Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

alureon.gen!U [Solved]

Started by Darkman66 , Jan 25 2010 09:37 AM

  • This topic is locked This topic is locked

#1
Darkman66
Posted 25 January 2010 - 09:37 AM

Darkman66

    Member

  • Member
  • PipPip
  • 13 posts
Hi,

Running a windows 7 machine, with defender, avast and malwarebytes as protection. Somehow I managed to be infected with alureon.gen!U - and I have tried everything to get it removed. Bootscan with avast, bootscan with malwares - but nothing helps?

Any ideas or suggestion how I could get rid of this nasty piece of code?

Best regards, Joakim - Sweden
  • 0

Advertisements

#2
Rorschach112
Posted 25 January 2010 - 09:44 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    CREATERESTOREPOINT
    %PROGRAMFILES%\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

  • 0

#3
Darkman66
Posted 25 January 2010 - 10:43 AM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Her is the OTL.txt

OTL logfile created on: 2010-01-25 17:20:30 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Joakim Krassman\Desktop\OTL
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279,46 Gb Total Space | 111,61 Gb Free Space | 39,94% Space Free | Partition Type: NTFS
Drive D: | 189,92 Gb Total Space | 12,06 Gb Free Space | 6,35% Space Free | Partition Type: NTFS
Drive E: | 76,68 Gb Total Space | 28,58 Gb Free Space | 37,27% Space Free | Partition Type: NTFS
Drive F: | 34,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOCKE
Current User Name: Joakim Krassman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-01-25 17:14:35 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Joakim Krassman\Desktop\OTL\OTL.exe
PRC - [2010-01-25 07:54:05 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2010-01-12 02:17:34 | 00,856,064 | ---- | M] () -- C:\Users\Joakim Krassman\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2010-01-06 11:21:47 | 00,939,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
PRC - [2009-11-23 15:53:58 | 04,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009-11-23 15:53:58 | 00,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009-11-23 15:53:56 | 04,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009-11-23 15:53:56 | 01,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009-11-20 20:33:00 | 00,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009-11-20 19:17:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009-11-12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009-11-12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009-09-15 11:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-09-15 11:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-09-15 11:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-09-15 11:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-09-15 11:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-08-17 21:54:54 | 12,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009-08-03 06:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 02:17:29 | 00,673,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009-07-14 02:14:50 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009-07-14 02:14:46 | 00,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009-07-14 02:14:42 | 00,181,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009-07-14 02:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009-07-14 02:14:15 | 00,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009-07-01 17:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009-06-05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-03-30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-03-30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009-03-30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2009-03-05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008-11-25 21:59:30 | 00,247,152 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008-10-25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008-07-30 18:04:06 | 00,678,960 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Shadow for ReadyNAS\Shadow.exe
PRC - [2008-07-10 10:49:38 | 40,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\sqlservr.exe
PRC - [2008-07-10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008-07-10 01:22:36 | 00,218,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
PRC - [2008-07-10 01:15:32 | 00,068,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\fdhost.exe
PRC - [2008-07-10 01:15:32 | 00,031,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\fdlauncher.exe
PRC - [2008-07-07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-05-19 11:13:20 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE
PRC - [2008-01-08 08:28:02 | 00,864,256 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2007-12-06 20:03:41 | 00,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2007-12-03 14:21:24 | 00,869,672 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007-07-20 18:32:16 | 00,217,088 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brownie\Brnipmon.exe
PRC - [2006-11-03 12:27:28 | 12,693,504 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe
PRC - [2006-01-12 20:52:32 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010-01-25 17:14:35 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Joakim Krassman\Desktop\OTL\OTL.exe
MOD - [2009-07-14 02:16:16 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009-07-14 02:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-01-25 07:54:05 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010-01-12 02:17:34 | 00,856,064 | ---- | M] () [Auto | Running] -- C:\Users\Joakim Krassman\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009-11-23 15:53:58 | 00,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009-11-23 15:53:56 | 04,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009-11-20 20:33:00 | 00,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009-11-20 19:17:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-11-12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-10-01 18:53:34 | 00,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-09-15 11:56:43 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-09-15 11:56:28 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-09-15 11:54:13 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-09-15 11:49:40 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-09-09 11:13:26 | 00,055,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009-07-14 02:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) PNRP (Peer Name Resolution Protocol)
SRV - [2009-07-14 02:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:31 | 00,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) Tjänsten Windows Process Activation (WAS)
SRV - [2009-07-14 02:15:31 | 00,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009-07-14 02:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 02:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-07-14 02:14:53 | 00,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009-07-14 02:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-06-05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-03-30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009-03-30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009-03-30 02:23:32 | 00,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009-03-30 02:23:24 | 00,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2009-03-13 21:07:19 | 00,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008-11-25 21:59:30 | 00,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008-11-04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-10-25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008-07-10 10:49:38 | 40,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2008-07-10 10:49:34 | 00,369,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\SQLAGENT.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2008-07-10 10:49:34 | 00,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008-07-10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008-07-10 01:22:36 | 00,218,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer100)
SRV - [2008-07-10 01:15:32 | 00,031,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher) SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
SRV - [2008-07-07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-05-19 11:13:20 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (ASTSRV)
SRV - [2007-12-13 19:10:56 | 00,447,784 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-12-06 20:03:41 | 00,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2007-12-03 14:21:24 | 00,869,672 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-08-25 19:54:12 | 00,360,532 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe -- (ACS)
SRV - [2005-11-14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010-01-07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009-11-21 03:34:54 | 11,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-10-05 15:31:50 | 01,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-09-15 11:55:30 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-09-15 11:55:19 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-09-15 11:55:09 | 00,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009-09-15 11:54:30 | 00,052,368 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-09-15 11:54:21 | 00,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-08-28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009-08-27 15:06:32 | 00,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009-07-28 08:11:11 | 00,004,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bbcap.sys -- (bbcap)
DRV - [2009-07-14 02:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 00,142,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:04 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009-07-14 00:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:23 | 00,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009-07-14 00:51:11 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 00:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009-07-14 00:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:12:52 | 00,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009-07-14 00:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:52 | 00,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009-07-13 23:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-07-13 21:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009-05-20 11:54:06 | 00,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009-05-18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009-05-14 13:46:19 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-04-17 02:00:00 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009-04-13 20:11:27 | 00,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)
DRV - [2009-03-30 02:09:28 | 00,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008-11-19 18:22:36 | 00,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008-08-08 13:15:24 | 00,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008-07-10 02:49:14 | 00,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2007-08-09 18:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007-06-28 07:18:10 | 01,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2007-05-09 21:46:48 | 00,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007-05-09 20:51:34 | 00,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-05-09 20:47:00 | 01,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007-02-16 10:12:36 | 00,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006-11-22 06:20:00 | 00,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2006-11-02 00:50:52 | 00,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005-09-23 22:18:32 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://127.0.0.1/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://127.0.0.1/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-16 15:54:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-16 15:54:43 | 00,000,000 | ---D | M]

[2009-12-31 14:31:51 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\mozilla\Extensions
[2009-12-31 14:31:51 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Joakim Krassman\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010-01-24 17:22:45 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\mozilla\Firefox\Profiles\tetc9dck.default\extensions
[2009-11-06 14:04:40 | 00,000,000 | ---D | M] (Web Developer) -- C:\Users\Joakim Krassman\AppData\Roaming\mozilla\Firefox\Profiles\tetc9dck.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009-11-10 17:18:03 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\mozilla\Firefox\Profiles\tetc9dck.default\extensions\[email protected]
[2009-05-15 10:56:40 | 00,002,399 | ---- | M] () -- C:\Users\Joakim Krassman\AppData\Roaming\Mozilla\FireFox\Profiles\tetc9dck.default\searchplugins\daemon-search.xml
[2010-01-24 17:22:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-12-25 10:29:38 | 00,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2009-12-25 10:29:38 | 00,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2009-12-25 10:29:38 | 00,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2009-12-25 10:29:38 | 00,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2009-12-25 10:29:38 | 00,000,647 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010-01-22 16:17:25 | 00,000,418 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 http://virscan.com
O1 - Hosts: 127.0.0.1 http://virusscan.jotti.org/
O1 - Hosts: 127.0.0.1 virusscan.jotti.org/
O1 - Hosts: 127.0.0.1 www.virusscan.jotti.org/
O1 - Hosts: 127.0.0.1 scanner.novirusthanks.org/
O1 - Hosts: 127.0.0.1 http://scanner.novirusthanks.org/
O1 - Hosts: 127.0.0.1 www.scanner.novirusthanks.org/
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\4.0.295.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Shadow] C:\Program Files\NewTech Infosystems\NTI Shadow for ReadyNAS\Shadow.exe (NewTech Infosystems, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Joakim Krassman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat ()
O4 - Startup: C:\Users\Joakim Krassman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Tillförlitliga platser)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Tillförlitliga platser)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Tillförlitliga platser)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://louk.solidwor...elsStandard.cab (Reg Error: Key error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} file:///C:/Program%20Files/OpenCube/Visual%20Infinite%20Menus/comdlg32.cab (Microsoft Common Dialog Control, version 6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\4.0.295.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Bakgrunder\_MG_6380.jpg
O24 - Desktop BackupWallPaper: C:\Bakgrunder\_MG_6380.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-25 22:57:08 | 00,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{46efdc5b-e625-11de-b263-001d92b491f0}\Shell - "" = AutoRun
O33 - MountPoints2\{46efdc5b-e625-11de-b263-001d92b491f0}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{50a36d97-7b46-11de-911d-8fb01e9154d5}\Shell - "" = AutoRun
O33 - MountPoints2\{50a36d97-7b46-11de-911d-8fb01e9154d5}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{5fbec617-e489-11de-9021-001d92b491f0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fbec617-e489-11de-9021-001d92b491f0}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{6d472dd4-768e-11de-b1ac-e79a0a581b0b}\Shell - "" = AutoRun
O33 - MountPoints2\{6d472dd4-768e-11de-b1ac-e79a0a581b0b}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{84f27a7c-ba54-11de-b7df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{84f27a7c-ba54-11de-b7df-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007-09-18 10:12:56 | 02,453,590 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{fd73749b-e65b-11de-9015-001d92b491f0}\Shell - "" = AutoRun
O33 - MountPoints2\{fd73749b-e65b-11de-9015-001d92b491f0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{fd73749e-e65b-11de-9015-001d92b491f0}\Shell - "" = AutoRun
O33 - MountPoints2\{fd73749e-e65b-11de-9015-001d92b491f0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009-07-14 03:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23DF39AC-0A11-1C54-1A5A-95735E0421E5} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.pDAD - C:\Windows\System32\prodad-codec.dll (proDAD GmbH)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010-01-25 17:14:58 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\OTL
[2010-01-25 11:50:12 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\Irene
[2010-01-23 21:59:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010-01-23 19:05:16 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\Beijer
[2010-01-23 18:37:47 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\Photoshop hörnan
[2010-01-23 18:37:20 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\Henke
[2010-01-23 17:35:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-01-23 17:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-01-22 21:41:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2010-01-22 21:36:14 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Local\Altaro
[2010-01-22 21:35:56 | 00,000,000 | ---D | C] -- C:\ProgramData\OopsBackup
[2010-01-22 16:51:51 | 00,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2010-01-22 00:13:19 | 00,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010-01-22 00:13:19 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010-01-21 21:50:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2010-01-21 21:07:37 | 00,128,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys
[2010-01-20 20:24:41 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\Genie-Soft
[2010-01-20 20:24:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Genie-Soft
[2010-01-16 14:59:38 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010-01-16 14:59:38 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010-01-16 14:59:38 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010-01-16 14:59:37 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010-01-16 14:59:37 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010-01-16 14:59:37 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010-01-16 14:59:37 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010-01-16 14:59:36 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010-01-16 14:59:36 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010-01-16 14:59:36 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010-01-16 14:59:36 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010-01-16 14:59:36 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010-01-16 14:59:36 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010-01-16 14:59:35 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010-01-15 23:11:40 | 11,515,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010-01-15 23:11:40 | 00,076,392 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010-01-15 23:11:40 | 00,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010-01-15 23:11:39 | 14,064,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010-01-15 23:11:39 | 04,147,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll
[2010-01-15 23:11:39 | 00,289,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010-01-15 23:11:38 | 11,381,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010-01-15 23:11:38 | 04,001,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010-01-15 23:11:38 | 02,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010-01-15 23:11:38 | 01,989,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010-01-15 23:11:38 | 00,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod178.dll
[2010-01-15 23:11:38 | 00,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010-01-15 23:01:59 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\BOXEE
[2010-01-15 23:01:42 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010-01-14 19:03:28 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2010-01-14 19:01:34 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Local\TVersity
[2010-01-14 16:50:50 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\Python-Eggs
[2010-01-14 16:50:49 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\.moovida
[2010-01-14 16:41:08 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Documents\My Playlists
[2010-01-14 16:37:26 | 00,000,000 | ---D | C] -- C:\MS-7380 v1.30
[2010-01-14 16:36:08 | 00,000,000 | ---D | C] -- C:\Program Files\MSI
[2010-01-14 16:35:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Team MediaPortal
[2010-01-13 20:17:14 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\XBMC
[2010-01-13 19:59:51 | 00,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010-01-13 19:59:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010-01-13 19:59:43 | 00,000,000 | ---D | C] -- C:\Program Files\XBMC
[2010-01-13 07:19:58 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010-01-13 07:19:58 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010-01-07 20:40:51 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\Kurs - ljuseffekt
[2010-01-07 18:30:16 | 00,000,000 | ---D | C] -- C:\asp2php
[2010-01-06 11:21:46 | 00,000,000 | ---D | C] -- C:\Program Files\Personal
[2010-01-05 23:53:32 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll
[2010-01-05 23:53:32 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
[2010-01-05 23:53:32 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2010-01-04 18:10:13 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\WTablet
[2010-01-04 18:10:11 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\WTouch
[2010-01-03 12:52:21 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\Ridhuset - Mille & Julia
[2010-01-02 15:39:58 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\ALLCapture
[2010-01-01 22:28:07 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Documents\InstantDemo
[2010-01-01 22:28:00 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Local\Instant Demo
[2010-01-01 20:17:55 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Local\TechSmith
[2010-01-01 20:00:26 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Documents\Camtasia Studio
[2010-01-01 19:36:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010-01-01 19:36:30 | 00,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010-01-01 19:36:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010-01-01 19:36:20 | 00,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010-01-01 19:31:27 | 00,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2009-12-31 14:31:50 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\Thunderbird
[2009-12-31 14:31:50 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Local\Thunderbird
[2009-12-31 09:11:26 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\Netviewer
[2009-12-29 00:37:45 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\To Denmark
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Joakim Krassman\Desktop\*.tmp files -> C:\Users\Joakim Krassman\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-01-25 17:18:59 | 00,000,218 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2010-01-25 17:18:51 | 00,000,444 | ---- | M] () -- C:\Windows\Brownie.ini
[2010-01-25 17:18:47 | 00,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-01-25 17:18:42 | 00,000,350 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010-01-25 17:18:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-01-25 17:18:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-01-25 17:18:21 | 00,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
[2010-01-25 17:18:17 | 24,152,59648 | -HS- | M] () -- C:\hiberfil.sys
[2010-01-25 17:17:05 | 09,175,040 | -HS- | M] () -- C:\Users\Joakim Krassman\ntuser.dat
[2010-01-25 17:16:45 | 03,561,207 | -H-- | M] () -- C:\Users\Joakim Krassman\AppData\Local\IconCache.db
[2010-01-25 17:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010-01-25 16:59:01 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-01-25 16:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010-01-25 15:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010-01-25 14:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010-01-25 13:58:26 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010-01-25 13:29:54 | 03,890,758 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\Texter.xlsx
[2010-01-25 13:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010-01-25 12:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010-01-25 11:50:34 | 02,157,564 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-01-25 11:50:34 | 00,933,964 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2010-01-25 11:50:34 | 00,806,848 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-01-25 11:50:34 | 00,231,756 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2010-01-25 11:50:34 | 00,175,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-01-25 11:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010-01-25 10:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010-01-25 09:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010-01-25 08:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010-01-25 07:34:52 | 00,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-01-25 07:34:52 | 00,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-01-24 22:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010-01-24 21:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010-01-24 20:30:59 | 00,014,373 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\Därför är killar emot män i tjejfilmer.docx
[2010-01-24 20:02:40 | 00,000,162 | -H-- | M] () -- C:\Users\Joakim Krassman\Desktop\~$rför är killar emot män i tjejfilmer.docx
[2010-01-24 20:00:01 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010-01-24 19:07:54 | 00,013,722 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\Twilight.docx
[2010-01-24 19:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010-01-24 18:00:01 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010-01-24 00:02:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010-01-23 23:00:01 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010-01-23 21:46:29 | 00,157,143 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\IMG_4210.jpg
[2010-01-23 19:54:24 | 02,969,600 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\Database2.accdb
[2010-01-23 19:52:16 | 05,787,648 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\Projects.accdb
[2010-01-23 19:28:00 | 00,327,680 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\Database1.accdb
[2010-01-23 18:19:22 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010-01-22 16:17:25 | 00,000,418 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-01-22 16:17:24 | 00,000,042 | -HS- | M] () -- C:\Users\Joakim Krassman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat
[2010-01-22 07:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010-01-22 06:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010-01-22 05:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010-01-22 04:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010-01-22 03:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010-01-22 02:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010-01-22 01:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010-01-20 23:06:05 | 60,410,6597 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-01-19 18:21:03 | 00,002,024 | -H-- | M] () -- C:\Users\Joakim Krassman\Documents\Default.rdp
[2010-01-17 21:44:49 | 00,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2010-01-17 21:44:49 | 00,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2010-01-17 21:44:49 | 00,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2010-01-17 21:44:49 | 00,000,073 | ---- | M] () -- C:\Windows\System32\ssprs.dll
[2010-01-17 21:44:49 | 00,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2010-01-14 18:13:46 | 00,161,816 | ---- | M] () -- C:\Users\Joakim Krassman\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-01-14 17:00:18 | 02,515,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-01-14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010-01-11 08:12:38 | 00,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010-01-07 20:42:04 | 27,240,7132 | ---- | M] () -- C:\Users\Joakim Krassman\ljuseffekt.camrec
[2010-01-07 20:38:01 | 00,014,848 | ---- | M] () -- C:\Users\Joakim Krassman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-01-07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-01-06 14:34:00 | 22,684,0576 | ---- | M] () -- C:\Users\Joakim Krassman\verktyg.camrec
[2010-01-06 14:21:11 | 00,010,955 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\Märsta 2010.docx
[2010-01-06 11:21:47 | 00,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
[2010-01-05 23:48:15 | 09,347,995 | ---- | M] () -- C:\Ani_new_big.mp4
[2010-01-05 14:58:00 | 02,416,640 | ---- | M] () -- C:\Users\Joakim Krassman\tst.camrec
[2010-01-03 17:57:15 | 08,741,436 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\test_0.m2ts
[2010-01-03 17:56:14 | 21,692,5680 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\Produce.m2ts
[2010-01-03 11:36:25 | 00,000,088 | ---- | M] () -- C:\Windows\GraphEdt.INI
[2010-01-03 00:43:04 | 00,000,000 | ---- | M] () -- C:\Windows\PhotoNow.INI
[2010-01-01 21:43:21 | 15,679,1422 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\capture-1.avi
[2009-12-29 01:22:10 | 50,864,6912 | ---- | M] () -- C:\sportdykare.bak
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Joakim Krassman\Desktop\*.tmp files -> C:\Users\Joakim Krassman\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-01-25 13:29:29 | 03,890,758 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\Texter.xlsx
[2010-01-25 07:54:08 | 00,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-01-25 07:54:08 | 00,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-01-24 20:02:40 | 00,000,162 | -H-- | C] () -- C:\Users\Joakim Krassman\Desktop\~$rför är killar emot män i tjejfilmer.docx
[2010-01-24 19:25:32 | 00,014,373 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\Därför är killar emot män i tjejfilmer.docx
[2010-01-24 19:07:54 | 00,013,722 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\Twilight.docx
[2010-01-23 21:46:28 | 00,157,143 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\IMG_4210.jpg
[2010-01-23 19:52:16 | 02,969,600 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\Database2.accdb
[2010-01-23 19:49:57 | 05,787,648 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\Projects.accdb
[2010-01-23 19:26:32 | 00,327,680 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\Database1.accdb
[2010-01-23 17:37:10 | 00,000,350 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010-01-22 16:17:24 | 00,000,042 | -HS- | C] () -- C:\Users\Joakim Krassman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat
[2010-01-15 23:11:40 | 00,007,133 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010-01-14 19:07:18 | 00,000,218 | ---- | C] () -- C:\Windows\System32\tversity.cookies
[2010-01-14 19:03:28 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-01-14 19:03:28 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010-01-07 20:38:04 | 27,240,7132 | ---- | C] () -- C:\Users\Joakim Krassman\ljuseffekt.camrec
[2010-01-06 14:33:20 | 22,684,0576 | ---- | C] () -- C:\Users\Joakim Krassman\verktyg.camrec
[2010-01-06 14:10:10 | 00,010,955 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\Märsta 2010.docx
[2010-01-06 11:21:47 | 00,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
[2010-01-05 23:45:54 | 09,347,995 | ---- | C] () -- C:\Ani_new_big.mp4
[2010-01-05 14:52:11 | 00,000,394 | R--- | C] () -- C:\Windows\System\CmiInst.Ini
[2010-01-05 14:52:07 | 00,044,278 | R--- | C] () -- C:\Windows\OEM.bmp
[2010-01-05 14:52:03 | 00,002,238 | R--- | C] () -- C:\Windows\3.ico
[2010-01-05 14:52:03 | 00,002,238 | R--- | C] () -- C:\Windows\2.ico
[2010-01-05 14:52:03 | 00,002,238 | R--- | C] () -- C:\Windows\1.ico
[2010-01-05 14:51:36 | 00,000,722 | R--- | C] () -- C:\Windows\cm108.ini
[2010-01-05 14:51:25 | 00,002,584 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2010-01-04 18:17:42 | 02,416,640 | ---- | C] () -- C:\Users\Joakim Krassman\tst.camrec
[2010-01-03 17:57:06 | 08,741,436 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\test_0.m2ts
[2010-01-03 17:48:59 | 21,692,5680 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\Produce.m2ts
[2010-01-03 11:36:25 | 00,000,088 | ---- | C] () -- C:\Windows\GraphEdt.INI
[2010-01-03 00:43:04 | 00,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2010-01-01 20:00:18 | 15,679,1422 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\capture-1.avi
[2010-01-01 19:40:13 | 00,014,848 | ---- | C] () -- C:\Users\Joakim Krassman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-29 01:22:10 | 50,864,6912 | ---- | C] () -- C:\sportdykare.bak
[2009-11-15 15:01:49 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009-10-12 17:38:12 | 00,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009-10-12 17:38:02 | 00,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2009-10-12 17:38:02 | 00,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009-10-12 17:38:02 | 00,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2009-10-12 17:38:02 | 00,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009-10-12 14:31:17 | 00,000,444 | ---- | C] () -- C:\Windows\Brownie.ini
[2009-10-12 13:23:23 | 00,000,014 | ---- | C] () -- C:\Users\Joakim Krassman\AppData\Roaming\iniasd.txt
[2009-08-25 22:09:03 | 00,005,990 | ---- | C] () -- C:\Users\Joakim Krassman\AppData\Roaming\ReplayMusicLog.log
[2009-08-20 21:56:50 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009-08-20 21:56:50 | 00,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009-08-20 21:56:50 | 00,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009-08-20 21:56:50 | 00,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009-08-20 21:56:50 | 00,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009-08-20 21:56:49 | 00,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009-08-17 12:47:19 | 00,007,420 | ---- | C] () -- C:\Windows\UA000106.DLL
[2009-07-31 18:59:18 | 00,000,040 | ---- | C] () -- C:\Windows\iltwain.ini
[2009-07-28 18:21:40 | 00,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2009-07-14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-07-11 13:22:21 | 00,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009-07-11 13:22:21 | 00,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009-06-10 22:19:56 | 00,142,416 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys
[2009-04-13 20:11:19 | 00,110,592 | ---- | C] () -- C:\Windows\System32\suppdll.dll
[2009-04-13 20:11:19 | 00,035,363 | ---- | C] () -- C:\Windows\System32\windrvNT.sys
[2009-04-13 20:10:15 | 00,000,343 | ---- | C] () -- C:\Windows\start.ini
[2009-04-13 20:10:09 | 00,000,110 | ---- | C] () -- C:\Windows\kundkort.ini
[2009-03-27 14:34:31 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-03-27 14:34:31 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-03-15 23:46:19 | 00,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009-03-13 21:07:19 | 00,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009-02-24 19:01:25 | 00,000,103 | ---- | C] () -- C:\Windows\BOP.ini
[2009-02-22 17:41:29 | 00,777,728 | ---- | C] () -- C:\Windows\System32\SSLSVC.DLL
[2009-02-22 17:41:29 | 00,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2009-02-22 17:41:29 | 00,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2009-02-22 17:41:29 | 00,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2009-02-22 17:41:28 | 00,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2009-02-22 17:41:28 | 00,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2009-02-22 14:10:48 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008-10-12 20:26:36 | 00,000,081 | ---- | C] () -- C:\Windows\ODA.INI
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008-02-01 08:18:14 | 00,009,216 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys
[2007-05-09 19:35:54 | 00,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2002-08-31 06:00:00 | 00,001,786 | ---- | C] () -- C:\Windows\System32\msisl$.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009-02-20 16:23:37 | 00,000,002 | RHS- | M] () -- C:\$drvmig$
[2009-12-06 00:23:20 | 00,000,036 | RHS- | M] () -- C:\.uid_xxx
[2010-01-05 23:48:15 | 09,347,995 | ---- | M] () -- C:\Ani_new_big.mp4
[2009-06-10 22:42:20 | 00,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-07-14 02:38:58 | 00,383,562 | RHS- | M] () -- C:\bootmgr
[2009-10-24 20:31:59 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009-06-10 22:42:20 | 00,000,010 | ---- | M] () -- C:\config.sys
[2008-06-28 06:58:10 | 00,000,107 | -H-- | M] () -- C:\desktop.ini
[2008-04-07 16:41:44 | 00,820,767 | -H-- | M] () -- C:\folderbg.jpg
[2008-04-14 19:51:46 | 00,171,136 | RHS- | M] () -- C:\grldr
[2010-01-25 17:18:17 | 24,152,59648 | -HS- | M] () -- C:\hiberfil.sys
[2009-11-06 07:21:38 | 00,000,038 | ---- | M] () -- C:\hook.log
[2008-06-13 13:43:15 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008-06-13 13:43:15 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-01-25 17:18:33 | 32,203,48928 | -HS- | M] () -- C:\pagefile.sys
[2010-01-25 13:58:26 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009-08-23 00:49:30 | 17,070,4948 | ---- | M] () -- C:\Sequence 01_Wmv.wmv
[2009-12-29 01:22:10 | 50,864,6912 | ---- | M] () -- C:\sportdykare.bak
[2009-10-28 01:22:00 | 12,593,9707 | ---- | M] () -- C:\sportdykare.zip
[2008-10-13 22:07:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008-10-28 13:15:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008-10-28 22:21:50 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008-10-29 15:47:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008-11-12 20:03:00 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008-12-17 03:10:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008-12-17 07:10:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008-12-17 13:55:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009-01-01 09:43:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009-01-01 17:00:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009-01-16 16:35:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009-01-16 23:29:06 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009-01-31 20:30:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008-10-13 22:07:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008-10-28 13:15:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008-10-28 22:21:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008-10-29 15:47:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008-11-12 20:03:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008-12-17 03:10:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008-12-17 07:10:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008-12-17 13:55:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009-01-01 09:43:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009-01-01 17:00:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009-01-16 16:35:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009-01-16 23:29:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009-01-31 20:30:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009-09-15 18:31:18 | 03,370,536 | ---- | M] () -- C:\tuff_divx.wmv
[2009-10-24 13:29:35 | 00,171,136 | RHS- | M] () -- C:\w7ldr


< MD5 for: AGP440.SYS >
[2009-07-14 02:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-14 02:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009-07-14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007-05-17 21:34:04 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009-07-14 02:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009-07-14 02:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-14 02:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009-07-14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRD32.SYS >
[2008-01-25 19:02:04 | 00,132,128 | ---- | M] (NVIDIA Corporation) MD5=0D15327134E5871C922760ACD7449E84 -- C:\NVIDIA\nForceWinVista\15.17\IS\IDE\WinVista\sataraid\nvrd32.sys
[2007-07-02 16:37:00 | 00,131,616 | ---- | M] (NVIDIA Corporation) MD5=ED399014A8029DE02BA5AE01DA8CC9EE -- C:\NVIDIA\nForceWinVista\15.08\IDE\WinVista\sataraid\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2009-07-14 02:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-14 02:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2009-07-14 02:20:44 | 00,142,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007-07-02 16:37:00 | 00,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\NVIDIA\nForceWinVista\15.08\IDE\WinVista\sataraid\nvstor32.sys
[2008-01-25 19:02:04 | 00,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\NVIDIA\nForceWinVista\15.17\IS\IDE\WinVista\sataraid\nvstor32.sys
[2007-07-02 16:37:00 | 00,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\NVIDIA\nForceWinVista\15.08\IDE\WinVista\sata_ide\nvstor32.sys
[2007-08-09 18:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\nvstor32.sys
[2007-08-09 18:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007-08-09 18:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_1dfd6f8c0556ba62\nvstor32.sys
[2008-01-25 19:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\NVIDIA\nForceWinVista\15.17\IS\IDE\WinVista\sata_ide\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2009-07-14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009-07-14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-07-14 02:15:13 | 00,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009-07-14 02:15:13 | 00,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\*. >
[2009-10-24 10:39:47 | 00,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 9.0
[2009-10-24 10:43:23 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009-10-24 10:43:23 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009-10-24 10:43:24 | 00,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009-10-24 10:43:24 | 00,000,000 | ---D | M] -- C:\Program Files\Alien Skin
[2009-10-24 10:43:24 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009-10-24 10:43:25 | 00,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
[2009-10-24 10:43:26 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010-01-05 23:54:15 | 00,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009-09-27 09:46:42 | 00,000,000 | ---D | M] -- C:\Program Files\Bamboo Dock
[2009-10-24 10:43:28 | 00,000,000 | ---D | M] -- C:\Program Files\Beijer OP
[2009-10-24 10:43:29 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009-10-24 10:43:32 | 00,000,000 | ---D | M] -- C:\Program Files\Boris FX, Inc
[2009-10-24 10:43:42 | 00,000,000 | ---D | M] -- C:\Program Files\Bradbury
[2009-10-24 10:43:43 | 00,000,000 | ---D | M] -- C:\Program Files\Brother
[2010-01-22 18:05:09 | 00,000,000 | ---D | M] -- C:\Program Files\Brownie
[2010-01-01 19:32:42 | 00,000,000 | ---D | M] -- C:\Program Files\CamStudio
[2009-10-24 10:43:43 | 00,000,000 | ---D | M] -- C:\Program Files\CodeGear
[2010-01-23 16:55:42 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009-10-24 10:50:08 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009-10-24 10:50:08 | 00,000,000 | ---D | M] -- C:\Program Files\D-Link
[2009-10-24 10:50:08 | 00,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009-10-24 10:50:09 | 00,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2009-11-06 15:10:49 | 00,000,000 | ---D | M] -- C:\Program Files\Dimac
[2009-10-24 17:50:15 | 00,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2009-11-06 07:21:19 | 00,000,000 | ---D | M] -- C:\Program Files\Folder Lock
[2009-10-24 10:50:13 | 00,000,000 | ---D | M] -- C:\Program Files\GlobalSCAPE
[2010-01-25 07:54:39 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009-10-24 10:50:21 | 00,000,000 | ---D | M] -- C:\Program Files\Graphisoft
[2009-10-24 10:50:57 | 00,000,000 | ---D | M] -- C:\Program Files\Helicon
[2009-10-24 10:50:57 | 00,000,000 | ---D | M] -- C:\Program Files\IIS
[2009-10-24 10:50:58 | 00,000,000 | ---D | M] -- C:\Program Files\Imagenomic
[2009-10-24 10:51:02 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010-01-22 03:15:39 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010-01-10 10:05:22 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009-10-24 10:51:02 | 00,000,000 | ---D | M] -- C:\Program Files\ISAPI REWRITE
[2010-01-10 10:05:49 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009-10-24 10:51:21 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009-10-24 10:51:25 | 00,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009-10-24 10:51:25 | 00,000,000 | ---D | M] -- C:\Program Files\Kerio
[2009-10-24 10:51:25 | 00,000,000 | ---D | M] -- C:\Program Files\LakeOfSoft
[2009-10-24 10:51:25 | 00,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010-01-23 13:36:59 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-11-23 19:02:53 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009-10-24 10:51:41 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2009-10-24 10:51:41 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009-10-24 10:51:41 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Expression
[2009-10-24 17:41:07 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010-01-25 17:40:47 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009-10-24 10:52:07 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010-01-20 15:53:42 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009-10-24 10:52:33 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009-10-24 10:52:34 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009-10-24 10:52:35 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009-10-24 10:52:35 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009-10-24 10:53:41 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009-10-24 10:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009-10-24 10:53:47 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009-10-24 10:53:47 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010-01-25 16:19:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009-10-24 10:53:49 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009-10-24 10:53:49 | 00,000,000 | ---D | M] -- C:\Program Files\MSECACHE
[2010-01-14 16:36:08 | 00,000,000 | ---D | M] -- C:\Program Files\MSI
[2009-12-10 23:20:15 | 00,000,000 | ---D | M] -- C:\Program Files\MSSOAP
[2009-07-12 10:12:25 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009-10-24 10:53:49 | 00,000,000 | ---D | M] -- C:\Program Files\Nero
[2009-12-08 18:58:45 | 00,000,000 | ---D | M] -- C:\Program Files\NETGEAR ReadyNAS
[2009-12-04 17:55:23 | 00,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
[2009-08-07 06:24:09 | 00,000,000 | ---D | M] -- C:\Program Files\NOS
[2010-01-15 23:12:37 | 00,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009-07-20 07:15:35 | 00,000,000 | ---D | M] -- C:\Program Files\Participatory Culture Foundation
[2009-12-30 14:55:49 | 00,000,000 | ---D | M] -- C:\Program Files\Persits Software
[2010-01-06 11:21:47 | 00,000,000 | ---D | M] -- C:\Program Files\Personal
[2009-10-24 10:54:08 | 00,000,000 | ---D | M] -- C:\Program Files\PhotohomeDesigner
[2009-10-24 10:54:09 | 00,000,000 | ---D | M] -- C:\Program Files\PhotomatixPro3
[2009-10-24 10:54:09 | 00,000,000 | ---D | M] -- C:\Program Files\PHP
[2009-10-24 10:54:09 | 00,000,000 | ---D | M] -- C:\Program Files\Pinnacle
[2009-10-24 11:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\proDAD
[2009-10-24 11:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\PTGui
[2010-01-10 10:03:50 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009-07-14 05:52:30 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009-09-16 06:11:22 | 00,000,000 | ---D | M] -- C:\Program Files\Replay Music 3
[2010-01-10 10:01:15 | 00,000,000 | ---D | M] -- C:\Program Files\Safari
[2010-01-22 16:58:54 | 00,000,000 | ---D | M] -- C:\Program Files\SendBlaster
[2009-10-24 11:03:15 | 00,000,000 | ---D | M] -- C:\Program Files\Sitecamp AB
[2009-10-24 11:03:24 | 00,000,000 | ---D | M] -- C:\Program Files\SourceTec
[2009-10-24 11:03:24 | 00,000,000 | ---D | M] -- C:\Program Files\SPCS
[2009-10-24 11:03:25 | 00,000,000 | ---D | M] -- C:\Program Files\Spotify
[2010-01-23 17:42:38 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009-10-24 11:03:25 | 00,000,000 | ---D | M] -- C:\Program Files\SWF Decompiler Premium
[2010-01-04 17:56:48 | 00,000,000 | ---D | M] -- C:\Program Files\Tablet
[2009-12-22 19:10:40 | 00,000,000 | ---D | M] -- C:\Program Files\TabletPlugins
[2010-01-01 19:36:20 | 00,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2009-10-24 11:03:28 | 00,000,000 | ---D | M] -- C:\Program Files\Tele2 Mobile Partner
[2009-07-14 05:53:23 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009-10-24 11:03:28 | 00,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009-11-05 17:58:10 | 00,000,000 | ---D | M] -- C:\Program Files\WebSupergoo
[2009-10-24 11:03:29 | 00,000,000 | ---D | M] -- C:\Program Files\WIBU-SYSTEMS
[2009-10-24 11:03:29 | 00,000,000 | ---D | M] -- C:\Program Files\WIBUKEY
[2009-10-24 11:03:37 | 00,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009-10-24 11:03:37 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009-10-24 11:03:37 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009-10-24 17:50:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009-10-24 11:03:37 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2009-10-24 11:03:37 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009-10-24 11:03:38 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010-01-23 22:01:27 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009-11-23 19:02:40 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009-10-24 11:03:38 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009-10-24 11:03:38 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2009-10-24 14:10:55 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009-07-14 05:52:30 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009-10-24 11:03:38 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009-10-24 17:50:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009-07-14 05:52:32 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009-10-24 11:03:38 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009-10-24 11:03:38 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009-10-24 11:03:39 | 00,000,000 | ---D | M] -- C:\Program Files\Wowza Media Systems
[2010-01-04 17:56:58 | 00,000,000 | ---D | M] -- C:\Program Files\WTouch
[2010-01-23 22:50:43 | 00,000,000 | ---D | M] -- C:\Program Files\XBMC
[2009-10-24 11:03:39 | 00,000,000 | ---D | M] -- C:\Program Files\Xvid

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-22 02:00:32

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DCD39382

< End of report >
  • 0

#4
Darkman66
Posted 25 January 2010 - 10:44 AM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the extras.txt

OTL Extras logfile created on: 2010-01-25 17:20:30 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Joakim Krassman\Desktop\OTL
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279,46 Gb Total Space | 111,61 Gb Free Space | 39,94% Space Free | Partition Type: NTFS
Drive D: | 189,92 Gb Total Space | 12,06 Gb Free Space | 6,35% Space Free | Partition Type: NTFS
Drive E: | 76,68 Gb Total Space | 28,58 Gb Free Space | 37,27% Space Free | Partition Type: NTFS
Drive F: | 34,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOCKE
Current User Name: Joakim Krassman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" File not found
Directory [TVersity] -- "C:\Users\Joakim Krassman\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{019D7B6B-1123-40E5-AD82-73DC6FE78B30}" = NTI Shadow for ReadyNAS
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A7EA72-0F00-4D53-A81C-A5D925711141}" = Microsoft SQL Server 2008 Full text search
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F724E45-EE83-4D51-B76C-0CB296B0D55E}" = Brother HL-2170W
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2BF67B4B-7C5E-4045-8766-BB44838DC61A}" = Microsoft SQL Server 2008 Management Objects
"{2C77E9E2-D98B-4090-A28B-25966755B4BF}" = Microsoft URL Rewrite Module 2 for IIS 7
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3431A7A3-6287-46B0-8AF1-BE2452A1FE62}" = Microsoft SQL Server 2008 Books Online (English)
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F34A1C-65A2-4163-98CE-A0D0646CABEF}" = Microsoft SQL Server 2008 Integration Services
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A13289B-7B2D-47ED-AB28-CA2713057163}" = Microsoft Expression Web 3 SuperPreview for Internet Explorer
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4BC14A37-586A-4AB3-A458-874AAE29337C}" = Adobe Setup
"{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}" = Microsoft SQL Server 2008 Client Tools
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FCCD531-1B38-4A94-924C-127F722F1053}" = Nero 8
"{60D46DEE-5221-47AA-B978-BA25C5D9F560}" = Microsoft SQL Server 2008 Client Tools
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68DA59F1-C713-42A8-9BC1-A4EE4D147DAC}" = Helicon ISAPI_Rewrite 3 Lite
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = D-Link RangeBooster N 650 DWA-547
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}" = Noiseware Professional Plug-in
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63887A-1AC4-42D9-BB41-F39FE3EB3FF2}" = BeijerOP
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D669429-A2E4-4793-B7A0-283D259F39AF}" = Adobe Photoshop Lightroom 2.5
"{9F8FDE1A-FA91-43F2-887B-CF080156D57E}" = Adobe Setup
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEB03FAF-90EB-4B4F-BA32-9C4DDE2C9804}" = Microsoft SQL Server 2008 Integration Services
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B7031148-C6E7-40F6-A978-EED2E77E7D1B}" = RAD Studio
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB7049D6-9EF3-4311-8281-A9EDBC9478CB}" = Visma Bokföring
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3C9780F-6BC4-425D-9634-6819C9619835}" = ABCpdf .NET 7.0
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D7B96D96-D9F4-40B7-B913-3D50BDD87C6F}" = Suite Shared Configuration CS4
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E21523F4-FA6E-4676-A1AA-2AF0AE5C3989}" = w3 JMail Free Version
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E69974C9-ECDC-4B02-97EB-FB1CE638CECB}" = Web Deployment Tool
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC68232E-C74E-4F1A-B296-DFD2E1944E10}" = Adobe Setup
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB36203-5D80-4D03-9A84-673580CAF5A7}" = Adobe Photoshop Lightroom 3 Beta
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"001FFFFFFF12FF00FF2201F04F02F000-R1" = ArchiCAD 12 SWE
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0.8 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_0b36ff97a89684768f1da4defc9f237" = Adobe Encore CS4 Codecs
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_5eba9bbdf1514a06b1a4c79a2920188" = Adobe Media Encoder CS4 Exporter
"Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_7774cb1e022c49962995a9014500066" = Adobe Media Encoder CS4 Importer
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AspJpeg" = AspJpeg
"AspUpload" = AspUpload
"avast!" = avast! Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Eye Candy 4000" = Eye Candy 4000
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Google Chrome Frame" = Google Chrome Frame
"ImagenomicNoisewareProPlugin" = Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.1 Plug-in (build 2105)
"ImagenomicRealGrainPlugin" = Imagenomic RealGrain 1.1 Plug-in (build 1103)
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Standard)
"Lön Light" = Lön Light
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaPortal" = MediaPortal
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Bamboo
"Personal" = BankID säkerhetsprogram 4.10.4
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2.2
"RAD Studio" = RAD Studio
"RAIDar 4.1.3" = RAIDar 4.1.3
"Rave Reports 7.5.2 BE_is1" = Rave Reports 7.5.2 BE
"Spotify" = Spotify
"SuperPreviewIE_3.0.1776.0" = Microsoft Expression Web 3 SuperPreview for Internet Explorer
"Tele2 Mobile Partner" = Tele2 Mobile Partner
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Folder Lock" = Folder Lock
"uTorrent" = µTorrent
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2010-01-10 07:30:15 | Computer Name = JOCKE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\READYNAS\backup\Utveckling webbar\Webbar\Osbygg 1.0\Images\bigger\Thumbs.db failed,
00000040.

Error - 2010-01-10 07:32:06 | Computer Name = JOCKE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\READYNAS\backup\Utveckling webbar\Webbar\Osbygg 1.0\Images\reference\uppsala\IMG_3928.jpg
failed, 00000040.

Error - 2010-01-10 07:32:14 | Computer Name = JOCKE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\READYNAS\backup\Utveckling webbar\Webbar\Osbygg 1.0\Images\reference\uppsala\IMG_8735.jpg
failed, 00000040.

Error - 2010-01-10 07:38:02 | Computer Name = JOCKE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\READYNAS\backup\Utveckling webbar\Webbar\Portfolio\Upload\1\IMG_4755.jpg failed,
00000040.

Error - 2010-01-10 07:38:42 | Computer Name = JOCKE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\READYNAS\backup\Utveckling webbar\Webbar\Portfolio\Upload\1\IMG_7846.jpg failed,
00000040.

Error - 2010-01-10 07:50:01 | Computer Name = JOCKE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\READYNAS\backup\Utveckling webbar\Webbar\Portfolio\users\js\cb.js failed, 00000040.


Error - 2010-01-13 02:17:33 | Computer Name = JOCKE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\READYNAS\backup\Utveckling webbar\Webbar\3M\AdminScripts\stopweb.vbs failed,
00000006.

Error - 2010-01-17 11:47:21 | Computer Name = JOCKE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\Webbar\Sportdykare 3.0\js\jquery-1.3.2.min.js failed, 0000045D.

Error - 2010-01-19 10:02:53 | Computer Name = JOCKE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\READYNAS\backup\Utveckling webbar\Webbar\3M\tmp\LiveContent\{E5D5FC32-B124-499C-9424-77836DE850D8}.jpg
failed, 00000040.

Error - 2010-01-22 12:04:06 | Computer Name = JOCKE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\Cursors\aero_busy.ani failed, 00000005.

[ Application Events ]
Error - 2010-01-25 12:19:01 | Computer Name = JOCKE | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 2009-08-05 02:21:47 | Computer Name = JOCKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-08-07 06:11:58 | Computer Name = JOCKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-12-03 12:02:02 | Computer Name = JOCKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-01-23 19:52:03 | Computer Name = JOCKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20671
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-01-24 17:36:18 | Computer Name = JOCKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9218
seconds with 1620 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2010-01-25 02:29:04 | Computer Name = JOCKE | Source = TPM | ID = 393230
Description = Ett oåterkalleligt fel i TPM-maskinvaran har påträffats i drivrutinen
för TPM (Trusted Platform Module). Felet gör det omöjligt att använda TPM-tjänster
(som datakryptering). Om du behöver mer hjälp kontaktar du datortillverkaren.

Error - 2010-01-25 02:29:04 | Computer Name = JOCKE | Source = TPM | ID = 393230
Description = Ett oåterkalleligt fel i TPM-maskinvaran har påträffats i drivrutinen
för TPM (Trusted Platform Module). Felet gör det omöjligt att använda TPM-tjänster
(som datakryptering). Om du behöver mer hjälp kontaktar du datortillverkaren.

Error - 2010-01-25 02:29:04 | Computer Name = JOCKE | Source = TPM | ID = 393230
Description = Ett oåterkalleligt fel i TPM-maskinvaran har påträffats i drivrutinen
för TPM (Trusted Platform Module). Felet gör det omöjligt att använda TPM-tjänster
(som datakryptering). Om du behöver mer hjälp kontaktar du datortillverkaren.

Error - 2010-01-25 02:29:55 | Computer Name = JOCKE | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: sptd

Error - 2010-01-25 12:17:12 | Computer Name = JOCKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten TVersityMediaServer avslutades oväntat. Detta har skett 1
gånger.

Error - 2010-01-25 12:18:03 | Computer Name = JOCKE | Source = sptd | ID = 262148
Description = Ett internt fel uppstod i drivrutinens datastruktur för .

Error - 2010-01-25 12:18:12 | Computer Name = JOCKE | Source = TPM | ID = 393230
Description = Ett oåterkalleligt fel i TPM-maskinvaran har påträffats i drivrutinen
för TPM (Trusted Platform Module). Felet gör det omöjligt att använda TPM-tjänster
(som datakryptering). Om du behöver mer hjälp kontaktar du datortillverkaren.

Error - 2010-01-25 12:18:12 | Computer Name = JOCKE | Source = TPM | ID = 393230
Description = Ett oåterkalleligt fel i TPM-maskinvaran har påträffats i drivrutinen
för TPM (Trusted Platform Module). Felet gör det omöjligt att använda TPM-tjänster
(som datakryptering). Om du behöver mer hjälp kontaktar du datortillverkaren.

Error - 2010-01-25 12:18:12 | Computer Name = JOCKE | Source = TPM | ID = 393230
Description = Ett oåterkalleligt fel i TPM-maskinvaran har påträffats i drivrutinen
för TPM (Trusted Platform Module). Felet gör det omöjligt att använda TPM-tjänster
(som datakryptering). Om du behöver mer hjälp kontaktar du datortillverkaren.

Error - 2010-01-25 12:19:01 | Computer Name = JOCKE | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: sptd


< End of report >
  • 0

#5
Rorschach112
Posted 25 January 2010 - 05:33 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O32 - AutoRun File - [2005-09-25 22:57:08 | 00,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{46efdc5b-e625-11de-b263-001d92b491f0}\Shell - "" = AutoRun
O33 - MountPoints2\{46efdc5b-e625-11de-b263-001d92b491f0}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{50a36d97-7b46-11de-911d-8fb01e9154d5}\Shell - "" = AutoRun
O33 - MountPoints2\{50a36d97-7b46-11de-911d-8fb01e9154d5}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{5fbec617-e489-11de-9021-001d92b491f0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fbec617-e489-11de-9021-001d92b491f0}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{6d472dd4-768e-11de-b1ac-e79a0a581b0b}\Shell - "" = AutoRun
O33 - MountPoints2\{6d472dd4-768e-11de-b1ac-e79a0a581b0b}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{84f27a7c-ba54-11de-b7df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{84f27a7c-ba54-11de-b7df-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007-09-18 10:12:56 | 02,453,590 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{fd73749b-e65b-11de-9015-001d92b491f0}\Shell - "" = AutoRun
O33 - MountPoints2\{fd73749b-e65b-11de-9015-001d92b491f0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{fd73749e-e65b-11de-9015-001d92b491f0}\Shell - "" = AutoRun
O33 - MountPoints2\{fd73749e-e65b-11de-9015-001d92b491f0}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

:Files
C:\Windows\System32\drivers\nvstor.sys|C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys /replace
C:\Windows\tasks\At*.job

:Services

:Reg



:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#6
Darkman66
Posted 26 January 2010 - 08:04 AM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Logg from combofix:

ComboFix 10-01-25.06 - Joakim Krassman 2010-01-26 14:50:54.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.3071.1684 [GMT 1:00]
Körs från: c:\users\Joakim Krassman\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\users\Joakim Krassman\AppData\Roaming\iniasd.txt
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\UA000106.DLL

.
(((((((((((((((((((((((( Filer Skapade från 2009-12-26 till 2010-01-26 ))))))))))))))))))))))))))))))
.

2010-01-26 13:59 . 2010-01-26 13:59 -------- d-----w- c:\users\Joakim Krassman\AppData\Local\temp
2010-01-26 13:59 . 2010-01-26 13:59 -------- d-----w- c:\users\Mille\AppData\Local\temp
2010-01-26 13:59 . 2010-01-26 13:59 -------- d-----w- c:\users\IUSR\AppData\Local\temp
2010-01-26 13:59 . 2010-01-26 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-26 13:44 . 2010-01-26 13:44 -------- d-----w- C:\_OTL
2010-01-23 20:59 . 2010-01-23 21:01 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-23 16:35 . 2010-01-23 16:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-23 16:35 . 2010-01-23 16:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-22 20:41 . 2010-01-23 16:03 -------- d-----w- c:\program files\Common Files\Memeo
2010-01-22 20:36 . 2010-01-22 20:36 -------- d-----w- c:\users\Joakim Krassman\AppData\Local\Altaro
2010-01-22 20:35 . 2010-01-22 20:35 -------- d-----w- c:\programdata\OopsBackup
2010-01-22 15:51 . 2010-01-22 15:51 -------- d-----w- c:\programdata\MemeoCommon
2010-01-22 15:17 . 2010-01-22 15:17 42 --sh--w- c:\users\Joakim Krassman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat
2010-01-21 23:13 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 20:55 . 2010-01-21 20:55 11971209 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{A3EB0090-638B-BAF6-A507-E44BA886A966}-autobackuppro64.exe
2010-01-21 20:55 . 2010-01-21 20:55 11916389 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{999FC874-3EC7-D9D6-32E5-364C305577DA}-autobackuppremium.exe
2010-01-21 20:52 . 2010-01-21 20:52 77824 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{0C1690F4-5478-827E-3911-C5076159F619}-.Download-Server.exe
2010-01-21 20:50 . 2010-01-21 20:53 -------- d-----w- c:\program files\Common Files\eSellerate
2010-01-21 20:49 . 2010-01-21 20:49 77824 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{DCA7C184-5A6C-0C11-3F26-0A7F8159A8FE}-.Download-Server.exe
2010-01-21 20:44 . 2010-01-21 20:44 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-21 20:07 . 2006-11-01 23:50 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2010-01-21 06:31 . 2010-01-21 06:31 -------- d-----w- c:\users\Default\AppData\Roaming\Genie-Soft
2010-01-20 19:24 . 2010-01-21 20:08 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\Genie-Soft
2010-01-20 19:24 . 2010-01-21 20:08 -------- d-----w- c:\programdata\Genie-Soft
2010-01-17 11:53 . 2010-01-17 11:53 2337792 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{B2F1D617-FF72-5880-8060-40597AE89866}-bxflplayer-win32.exe
2010-01-15 22:11 . 2009-11-21 02:34 76392 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-15 22:11 . 2009-11-21 02:34 11515752 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-01-15 22:11 . 2009-11-21 02:34 4147816 ----a-w- c:\windows\system32\nvencodemft.dll
2010-01-15 22:11 . 2009-11-21 02:34 289384 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-01-15 22:11 . 2009-11-21 02:34 14064232 ----a-w- c:\windows\system32\nvoglv32.dll
2010-01-15 22:11 . 2009-11-21 02:34 4001384 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-15 22:11 . 2009-11-21 02:34 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-15 22:11 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-15 22:11 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod178.dll
2010-01-15 22:11 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-15 22:11 . 2009-11-21 02:34 11381352 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-15 22:11 . 2010-01-15 22:11 18845696 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{0E9B75DE-79DD-ED08-E590-54342F9C7114}-BOXEE.exe
2010-01-15 22:01 . 2010-01-15 22:01 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\BOXEE
2010-01-15 22:01 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-14 18:03 . 2007-12-24 12:47 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-14 18:03 . 2007-11-29 11:52 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-01-14 18:01 . 2010-01-14 18:01 -------- d-----w- c:\users\Joakim Krassman\AppData\Local\TVersity
2010-01-14 17:35 . 2010-01-14 17:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-01-14 17:35 . 2010-01-14 17:35 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-01-14 17:34 . 2010-01-14 17:34 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-14 15:51 . 2009-10-02 08:37 61952 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstrmtpsrc.dll
2010-01-14 15:51 . 2009-08-28 13:55 232960 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstresindvd.dll
2010-01-14 15:51 . 2009-08-28 13:54 30720 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstdvdspu.dll
2010-01-14 15:51 . 2009-05-11 14:12 5297152 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstffmpeg.dll
2010-01-14 15:51 . 2009-05-11 10:15 251392 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstfaad.dll
2010-01-14 15:51 . 2009-05-11 10:14 155648 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstdtsdec.dll
2010-01-14 15:51 . 2009-05-11 10:13 32256 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmms.dll
2010-01-14 15:51 . 2009-05-11 10:13 51200 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgsta52dec.dll
2010-01-14 15:51 . 2009-05-11 10:13 90112 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpeg2dec.dll
2010-01-14 15:51 . 2009-05-11 10:11 187392 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmad.dll
2010-01-14 15:51 . 2009-05-11 10:09 42496 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.101-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpegaudioparse.dll
2010-01-14 15:37 . 2010-01-14 15:40 -------- d-----w- C:\MS-7380 v1.30
2010-01-14 15:36 . 2010-01-14 15:36 -------- d-----w- c:\program files\MSI
2010-01-14 15:35 . 2010-01-14 15:35 -------- d-----w- c:\programdata\Team MediaPortal
2010-01-13 19:17 . 2010-01-17 11:37 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\XBMC
2010-01-13 18:59 . 2010-01-23 21:50 -------- d-----w- c:\program files\XBMC
2010-01-13 06:19 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 06:19 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 09:02 . 2010-01-10 09:02 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-10 08:59 . 2010-01-10 08:59 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-01-07 17:30 . 2010-01-08 18:04 -------- d-----w- C:\asp2php
2010-01-06 10:21 . 2010-01-06 10:21 -------- d-----w- c:\program files\Personal
2010-01-05 22:53 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-05 22:53 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-05 22:53 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-04 17:10 . 2010-01-26 13:47 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\WTablet
2010-01-04 17:10 . 2010-01-04 17:10 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\WTouch
2010-01-02 14:39 . 2010-01-02 14:41 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\ALLCapture
2010-01-01 21:28 . 2010-01-01 21:37 -------- d-----w- c:\users\Joakim Krassman\AppData\Local\Instant Demo
2010-01-01 19:17 . 2010-01-01 19:17 -------- d-----w- c:\users\Joakim Krassman\AppData\Local\TechSmith
2010-01-01 18:36 . 2010-01-04 06:20 -------- d-----w- c:\windows\system32\QuickTime
2010-01-01 18:36 . 2010-01-01 18:36 -------- d-----w- c:\programdata\TechSmith
2010-01-01 18:36 . 2010-01-01 18:36 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-01-01 18:36 . 2010-01-01 18:36 -------- d-----w- c:\program files\TechSmith
2010-01-01 18:31 . 2010-01-01 18:32 -------- d-----w- c:\program files\CamStudio
2009-12-31 13:31 . 2010-01-01 20:22 -------- d-----w- c:\users\Joakim Krassman\AppData\Local\Thunderbird
2009-12-31 13:31 . 2009-12-31 13:31 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\Thunderbird
2009-12-31 08:11 . 2009-12-31 08:11 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\Netviewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 13:47 . 2009-02-20 23:12 -------- d-----w- c:\programdata\NVIDIA
2010-01-26 13:44 . 2009-02-21 07:57 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\uTorrent
2010-01-26 10:46 . 2009-10-07 14:14 933964 ----a-w- c:\windows\system32\perfh01D.dat
2010-01-26 10:46 . 2009-10-07 14:14 231756 ----a-w- c:\windows\system32\perfc01D.dat
2010-01-25 20:41 . 2009-04-13 19:11 -------- d-----w- c:\program files\Folder Lock
2010-01-25 06:54 . 2009-03-14 11:16 -------- d-----w- c:\program files\Google
2010-01-23 23:31 . 2009-08-25 13:41 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\Spotify
2010-01-23 12:36 . 2009-10-21 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 17:05 . 2009-10-12 16:38 -------- d-----w- c:\program files\Brownie
2010-01-22 15:58 . 2009-12-08 19:19 -------- d-----w- c:\program files\SendBlaster
2010-01-21 20:42 . 2009-06-13 18:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-20 14:53 . 2009-07-29 13:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 11:55 . 2010-01-14 15:50 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\Python-Eggs
2010-01-15 22:12 . 2009-10-28 15:39 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-14 17:13 . 2009-10-24 12:35 161816 ----a-w- c:\users\Joakim Krassman\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-14 10:12 . 2009-10-05 05:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 06:32 . 2009-02-21 08:23 -------- d-----w- c:\programdata\Microsoft Help
2010-01-10 09:05 . 2009-02-21 11:20 -------- d-----w- c:\program files\iTunes
2010-01-10 09:05 . 2009-02-21 11:20 -------- d-----w- c:\program files\iPod
2010-01-10 09:03 . 2009-02-21 11:19 -------- d-----w- c:\program files\QuickTime
2010-01-10 09:01 . 2009-09-24 12:53 -------- d-----w- c:\program files\Safari
2010-01-07 15:07 . 2009-10-21 21:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-21 21:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 22:54 . 2009-08-11 13:11 -------- d-----w- c:\program files\AVS4YOU
2010-01-05 22:47 . 2009-08-11 13:12 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\AVS4YOU
2010-01-04 16:56 . 2009-09-25 19:06 -------- d-----w- c:\program files\WTouch
2010-01-04 16:56 . 2009-09-25 19:02 -------- d-----w- c:\program files\Tablet
2010-01-02 17:29 . 2009-07-28 07:15 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\Blueberry
2009-12-30 13:55 . 2009-02-22 17:34 -------- d-----w- c:\program files\Persits Software
2009-12-26 13:01 . 2009-12-26 13:01 -------- d-----w- c:\programdata\Macrium
2009-12-25 17:53 . 2009-12-25 17:53 -------- d-----w- c:\users\Mille\AppData\Roaming\Malwarebytes
2009-12-25 17:53 . 2009-12-25 17:53 -------- d-----w- c:\users\Mille\AppData\Roaming\Nero
2009-12-22 18:10 . 2009-12-22 18:10 -------- d-----w- c:\program files\TabletPlugins
2009-12-18 18:06 . 2009-12-18 18:06 90112 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\DXPlugin.dll
2009-12-18 18:06 . 2009-12-18 18:06 69632 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\SystemInfo.dll
2009-12-18 18:06 . 2009-12-18 18:06 6656 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeDiskfree.dll
2009-12-18 18:06 . 2009-12-18 18:06 61440 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeUnzip.dll
2009-12-18 18:06 . 2009-12-18 18:06 59904 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\zlib1.dll
2009-12-18 18:06 . 2009-12-18 18:06 57344 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\DXT.dll
2009-12-18 18:06 . 2009-12-18 18:06 315392 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl.dll
2009-12-18 18:06 . 2009-12-18 18:06 20480 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl_awt.dll
2009-12-18 18:06 . 2009-12-18 18:06 20480 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\gluegen-rt.dll
2009-12-18 18:06 . 2009-12-18 18:06 155648 ----a-w- c:\users\Joakim Krassman\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeJpegDecoder.dll
2009-12-13 16:19 . 2009-12-13 16:19 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\Microsys
2009-12-10 22:20 . 2009-12-10 22:20 -------- d-----w- c:\program files\MSSOAP
2009-12-09 18:10 . 2009-07-28 08:45 -------- d-----w- c:\program files\Common Files\logishrd
2009-12-09 00:40 . 2009-06-13 18:06 -------- d-----w- c:\users\Joakim Krassman\AppData\Roaming\Winamp
2009-12-09 00:40 . 2009-02-22 17:37 -------- d-----w- c:\programdata\FLEXnet
2009-12-08 17:58 . 2009-12-03 15:36 -------- d-----w- c:\program files\NETGEAR ReadyNAS
2009-12-07 19:29 . 2009-12-07 19:29 -------- d-----w- c:\programdata\REL Software
2009-12-04 16:55 . 2009-12-03 15:44 -------- d-----w- c:\program files\NewTech Infosystems
2009-11-23 14:53 . 2009-09-25 19:02 4497704 ----a-w- c:\windows\system32\Pen_Tablet.exe
2009-11-23 14:53 . 2009-09-25 19:06 245032 ----a-w- c:\windows\system32\Touch_Tablet.dll
2009-11-23 14:53 . 2009-09-25 19:02 416040 ----a-w- c:\windows\system32\Pen_Tablet.dll
2009-11-23 11:16 . 2009-09-25 19:02 284160 ----a-w- c:\windows\system32\Wintab32.dll
2009-11-21 10:06 . 2009-09-24 12:53 213640 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-21 02:34 . 2009-09-27 15:12 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2009-09-27 15:12 1249896 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2009-07-13 22:09 4241000 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-11-21 02:34 . 2009-06-10 21:19 9333352 ----a-w- c:\windows\system32\nvd3dum.dll
2009-11-20 19:33 . 2009-11-20 19:33 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33 . 2009-11-20 19:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33 . 2009-11-20 19:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33 . 2009-11-20 19:33 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-19 20:42 . 2009-02-22 13:25 592488 ----a-w- c:\windows\system32\nvuninst.exe
2009-10-29 07:22 . 2009-12-08 22:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Shadow"="c:\program files\NewTech Infosystems\NTI Shadow for ReadyNAS\Shadow.exe" [2008-07-30 678960]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\users\Joakim Krassman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
kill.bat [2010-1-22 42]
OneNote Table Of Contents.onetoc2 [2009-2-23 3656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID s„kerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2010-1-6 939920]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe [2009-2-22 12693504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-10-21 114768]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [2009-06-22 57344]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-10-21 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-10-21 53328]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 218136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2010-01-23 809296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2009-09-25 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-09-25 113448]
R3 bbcap;bbcap;c:\windows\System32\drivers\bbcap.sys [2009-07-28 4096]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-02-22 721904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-10-21 38224]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2009-09-09 55176]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\System32\drivers\CM108.sys [2007-06-28 1310720]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [2009-09-25 16168]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [2009-03-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 06:54]

2010-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 06:54]

2010-01-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-23 08:42]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://127.0.0.1/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\users\Joakim Krassman\AppData\Roaming\Mozilla\Firefox\Profiles\tetc9dck.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://127.0.0.1/
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Personal\bin\np_prsnl.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICY ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:46,f6,55,92,b9,b9,2e,68,01,57,43,3f,41,43,13,41,f5,a3,a7,ca,a6,
fb,ac,09,c7,1b,9d,71,a4,0b,45,8f,3a,9b,92,90,4b,40,9d,36,2b,bc,d4,40,07,b2,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:46,f6,55,92,b9,b9,2e,68,01,57,43,3f,41,43,13,41,f5,a3,a7,ca,a6,
fb,ac,09,c7,1b,9d,71,a4,0b,45,8f,3a,9b,92,90,4b,40,9d,36,2b,bc,d4,40,07,b2,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2010-01-26 15:02:53
ComboFix-quarantined-files.txt 2010-01-26 14:02

Före genomsökningen: 118 184 153 088 byte ledigt
Efter genomsökningen: 118 092 124 160 byte ledigt

- - End Of File - - 6D14E95BCEA92AA4B31C7ED1725B9DEC
  • 0

#7
Rorschach112
Posted 26 January 2010 - 08:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#8
Darkman66
Posted 26 January 2010 - 08:37 AM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malware looks fine :)

Malwarebytes' Anti-Malware 1.44
Databasversion: 3640
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2010-01-26 15:37:03
mbam-log-2010-01-26 (15-37-03).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 129741
Förfluten tid: 4 minute(s), 37 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)
  • 0

#9
Rorschach112
Posted 26 January 2010 - 08:58 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
cool, lets see kaspersky
  • 0

#10
Darkman66
Posted 27 January 2010 - 12:31 AM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Something was found from kaspersky....

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, January 27, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, January 26, 2010 14:39:30
Records in database: 3373138
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
L:\

Scan statistics:
Objects scanned: 628791
Threats found: 10
Infected objects found: 22
Suspicious objects found: 0
Scan duration: 07:29:26


File name / Threat / Threats count
C:\Program Files\Dimac\w3JMail\jmail.dll Infected: not-a-virus:Client-SMTP.Win32.JMail.45 1
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{0C1690F4-5478-827E-3911-C5076159F619}-.Download-Server.exe Infected: Trojan.Win32.VB.ndy 1
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{999FC874-3EC7-D9D6-32E5-364C305577DA}-autobackuppremium.exe Infected: Trojan.Win32.Chifrax.d 1
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{A3EB0090-638B-BAF6-A507-E44BA886A966}-autobackuppro64.exe Infected: Trojan.Win32.Chifrax.d 1
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{DCA7C184-5A6C-0C11-3F26-0A7F8159A8FE}-.Download-Server.exe Infected: Trojan.Win32.VB.ndy 1
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{0C1690F4-5478-827E-3911-C5076159F619}-.Download-Server.exe Infected: Trojan.Win32.VB.ndy 1
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{999FC874-3EC7-D9D6-32E5-364C305577DA}-autobackuppremium.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{A3EB0090-638B-BAF6-A507-E44BA886A966}-autobackuppro64.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{DCA7C184-5A6C-0C11-3F26-0A7F8159A8FE}-.Download-Server.exe Infected: Trojan.Win32.VB.ndy 1
C:\Users\Joakim Krassman\AppData\Local\Microsoft\Outlook\archive.pst Infected: Trojan.Win32.FraudPack.gen 1
C:\Users\Joakim Krassman\AppData\Local\Microsoft\Outlook\archive.pst Infected: Trojan.Win32.Agent.adyf 1
C:\Users\Joakim Krassman\AppData\Local\Microsoft\Outlook\archive.pst Infected: Worm.Win32.AutoRun.oot 1
C:\Windows\Installer\8f4f8b.msi Infected: not-a-virus:Client-SMTP.Win32.JMail.45 1
D:\Download dump\Brollan.zip Infected: Trojan.Win32.Agent.dfsa 1
D:\Download dump\Windows 7 Activation Patcher.exe Infected: Trojan.Win32.Agent.dfsa 1
D:\Outlook.pst Infected: Trojan.Win32.FraudPack.gen 1
D:\Outlook.pst Infected: Trojan.Win32.Agent.adyf 1
D:\Outlook.pst Infected: Worm.Win32.AutoRun.oot 1
E:\Download\CyberLink PowerDirector Ultra v7.00.1628\CyberLink PowerDirector Ultra v7.00.1628\Keygen_Lz0\Keygen.exe Infected: Trojan.Win32.Genome.aweu 1
E:\Download\CyberLink PowerDirector Ultra v7.00.1628\PDU_v7.00.1628.rar Infected: Trojan.Win32.Genome.aweu 1
E:\Download\imgnoiseware411pro.zip Infected: Trojan-Downloader.Win32.Exchanger.avd 1
E:\Download\imgnoiseware411pro.zip Infected: Trojan.Win32.Vapsup.ypm 1

Selected area has been scanned.
  • 0

Advertisements

#11
Rorschach112
Posted 27 January 2010 - 08:54 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
C:\Program Files\Dimac\w3JMail\jmail.dll
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{0C1690F4-5478-827E-3911-C5076159F619}-.Download-Server.exe
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{999FC874-3EC7-D9D6-32E5-364C305577DA}-autobackuppremium.exe
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{A3EB0090-638B-BAF6-A507-E44BA886A966}-autobackuppro64.exe
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{DCA7C184-5A6C-0C11-3F26-0A7F8159A8FE}-.Download-Server.exe
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{0C1690F4-5478-827E-3911-C5076159F619}-.Download-Server.exe
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{999FC874-3EC7-D9D6-32E5-364C305577DA}-autobackuppremium.exe
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{A3EB0090-638B-BAF6-A507-E44BA886A966}-autobackuppro64.exe
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{DCA7C184-5A6C-0C11-3F26-0A7F8159A8FE}-.Download-Server.exe
C:\Windows\Installer\8f4f8b.msi
D:\Download dump\Brollan.zip
D:\Download dump\Windows 7 Activation Patcher.exe
E:\Download\CyberLink PowerDirector Ultra v7.00.1628\CyberLink PowerDirector Ultra v7.00.1628\Keygen_Lz0
E:\Download\CyberLink PowerDirector Ultra v7.00.1628\PDU_v7.00.1628.rar
E:\Download\imgnoiseware411pro.zip
E:\Download\imgnoiseware411pro.zip

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download Rooter.exe to your desktop
  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here



Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

#12
Darkman66
Posted 27 January 2010 - 09:37 AM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTM Loggfile:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Dimac\w3JMail\jmail.dll moved successfully.
File/Folder C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{0C1690F4-5478-827E-3911-C5076159F619}-.Download-Server.exe not found.
File/Folder C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{999FC874-3EC7-D9D6-32E5-364C305577DA}-autobackuppremium.exe not found.
File/Folder C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{A3EB0090-638B-BAF6-A507-E44BA886A966}-autobackuppro64.exe not found.
File/Folder C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{DCA7C184-5A6C-0C11-3F26-0A7F8159A8FE}-.Download-Server.exe not found.
File/Folder C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{0C1690F4-5478-827E-3911-C5076159F619}-.Download-Server.exe not found.
File/Folder C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{999FC874-3EC7-D9D6-32E5-364C305577DA}-autobackuppremium.exe not found.
File/Folder C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{A3EB0090-638B-BAF6-A507-E44BA886A966}-autobackuppro64.exe not found.
File/Folder C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{DCA7C184-5A6C-0C11-3F26-0A7F8159A8FE}-.Download-Server.exe not found.
C:\Windows\Installer\8f4f8b.msi moved successfully.
D:\Download dump\Brollan.zip moved successfully.
D:\Download dump\Windows 7 Activation Patcher.exe moved successfully.
Folder move failed. E:\Download\CyberLink PowerDirector Ultra v7.00.1628\CyberLink PowerDirector Ultra v7.00.1628\Keygen_Lz0 scheduled to be moved on reboot.
E:\Download\CyberLink PowerDirector Ultra v7.00.1628\PDU_v7.00.1628.rar moved successfully.
E:\Download\imgnoiseware411pro.zip moved successfully.
File/Folder E:\Download\imgnoiseware411pro.zip not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joakim Krassman
->Temp folder emptied: 101364400 bytes
->Temporary Internet Files folder emptied: 50401057 bytes
->Java cache emptied: 128013 bytes
->FireFox cache emptied: 78881495 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: Mille
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11370 bytes
RecycleBin emptied: 422950360 bytes

Total Files Cleaned = 623,00 mb


OTM by OldTimer - Version 3.1.7.0 log created on 01272010_163210

Files moved on Reboot...
Folder move failed. E:\Download\CyberLink PowerDirector Ultra v7.00.1628\CyberLink PowerDirector Ultra v7.00.1628\Keygen_Lz0 scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#13
Rorschach112
Posted 27 January 2010 - 09:39 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
and the others
  • 0

#14
Darkman66
Posted 27 January 2010 - 09:53 AM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes, the rooter.exe takes a while - as it seems :)
  • 0

#15
Rorschach112
Posted 27 January 2010 - 10:01 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
ok
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP