,542 | ---- | M] () -- C:\Documents and Settings\addi\Skrivbord\zeholelist.m3u
[2010-02-19 03:14:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\addi\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-18 19:11:52 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\addi\Application Data\cqfyto.dat
[2010-02-18 12:24:34 | 000,002,632 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-02-17 10:49:12 | 000,000,002 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010-02-17 10:49:11 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010-02-17 10:49:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Twunk002.MTX
[2010-02-17 05:17:19 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\addi\Skrivbord\confezzz.rar
[2010-02-17 05:10:53 | 000,004,274 | ---- | M] () -- C:\Documents and Settings\addi\Skrivbord\config.cfg
[2010-02-16 20:09:46 | 001,493,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-02-15 23:30:04 | 000,000,385 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010-02-15 17:20:12 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-02-02 14:04:45 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\addi\Skrivbord\Translation 4.rtf
[2010-02-02 14:01:48 | 000,001,125 | ---- | M] () -- C:\Documents and Settings\addi\Skrivbord\Sociolinguistics.doc
[2010-01-25 13:31:39 | 000,073,511 | ---- | M] () -- C:\Documents and Settings\addi\Skrivbord\jessi.jpg
[2010-01-24 23:11:55 | 000,019,197 | ---- | M] () -- C:\Documents and Settings\addi\Skrivbord\Translation Compendium Eng I HT08.doc
[2010-01-24 06:34:03 | 000,138,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-01-24 06:33:52 | 000,214,488 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010-01-24 06:33:52 | 000,214,488 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010-01-24 06:22:42 | 002,373,712 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-01-24 06:22:42 | 000,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-02-21 21:09:38 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2010-02-19 19:05:08 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Mozilla Firefox.lnk
[2010-02-19 17:44:14 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010-02-18 19:11:52 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\addi\Application Data\cqfyto.dat
[2010-02-17 10:49:11 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Twunk001.MTX
[2010-02-17 10:49:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\Twain001.Mtx
[2010-02-17 10:49:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twunk002.MTX
[2010-02-17 05:17:19 | 000,002,343 | ---- | C] () -- C:\Documents and Settings\addi\Skrivbord\confezzz.rar
[2010-02-17 05:17:08 | 000,004,274 | ---- | C] () -- C:\Documents and Settings\addi\Skrivbord\config.cfg
[2010-02-17 05:16:48 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\addi\Skrivbord\userconfig.cfg
[2010-02-15 23:30:04 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-02-02 14:04:45 | 000,002,369 | ---- | C] () -- C:\Documents and Settings\addi\Skrivbord\Translation 4.rtf
[2010-02-02 12:12:28 | 000,001,125 | ---- | C] () -- C:\Documents and Settings\addi\Skrivbord\Sociolinguistics.doc
[2010-01-25 13:31:37 | 000,073,511 | ---- | C] () -- C:\Documents and Settings\addi\Skrivbord\jessi.jpg
[2010-01-24 20:00:16 | 000,019,197 | ---- | C] () -- C:\Documents and Settings\addi\Skrivbord\Translation Compendium Eng I HT08.doc
[2009-12-14 01:53:09 | 000,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI
[2009-12-04 18:11:13 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\addi\Application Data\DofusAppId0_3
[2009-12-03 22:42:47 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\addi\Application Data\DofusAppId0_2
[2009-12-03 22:40:45 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\addi\Application Data\D2Info0
[2009-12-03 22:40:45 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\addi\Application Data\DofusAppId0_1
[2009-11-11 02:53:47 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\addi\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-31 22:01:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\c6501rm.dll
[2009-08-29 09:38:44 | 000,084,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\FontCache3.0.0.0.dat
[2009-08-14 21:44:29 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009-08-14 21:44:29 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-07-15 23:43:06 | 000,000,256 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-06-20 02:01:32 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-06-20 02:01:32 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-06-20 02:01:32 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-06-18 04:43:40 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-05-27 02:09:36 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-05-18 15:29:23 | 000,004,562 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-05-18 15:29:21 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-04-30 23:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-04-30 23:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-04-30 23:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-04-30 23:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-03-24 21:22:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006-04-23 00:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005-10-14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005-10-14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005-10-14 10:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005-10-14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005-10-14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005-10-14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005-10-14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005-10-14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005-10-14 10:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2004-09-02 17:20:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-09-02 17:20:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2004-09-02 17:20:00 | 000,028,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004-09-02 17:20:00 | 000,000,374 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2000-11-07 23:01:46 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\Animation.dll
[2000-11-01 20:27:00 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2000-03-29 00:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2000-03-28 14:27:42 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

OTL Extras logfile created on: 2010-02-21 22:13:01 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\addi\Skrivbord
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 93,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 99,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 148,67 Gb Total Space | 2,67 Gb Free Space | 1,80% Space Free | Partition Type: NTFS
Drive D: | 149,41 Gb Total Space | 38,68 Gb Free Space | 25,89% Space Free | Partition Type: NTFS
Drive E: | 512,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRACKHEAD
Current User Name: addi
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57984:TCP" = 57984:TCP:*:Enabled:Pando Media Booster
"57984:UDP" = 57984:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57984:TCP" = 57984:TCP:*:Enabled:Pando Media Booster
"57984:UDP" = 57984:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program\MSN Messenger\livecall.exe" = C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program\Pando Networks\Media Booster\PMB.exe" = C:\Program\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\mIRC\mirc.exe" = D:\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program\MSN Messenger\livecall.exe" = C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program\Spotify\spotify.exe" = C:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program\Ventrilo\Ventrilo.exe" = C:\Program\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\WINDOWS\Temp\wpv091253178221.exe" = C:\WINDOWS\Temp\wpv091253178221.exe:*:Enabled:services -- File not found
"C:\Program\Pando Networks\Media Booster\PMB.exe" = C:\Program\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program\uTorrent\uTorrent.exe" = C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program\Bonjour\mDNSResponder.exe" = C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Fjärrhjälp - Windows Messenger och tal -- (Microsoft Corporation)
"C:\Program\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = C:\Program\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = C:\Program\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F900346-A316-BA88-B83C-2513F1260AD7}" = Reg (DOFUS Audio Subsystem)
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD}" = Dofus
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BBE7AA1-AFA8-4D76-8FC2-1FDFD9BD3371}" = Windows Live Mail
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C640CAE0-8024-11D4-0090-B700902724B3}" = FIFA 2001
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec script Blocking Installer
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FDF3A1E0-186A-11D5-0089-C400C04FAE70}" = NHL 2002
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"avast!" = avast! Antivirus
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DC++" = DC++ 0.750
"Diablo II" = Diablo II
"Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1" = Dofus
"Fraps" = Fraps
"Garena" = Garena
"Generic 6501 Sound" = C-Media 6501 Sound
"Grand Fantasia" = Grand Fantasia
"GunboundWC_is1" = GunboundWC
"Gunz" = ijji - Gunz
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"LiveReg" = LiveReg (Symantec Corporation)
"lvdrivers_11.50" = Logitech QuickCam drivrutinspaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Drivrutiner till Logitech®️ Camera
"Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1" = Reg (DOFUS Audio Subsystem)
"Spotify" = Spotify
"Steam App 10" = Counter-Strike
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 11020" = TrackMania Nations Forever
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Warkeys" = Warkeys 1.13.1.0b
"VentriloMIX" = VentriloMIX
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WMFDist11" = Windows Media Format 11 runtime
"VOIPlay" = VOIPlay
"Worms Armageddon - New Edition" = Worms Armageddon - New Edition
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2009-11-10 22:20:40 | Computer Name = CRACKHEAD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\ADMINISTRATöR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XWIRCYQU.DEFAULT\EXTENSIONS\{B66BC4C3-6D25-4A10-8C59-01DAA9063051}\DEFAULTS\PREFERENCES\FOXGAME.JS
failed, 00000005.

Error - 2009-11-10 22:20:41 | Computer Name = CRACKHEAD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\ADMINISTRATöR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XWIRCYQU.DEFAULT\PREFS.JS
failed, 00000005.

Error - 2009-12-06 17:27:12 | Computer Name = CRACKHEAD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\MUSIC\afsf.mp3 failed, 00000570.

Error - 2010-02-20 18:39:31 | Computer Name = CRACKHEAD | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

[ Application Events ]
Error - 2009-09-29 05:14:51 | Computer Name = CRACKHEAD | Source = Application Error | ID = 1000
Description = Felaktigt program easyanticheat.exe, version 3.3.7.0, felaktig modul
easyanticheat.exe, version 3.3.7.0, felaktig adress 0x0000678e.

Error - 2009-09-29 05:15:04 | Computer Name = CRACKHEAD | Source = Application Error | ID = 1000
Description = Felaktigt program easyanticheat.exe, version 3.3.7.0, felaktig modul
easyanticheat.exe, version 3.3.7.0, felaktig adress 0x0000678e.

Error - 2009-10-02 07:07:56 | Computer Name = CRACKHEAD | Source = Application Error | ID = 1000
Description = Felaktigt program ventrilo 2.1.4.exe, version 2.1.4.0, felaktig modul
ntdll.dll, version 5.1.2600.2180, felaktig adress 0x000106c3.

Error - 2009-10-04 09:02:52 | Computer Name = CRACKHEAD | Source = Application Error | ID = 1000
Description = Felaktigt program wmplayer.exe, version 10.0.0.3646, felaktig modul
mmswitch.ax, version 0.9.9.0, felaktig adress 0x00001b30.

Error - 2009-10-09 10:59:10 | Computer Name = CRACKHEAD | Source = Windows Live Messenger | ID = 1000
Description =

Error - 2009-10-11 12:19:47 | Computer Name = CRACKHEAD | Source = EventSystem | ID = 4609
Description = COM+ Event System upptäckte en felaktig returneringskod under den
interna bearbetningen. HRESULT var C0000005 från rad 44 av d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Kontakta Microsoft Support och rapportera det här fele

Error - 2009-10-13 03:54:09 | Computer Name = CRACKHEAD | Source = Application Error | ID = 1000
Description = Felaktigt program drwtsn32.exe, version 5.1.2600.0, felaktig modul
dbghelp.dll, version 5.1.2600.2180, felaktig adress 0x0001295d.

Error - 2009-10-13 03:54:54 | Computer Name = CRACKHEAD | Source = Application Error | ID = 1000
Description = Felaktigt program explorer.exe, version 6.0.2900.2180, felaktig modul
mpeg2dmx.ax, version 2.0.84.30429, felaktig adress 0x0000dff3.

Error - 2009-10-14 10:09:18 | Computer Name = CRACKHEAD | Source = MsiInstaller | ID = 10005
Description = Product: Norton AntiVirus 2005 -- Norton AntiVirus 2005 does not support
the Repair feature, please uninstall and reinstall.

Error - 2009-10-23 14:35:44 | Computer Name = CRACKHEAD | Source = Windows Live Messenger | ID = 1000
Description =

[ System Events ]
Error - 2010-02-20 18:33:04 | Computer Name = CRACKHEAD | Source = Service Control Manager | ID = 7001
Description = Tjänsten TCP/IP NetBIOS Helper är beroende av tjänsten AFD. Den sistnämnda
kunde inte starta på grund av följande fel: %%31

Error - 2010-02-20 18:33:04 | Computer Name = CRACKHEAD | Source = Service Control Manager | ID = 7001
Description = Tjänsten IPSEC Services är beroende av tjänsten IPSEC driver. Den
sistnämnda kunde inte starta på grund av följande fel: %%31

Error - 2010-02-20 18:33:04 | Computer Name = CRACKHEAD | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: Aavmker4 AFD aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd
Rdbss
SYMTDI
Tcpip

Error - 2010-02-20 18:33:05 | Computer Name = CRACKHEAD | Source = DCOM | ID = 10005
Description = DCOM fick felet %1084 vid försök att starta tjänsten StiSvc med argumenten
för att köra servern: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2010-02-20 18:34:47 | Computer Name = CRACKHEAD | Source = DCOM | ID = 10005
Description = DCOM fick felet %1084 vid försök att starta tjänsten StiSvc med argumenten
för att köra servern: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2010-02-20 19:47:04 | Computer Name = CRACKHEAD | Source = Disk | ID = 262151
Description = Det finns ett felaktigt block på enhet \Device\Harddisk0\D.

Error - 2010-02-20 22:32:35 | Computer Name = CRACKHEAD | Source = Disk | ID = 262151
Description = Det finns ett felaktigt block på enhet \Device\Harddisk0\D.

Error - 2010-02-20 22:32:37 | Computer Name = CRACKHEAD | Source = Disk | ID = 262151
Description = Det finns ett felaktigt block på enhet \Device\Harddisk0\D.

Error - 2010-02-20 23:21:05 | Computer Name = CRACKHEAD | Source = DCOM | ID = 10005
Description = DCOM fick felet %1084 vid försök att starta tjänsten EventSystem med
argumenten för att köra servern: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-02-21 10:15:31 | Computer Name = CRACKHEAD | Source = Service Control Manager | ID = 7000
Description = Tjänsten SAVRTPEL kunde inte startas på grund av följande fel: %%3


< End of report >

descriptionSystem Security Need help EmptyRe: System Security Need help21st February 2010, 9:26 pm

more_horiz
trying some on myself as in another thread and pasted the fix commands and this is what got up in the log.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
File J:\AutoRun.exe not found.

OTL by OldTimer - Version 3.1.30.1 log created on 02212010_222516

descriptionSystem Security Need help EmptyRe: System Security Need help22nd February 2010, 1:06 am

more_horiz
Hello.
Did you uninstall Norton?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
System Security Need help DXwU4
System Security Need help VvYDg

descriptionSystem Security Need help EmptyRe: System Security Need help22nd February 2010, 8:15 am

more_horiz
well it came with the XP i installed and it got "bugged" so it got removed in a "bad" way so to say it dont work but its "there" but still not , and the problem left after the things ive done now is that i cant press alt+ctrl delete and i can't use the "start" menu at all everything just freezes :\

descriptionSystem Security Need help EmptyRe: System Security Need help22nd February 2010, 8:47 pm

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton SystemWorks\Norton AntiVirus\NavShExt.dll File not found
    O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton SystemWorks\Norton AntiVirus\NavShExt.dll File not found
    [2010-02-19 17:44:14 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
    [2010-02-18 19:11:52 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\addi\Application Data\cqfyto.dat

    :commands
    [resethosts]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
System Security Need help DXwU4
System Security Need help VvYDg

descriptionSystem Security Need help EmptyRe: System Security Need help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum