Free Malware Removal Forum

[Tuinen]

Hello, I'm new here. Internet Explorer keeps opening unwanted windows and it has this "Yoog search" as the default search engine (I googled it and I think it's pretty safe to say that "Yoog search" is a malware). Also, every time I open my computer I get a "Run-time error '75': Path/File access error" and my internet connection seems to be slower than usual. Can anyone help, please?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:42, on 2.1.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\tbu02705\ecobar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: adsoftinc browser enhancer - {E04B1F72-58D6-5BA4-E171-6F6310E59619} - C:\Windows\system32\qfhmidsgszwwva.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\tbu02705\ecobar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ftmifbqbhgau] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qfhmidsgszwwva.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Auri\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP-leikekirja - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart -valitse - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9671 bytes

[Shaba]

Hi Tuinen and sorry for delay.

If you still need help, please post next a fresh HijackThis log.

[Tuinen]

Thank you, Shaba. I actually got rid of the unwanted IE windows, but the other problems are still there. Here's the fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:06, on 10.1.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEUser.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\tbu02705\ecobar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: adsoftinc browser enhancer - {E04B1F72-58D6-5BA4-E171-6F6310E59619} - C:\Windows\system32\qfhmidsgszwwva.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\tbu02705\ecobar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ftmifbqbhgau] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qfhmidsgszwwva.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Auri\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP-leikekirja - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart -valitse - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9095 bytes

[Shaba]

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

[Tuinen]

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements
Adobe Reader 8.1.2 - Suomi
Adobe SVG Viewer
Ajokorttikoulu
ATI Uninstaller
Automaattiset valikot (Windows Live Toolbar)
Contextual Platform Adsoftinc
ECO Bar
FirstSteps Diagnostics
HijackThis 2.0.2
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Java(TM) 6 Update 4
Korostuksen katselu (Windows Live Toolbar)
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.5)
Nero 7 Essentials
Norman Virus Control
PAP 4.0
PAP project files
Realtek High Definition Audio Driver
RON Tool Adsoftinc
Run It
RUNAWAY - A road adventure
RUNAWAY - The dream of the turtle
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Spybot - Search & Destroy
The Sims 2
The Sims 2 Nightlife
The Sims 2 Pets
Update for Office 2007 (KB946691)
Wacom Tablet
Warcraft III
Windows Live installer
Windows Live Messenger
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbarin laajennus (Windows Live Toolbar)
Windows Liven kirjautumisavustaja
WinRAR archiver
Vista Codec Package

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent DNA

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:

Contextual Platform Adsoftinc
ECO Bar
RON Tool Adsoftinc

Please run a new uninstall list scan when finished and post the log back here.

[Tuinen]

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements
Adobe Reader 8.1.2 - Suomi
Adobe SVG Viewer
Ajokorttikoulu
ATI Uninstaller
Automaattiset valikot (Windows Live Toolbar)
FirstSteps Diagnostics
HijackThis 2.0.2
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Java(TM) 6 Update 4
Korostuksen katselu (Windows Live Toolbar)
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.5)
Nero 7 Essentials
Norman Virus Control
PAP 4.0
PAP project files
Realtek High Definition Audio Driver
Run It
RUNAWAY - A road adventure
RUNAWAY - The dream of the turtle
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Spybot - Search & Destroy
The Sims 2
The Sims 2 Nightlife
The Sims 2 Pets
Update for Office 2007 (KB946691)
Wacom Tablet
Warcraft III
Windows Live installer
Windows Live Messenger
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbarin laajennus (Windows Live Toolbar)
Windows Liven kirjautumisavustaja
WinRAR archiver
Vista Codec Package

[Shaba]

Thank you

Please post next a fresh HijackThis log.

[Tuinen]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:10, on 10.1.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Auri\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP-leikekirja - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart -valitse - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 8573 bytes

[Shaba]

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[Tuinen]

Aw, I can't download it. Appearently it's because of my security settings, but I can't figure out how to fix the problem. Any ideas?

[Shaba]

You might want to try another browser or if antivirus prompts about, please disable it first.

[Tuinen]

Fixed it! (The problem was in Windows Security Policy settings. A common problem with Firefox 3, appearently.) Here are the contents of the logfiles:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Auri at 2009-01-10 17:12:38
Microsoft® Windows Vista™ Home Premium
System drive C: has 82 GB (54%) free of 152 GB
Total RAM: 1918 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:51, on 10.1.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Auri\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Auri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Auri\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP-leikekirja - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart -valitse - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 8718 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
C:\Windows\tasks\WebReg Deskjet D2400 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader -linkkiavustaja - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Liven kirjautumisapuohjelma - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-08-21 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
"Norman ZANDA"=C:\Program Files\Norman\Npm\bin\ZLH.EXE [2008-06-02 273520]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2006-11-02 2159104]
""= []
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"BitTorrent DNA"=C:\Users\Auri\Program Files\DNA\btdna.exe []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Auri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
runit_32.lnk - C:\Program Files\runit\runit_32.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a150461-b28e-11dc-ba92-806e6f6e6963}]
shell\AutoRun\command - E:\autorun.exe


======List of files/folders created in the last 1 months======

2009-01-10 17:12:38 ----D---- C:\rsit
2008-12-26 00:27:19 ----D---- C:\Program Files\Trend Micro
2008-12-25 16:54:31 ----A---- C:\Windows\wininit.ini
2008-12-25 15:35:20 ----D---- C:\Users\Auri\AppData\Roaming\Mozilla
2008-12-25 15:35:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-23 13:32:27 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-23 13:32:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-23 12:05:21 ----A---- C:\Windows\pn8.exe
2008-12-23 12:05:18 ----A---- C:\Windows\hw5305.exe
2008-12-23 12:05:11 ----A---- C:\Windows\ykgee3362.exe
2008-12-23 12:05:02 ----A---- C:\Windows\nohh06760.exe
2008-12-23 12:02:41 ----D---- C:\Program Files\IEToolbar
2008-12-23 12:02:34 ----A---- C:\Windows\xmovb6426.exe
2008-12-23 12:02:32 ----D---- C:\Program Files\runit
2008-12-23 12:02:31 ----A---- C:\Windows\vmqq64340.exe
2008-12-23 12:02:28 ----A---- C:\Windows\gpna8081.exe
2008-12-23 12:02:20 ----A---- C:\Windows\kdiue732.txt
2008-12-22 23:59:18 ----A---- C:\kdiue732.txt
2008-12-18 22:07:48 ----A---- C:\Windows\system32\mshtml.dll
2008-12-16 18:29:54 ----A---- C:\Windows\system32\qfhmidsgszwwva.dll
2008-12-12 23:48:27 ----A---- C:\Windows\system32\tzres.dll
2008-12-12 18:46:57 ----A---- C:\Windows\system32\gdi32.dll
2008-12-12 18:46:52 ----A---- C:\Windows\system32\gameux.dll
2008-12-12 18:46:52 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-12 18:46:51 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-12 18:46:41 ----A---- C:\Windows\system32\shell32.dll
2008-12-12 18:46:27 ----A---- C:\Windows\explorer.exe
2008-12-12 18:46:22 ----A---- C:\Windows\system32\urlmon.dll
2008-12-12 18:46:22 ----A---- C:\Windows\system32\ieframe.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\wininet.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\pngfilt.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\mstime.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\mshtmled.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\ieUnatt.exe
2008-12-12 18:46:21 ----A---- C:\Windows\system32\ieui.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\iesetup.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\iertutil.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\iernonce.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\ieapfltr.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\ie4uinit.exe
2008-12-12 18:46:21 ----A---- C:\Windows\system32\icardie.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\dxtrans.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\dxtmsft.dll
2008-12-12 18:46:21 ----A---- C:\Windows\system32\advpack.dll
2008-12-12 18:46:13 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-12 18:46:13 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-12 18:46:13 ----A---- C:\Windows\system32\rrinstaller.exe
2008-12-12 18:46:13 ----A---- C:\Windows\system32\mfps.dll
2008-12-12 18:46:13 ----A---- C:\Windows\system32\mfpmp.exe
2008-12-12 18:46:13 ----A---- C:\Windows\system32\mferror.dll
2008-12-12 18:46:13 ----A---- C:\Windows\system32\mf.dll
2008-12-12 18:46:13 ----A---- C:\Windows\system32\logagent.exe

======List of files/folders modified in the last 1 months======

2009-01-10 17:12:51 ----D---- C:\Windows\Prefetch
2009-01-10 17:12:45 ----D---- C:\Windows\Temp
2009-01-10 15:09:05 ----D---- C:\Windows\System32
2009-01-10 15:05:50 ----RD---- C:\Program Files
2009-01-10 11:54:09 ----D---- C:\Windows\system32\drivers
2009-01-10 11:53:54 ----D---- C:\Users\Auri\AppData\Roaming\WTablet
2009-01-10 11:53:32 ----D---- C:\Program Files\Norman
2009-01-10 11:15:41 ----SD---- C:\ProgramData\Microsoft
2009-01-08 21:00:28 ----SHD---- C:\System Volume Information
2009-01-05 16:58:09 ----D---- C:\Windows\inf
2009-01-05 16:58:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-03 21:43:35 ----D---- C:\Windows
2009-01-03 10:48:47 ----D---- C:\Windows\system32\catroot2
2009-01-02 17:46:00 ----D---- C:\Program Files\Adobe
2009-01-01 01:26:20 ----D---- C:\Windows\system32\Tasks
2009-01-01 01:26:19 ----D---- C:\Windows\Tasks
2008-12-27 18:45:48 ----D---- C:\Program Files\Tablet
2008-12-27 18:44:26 ----D---- C:\Windows\system32\catroot
2008-12-27 18:43:26 ----D---- C:\Windows\system32\WTablet
2008-12-23 13:32:27 ----HD---- C:\ProgramData
2008-12-23 11:43:26 ----D---- C:\Users\Auri\AppData\Roaming\LimeWire
2008-12-18 22:08:19 ----D---- C:\Windows\winsxs
2008-12-13 14:11:23 ----ASH---- C:\Program Files\desktop.ini
2008-12-13 14:10:07 ----D---- C:\Windows\AppPatch
2008-12-13 14:10:07 ----D---- C:\Program Files\Windows Mail
2008-12-13 14:10:06 ----D---- C:\Windows\system32\fi-FI
2008-12-13 14:10:05 ----D---- C:\Windows\system32\migration
2008-12-13 14:10:05 ----D---- C:\Program Files\Internet Explorer
2008-12-12 23:51:41 ----SHD---- C:\Windows\Installer
2008-12-12 23:51:34 ----HD---- C:\Config.Msi
2008-12-12 23:51:33 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-04-26 278728]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-04-26 25416]
R2 Ndiskio;Ndiskio; \??\C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-01 690176]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-12-29 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 NvcMFlt;NvcMFlt; C:\Windows\system32\DRIVERS\nvcv32mf.sys [2008-09-02 19512]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 2385920]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 70144]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2008-07-11 13352]
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 nvcfsr;nvcfsr; \??\C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712]
S3 nvcoafl4;nvcoafl4; \??\C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 36472]
S3 nvcoaft4;nvcoaft4; \??\C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 104288]
S3 nvcoarc4;nvcoarc4; \??\C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 25528]
S3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-02 565248]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE [2007-08-30 150584]
R2 hpqddsvc;HP CUE DeviceDiscovery -palvelu; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2008-04-23 408696]
R2 TabletServiceWacom;TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [2008-10-30 2749224]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [2008-03-27 150584]
R3 nsesvc;Norman Scanner Engine Service; C:\Program Files\Norman\nse\bin\NSESVC.EXE [2008-06-19 322616]
R3 nvcoas;Norman Virus Control on-access component; C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2008-04-29 183352]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-10 17:12:56

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {A8626CEF-CB0A-4BC2-8F51-210A43B6158D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040B-0000-0000000FF1CE} /uninstall {E8865B68-C2A1-4B9D-BBA7-782E8FC2E52F}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 8.1.2 - Suomi-->MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81200000003}
Adobe SVG Viewer-->C:\Windows\IsUninst.exe -f"C:\Windows\System32\Adobe\SVG Viewer\Uninst.isu"
Ajokorttikoulu-->C:\Program Files\Ajokorttikoulu\Uninstall.exe
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
Automaattiset valikot (Windows Live Toolbar)-->MsiExec.exe /X{B01DC672-EA23-4FF8-BA22-F622AAF00EAD}
FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Driver Software 9.0-->C:\Program Files\HP\Digital Imaging\{F5936267-D467-4e7b-8940-A7D9F0398EF3}\setup\hpzscr01.exe -datfile hphscr15.dat -showdisconnect -forcereboot
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Korostuksen katselu (Windows Live Toolbar)-->MsiExec.exe /X{90E65178-09D9-44DB-9506-361FD59B731B}
Microsoft Office Excel MUI (Finnish) 2007-->MsiExec.exe /X{90120000-0016-040B-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Finnish) 2007-->MsiExec.exe /X{90120000-00A1-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Finnish) 2007-->MsiExec.exe /X{90120000-0018-040B-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007-->MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007-->MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Finnish) 2007-->MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Finnish) 2007-->MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE}
Microsoft Office Word MUI (Finnish) 2007-->MsiExec.exe /X{90120000-001B-040B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6495D83E-3A5B-4674-A17F-3A6DDCDC0F89}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571035}
Norman Virus Control-->C:\Program Files\Norman\NVC\BIN\DelNVC5.exe
PAP 4.0-->"C:\Program Files\PAP40\unins000.exe"
PAP project files-->c:\pap_projects\unins000.exe
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Run It-->"C:\Program Files\runit\runitu_32.exe"
RUNAWAY - A road adventure-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0816004-8FFF-40D5-9699-23A14BAF07A4}\setup.exe"
RUNAWAY - The dream of the turtle-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C16547A-D666-4971-B37E-D0B2FEC828D8}\setup.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Windows Live installer-->MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F}
Windows Live Messenger-->MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {3D24EE33-20D9-44A8-BFEE-5EEBC812E715}
Windows Live Toolbar-->MsiExec.exe /X{3D24EE33-20D9-44A8-BFEE-5EEBC812E715}
Windows Live Toolbarin laajennus (Windows Live Toolbar)-->MsiExec.exe /X{E3D1082C-6A34-46BC-88AD-2775C8035FB5}
Windows Liven kirjautumisavustaja-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}

=====HijackThis Backups=====

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norman Virus Control ver. 5.99
AS: Windows Defender

System event log

Computer Name: Auri-PC
Event Code: 7036
Message: Palvelu Ongelmien raportit ja ratkaisut -ohjauspaneelin tuki on tilassa käynnissä.
Record Number: 95111
Source Name: Service Control Manager
Time Written: 20090110130717.000000-000
Event Type: Tietoja
User:

Computer Name: Auri-PC
Event Code: 7036
Message: Palvelu Ongelmien raportit ja ratkaisut -ohjauspaneelin tuki on tilassa pysäytetty.
Record Number: 95112
Source Name: Service Control Manager
Time Written: 20090110130736.000000-000
Event Type: Tietoja
User:

Computer Name: Auri-PC
Event Code: 7036
Message: Palvelu WinHTTP WWW -välityspalvelimen automaattinen etsintäpalvelu on tilassa pysäytetty.
Record Number: 95113
Source Name: Service Control Manager
Time Written: 20090110132324.000000-000
Event Type: Tietoja
User:

Computer Name: Auri-PC
Event Code: 7036
Message: Palvelu WinHTTP WWW -välityspalvelimen automaattinen etsintäpalvelu on tilassa käynnissä.
Record Number: 95114
Source Name: Service Control Manager
Time Written: 20090110145508.000000-000
Event Type: Tietoja
User:

Computer Name: Auri-PC
Event Code: 7036
Message: Palvelu WinHTTP WWW -välityspalvelimen automaattinen etsintäpalvelu on tilassa pysäytetty.
Record Number: 95115
Source Name: Service Control Manager
Time Written: 20090110151138.000000-000
Event Type: Tietoja
User:

Application event log

Computer Name: Auri-PC
Event Code: 102
Message: InputPersonalization (3808) InkStore: The database engine (6.00.6000.0000) started a new instance (0).
Record Number: 14585
Source Name: ESENT
Time Written: 20090110095620.000000-000
Event Type: Tietoja
User:

Computer Name: Auri-PC
Event Code: 1000
Message: Viallinen sovellus iexplore.exe, versio 7.0.6000.16764, aikaleima 0x48f6a2ed, virhemoduuli qfhmidsgszwwva.dll_unloaded, versio 0.0.0.0, aikaleima 0x4947d781, poikkeuskoodi 0xc0000005, virhepoikkeama 0x0402b0ae, prosessin tunnus 0x1620, sovelluksen käynnistysaika 0x01c9732448d26270.
Record Number: 14586
Source Name: Application Error
Time Written: 20090110130651.000000-000
Event Type: Virhe
User:

Computer Name: Auri-PC
Event Code: 1000
Message: Viallinen sovellus iexplore.exe, versio 7.0.6000.16764, aikaleima 0x48f6a2ed, virhemoduuli qfhmidsgszwwva.dll_unloaded, versio 0.0.0.0, aikaleima 0x4947d781, poikkeuskoodi 0xc0000005, virhepoikkeama 0x04ceb0ae, prosessin tunnus 0x1518, sovelluksen käynnistysaika 0x01c9732445f16290.
Record Number: 14587
Source Name: Application Error
Time Written: 20090110130651.000000-000
Event Type: Virhe
User:

Computer Name: Auri-PC
Event Code: 1001
Message: Vikasäiliö 386350582, tyyppi 5
Tapahtuman nimi: WERCWEvent
Vastaus: Ei mitään
Cab Id: 0

Ongelman allekirjoitus:
P1: iexplore.exe
P2: 7.0.6000.16764
P3: 48f6a2ed
P4: 26
P5:
P6:
P7:
P8:
P9:
P10:

Liitetyt tiedostot:

Tiedostot voivat olla käytettävissä kohteessa:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report11117062
Record Number: 14588
Source Name: Windows Error Reporting
Time Written: 20090110130657.000000-000
Event Type: Tietoja
User:

Computer Name: Auri-PC
Event Code: 1001
Message: Vikasäiliö 1093830511, tyyppi 1
Tapahtuman nimi: APPCRASH
Vastaus: http://oca.microsoft.com/resredir.aspx? ... 1093830511
Cab Id: 0

Ongelman allekirjoitus:
P1: iexplore.exe
P2: 7.0.6000.16764
P3: 48f6a2ed
P4: qfhmidsgszwwva.dll_unloaded
P5: 0.0.0.0
P6: 4947d781
P7: c0000005
P8: 04ceb0ae
P9:
P10:

Liitetyt tiedostot:
C:\Users\Auri\AppData\Local\Temp\WER59F5.tmp.version.txt

Tiedostot voivat olla käytettävissä kohteessa:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report1011adfd
Record Number: 14589
Source Name: Windows Error Reporting
Time Written: 20090110130713.000000-000
Event Type: Tietoja
User:

Security event log

Computer Name: Auri-PC
Event Code: 4624
Message: Tilille kirjauduttiin.

Aihe:
Suojaustunnus: S-1-5-18
Tilin nimi: AURI-PC$
Tilin toimialue: WORKGROUP
Kirjautumistunnus: 0x3e7

Kirjautumistyyppi: 7

Uudet kirjautumistiedot:
Suojaustunnus: S-1-5-21-714258529-3474847341-3032381344-1000
Tilin nimi: Auri
Tilin toimialue: Auri-PC
Kirjautumistunnus: 0x52c58c
Kirjautumis-GUID: {00000000-0000-0000-0000-000000000000}

Prosessin tiedot:
Prosessitunnus: 0x294
Prosessin nimi: C:\Windows\System32\winlogon.exe

Verkkotiedot:
Työaseman nimi: AURI-PC
Lähdeverkko-osoite: 127.0.0.1
Lähdeportti: 0

Yksityiskohtaiset todennustiedot:
Kirjausprosessi: User32
Todennuspaketti: Negotiate
Siirretyt palvelut: -
Paketin nimi (vain NTLM): -
Avaimen pituus: 0

Tämä tapahtuma luodaan, kun kirjausistunto muodostetaan. Tapahtuma luodaan käytön kohteena olevaan tietokoneeseen.

Aihekentät ilmaisevat paikallisjärjestelmän tilin, joka pyysi lupaa kirjautua sisään. Kyseessä on yleensä palvelu, kuten palvelinpalvelu, tai paikallinen prosessi, kuten Winlogon.exe tai Services.exe.

Kirjautumistyyppi-kenttä ilmaisee tapahtuneen kirjautumisen tyypin. Yleisimmät tyypit ovat 2 (vuorovaikutteinen) ja 3 (verkko).

Uudet kirjautumistiedot -kentät ilmaisevat tilin, jolle uudet kirjautumistiedot luodaan (tili, joka kirjautui sisään järjestelmään).

Verkkokentät ilmaisevat, mistä etäkirjauspyyntö on peräisin. Työaseman nimi ei ole aina käytettävissä, joten nimikenttä on toisinaan tyhjä.

Todennustietokentät sisältävät yksityiskohtaisia tietoja tästä nimenomaisesta kirjauspyynnöstä.
- Kirjautumis-GUID on yksilöllinen tunnus, jonka avulla tämän tapahtuman voi yhdistää KDC-tapahtumaan.
- Siirretyt palvelut -kenttä ilmaisee, mitkä väliaikaispalvelut ovat osallistuneet tähän kirjauspyyntöön.
- Paketin nimi ilmaisee, mitä aliprotokollaa on käytetty NTLM-protokollien joukossa.
- Avaimen pituus ilmaisee luodun istuntoavaimen pituuden. Tämä arvo on 0, jos istuntoavainta ei ole pyydetty.
Record Number: 32005
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110121020.317200-000
Event Type: Onnistunut valvonta
User:

Computer Name: Auri-PC
Event Code: 4624
Message: Tilille kirjauduttiin.

Aihe:
Suojaustunnus: S-1-5-18
Tilin nimi: AURI-PC$
Tilin toimialue: WORKGROUP
Kirjautumistunnus: 0x3e7

Kirjautumistyyppi: 7

Uudet kirjautumistiedot:
Suojaustunnus: S-1-5-21-714258529-3474847341-3032381344-1000
Tilin nimi: Auri
Tilin toimialue: Auri-PC
Kirjautumistunnus: 0x52c5ae
Kirjautumis-GUID: {00000000-0000-0000-0000-000000000000}

Prosessin tiedot:
Prosessitunnus: 0x294
Prosessin nimi: C:\Windows\System32\winlogon.exe

Verkkotiedot:
Työaseman nimi: AURI-PC
Lähdeverkko-osoite: 127.0.0.1
Lähdeportti: 0

Yksityiskohtaiset todennustiedot:
Kirjausprosessi: User32
Todennuspaketti: Negotiate
Siirretyt palvelut: -
Paketin nimi (vain NTLM): -
Avaimen pituus: 0

Tämä tapahtuma luodaan, kun kirjausistunto muodostetaan. Tapahtuma luodaan käytön kohteena olevaan tietokoneeseen.

Aihekentät ilmaisevat paikallisjärjestelmän tilin, joka pyysi lupaa kirjautua sisään. Kyseessä on yleensä palvelu, kuten palvelinpalvelu, tai paikallinen prosessi, kuten Winlogon.exe tai Services.exe.

Kirjautumistyyppi-kenttä ilmaisee tapahtuneen kirjautumisen tyypin. Yleisimmät tyypit ovat 2 (vuorovaikutteinen) ja 3 (verkko).

Uudet kirjautumistiedot -kentät ilmaisevat tilin, jolle uudet kirjautumistiedot luodaan (tili, joka kirjautui sisään järjestelmään).

Verkkokentät ilmaisevat, mistä etäkirjauspyyntö on peräisin. Työaseman nimi ei ole aina käytettävissä, joten nimikenttä on toisinaan tyhjä.

Todennustietokentät sisältävät yksityiskohtaisia tietoja tästä nimenomaisesta kirjauspyynnöstä.
- Kirjautumis-GUID on yksilöllinen tunnus, jonka avulla tämän tapahtuman voi yhdistää KDC-tapahtumaan.
- Siirretyt palvelut -kenttä ilmaisee, mitkä väliaikaispalvelut ovat osallistuneet tähän kirjauspyyntöön.
- Paketin nimi ilmaisee, mitä aliprotokollaa on käytetty NTLM-protokollien joukossa.
- Avaimen pituus ilmaisee luodun istuntoavaimen pituuden. Tämä arvo on 0, jos istuntoavainta ei ole pyydetty.
Record Number: 32006
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110121020.317200-000
Event Type: Onnistunut valvonta
User:

Computer Name: Auri-PC
Event Code: 4672
Message: Uuteen sisäänkirjaukseen on liitetty erikoisoikeuksia.

Aihe:
Suojaustunnus: S-1-5-21-714258529-3474847341-3032381344-1000
Tilin nimi: Auri
Toimialue: Auri-PC
Kirjautumistunnus: 0x52c58c

Oikeudet: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
Record Number: 32007
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110121020.317200-000
Event Type: Onnistunut valvonta
User:

Computer Name: Auri-PC
Event Code: 4634
Message: Tili kirjattiin ulos.

Aihe:
Suojaustunnus: S-1-5-21-714258529-3474847341-3032381344-1000
Tilin nimi: Auri
Tilin toimialue: Auri-PC
Kirjautumistunnus: 0x52c58c

Kirjautumistyyppi: 7

Tämä tapahtuma luodaan, kun kirjausistunto tuhotaan. Se voi korreloida positiivisesti kirjautumistunnuksen arvoa käyttävän kirjaustapahtuman kanssa. Kirjautumistunnukset ovat yksilöllisiä vain saman tietokoneen uudelleenkäynnistysten välillä.
Record Number: 32008
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110121020.317200-000
Event Type: Onnistunut valvonta
User:

Computer Name: Auri-PC
Event Code: 5032
Message: Windowsin palomuuri ei voinut ilmoittaa käyttäjälle, että se esti sovellusta hyväksymästä saapuvia yhteyksiä verkossa.

Virhekoodi: 2
Record Number: 32009
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110151332.048200-000
Event Type: Valvontavirhe
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%NpmLib%
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801
"NUMBER_OF_PROCESSORS"=2
"NpmLib"=C:\Program Files\Norman\Npm\Bin

-----------------EOF-----------------

[Shaba]

I'd like you to check a file/some files for malware.

• Go to VirusTotal or Jotti's

C:\Windows\system32\qfhmidsgszwwva.dll
C:\Windows\pn8.exe
C:\Windows\hw5305.exe
C:\Windows\ykgee3362.exe
C:\Windows\nohh06760.exe

• Copy/Paste the first file on the list into the white Upload a file box.
• Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
• After a while, a window will open, with details of what the scans found.
• Save the complete results in a Notepad/Word document on your desktop.
• Repeat for all files on the list.
• Post back results, please.

[Tuinen]

File: qfhmidsgszwwva.dll
Status:
POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5: 4d24807b244f1f7f4ec96a7dd9e15557
Packers detected:
-

File: pn8.exe
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 975c76c7241ab47007cc86a23edfee77
Packers detected:
-

File: hw5305.exe
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5: f4148070c4e43fbc3e89609ff24f2398
Packers detected:
-


File: ykgee3362.exe
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5: 57c4903cb73b6f6397eacc92c2b4a3d4
Packers detected:
-

File: nohh06760.exe
Status:
INFECTED/MALWARE
MD5: 94b57cbdbdfb93bb475fc31183f7cd20
Packers detected:
-