Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Weirdest problem Ever!

Started by stelar7 , Mar 01 2011 01:53 PM

  • This topic is locked This topic is locked

#1
stelar7
Posted 01 March 2011 - 01:53 PM

stelar7

    Member

  • Member
  • PipPip
  • 12 posts
I built myself a PC in September 2010...

From the start i've not been able to play any games in fullscreen...

and now it the whole PC freezes suddenly, at random times...

help would be nice..


attached HJT and OLT scans...

Attached Files


  • 0

Advertisements

#2
Gammo
Posted 12 March 2011 - 08:55 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi stelar7,

I'm sorry for the delay.

This sounds more like a normal software problem to me, but we can check for malware if you want.

If you still need help, please follow these instructions:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
  • 0

#3
stelar7
Posted 14 March 2011 - 07:53 AM

stelar7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
when opening Rootkit Unhooker I get the error "Error loading driver, NTSTATUS code: 0xC000036B


also, did not get a file named extras.txt

OTL logfile created on: 14.03.2011 14:48:07 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Steffen\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 59,00% Memory free
12,00 Gb Paging File | 9,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 16,48 Gb Free Space | 22,15% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 528,42 Gb Free Space | 56,73% Space Free | Partition Type: NTFS
 
Computer Name: HJEMMEBYGG | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011.03.14 14:47:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Downloads\OTL.exe
PRC - [2011.03.14 14:47:10 | 000,133,632 | ---- | M] () -- C:\Users\Steffen\Downloads\RKUnhookerLE.EXE
PRC - [2011.03.03 11:07:50 | 006,625,792 | ---- | M] () -- E:\Program Files (x86)\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.20\deploy\League of Legends.exe
PRC - [2011.02.26 10:52:52 | 002,195,456 | ---- | M] () -- E:\Program Files (x86)\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.15\deploy\LoLLauncher.exe
PRC - [2011.02.26 10:52:34 | 001,011,712 | ---- | M] () -- E:\Program Files (x86)\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011.01.14 17:40:52 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- E:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011.01.03 15:55:58 | 003,982,928 | ---- | M] (Spotify Ltd) -- E:\Program Files (x86)\Spotify\spotify.exe
PRC - [2010.12.31 21:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- E:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.12.11 10:47:07 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010.12.07 11:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- E:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.11.20 21:21:58 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe
PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- E:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- E:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.10.19 13:30:20 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Steffen\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010.10.14 17:11:15 | 000,164,864 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.09.23 11:30:34 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files (x86)\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.20\deploy\LolClient.exe
PRC - [2010.07.06 15:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- E:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- E:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.01.06 21:29:24 | 000,416,256 | ---- | M] (Colin Raaijmakers) -- E:\Program Files (x86)\Logitech\g19app\G19app.exe
PRC - [2009.10.20 16:23:22 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programfiler\ASUS\TurboV\TurboV.exe
PRC - [2009.08.19 12:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009.07.30 17:10:04 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
PRC - [2009.02.18 14:31:56 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011.03.14 14:47:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Downloads\OTL.exe
MOD - [2011.01.14 17:41:02 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010.12.01 17:16:26 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll
MOD - [2010.12.01 17:16:26 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcp90.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009.07.14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009.07.14 02:14:51 | 002,175,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2009.07.14 02:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:[b]64bit:[/b] - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:[b]64bit:[/b] - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2010.08.03 21:49:08 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010.07.16 20:09:02 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009.05.06 09:41:52 | 000,062,464 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:[b]64bit:[/b] - [2007.11.07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010.12.07 11:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- E:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- E:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- E:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- E:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.06.02 18:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- E:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- E:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.19 12:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.06.30 09:28:28 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 14:31:56 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011.01.04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:[b]64bit:[/b] - [2010.12.21 06:55:02 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2010.12.21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:[b]64bit:[/b] - [2010.12.21 06:55:02 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:[b]64bit:[/b] - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:[b]64bit:[/b] - [2010.12.21 06:55:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:[b]64bit:[/b] - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:[b]64bit:[/b] - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:[b]64bit:[/b] - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:[b]64bit:[/b] - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:[b]64bit:[/b] - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:[b]64bit:[/b] - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:[b]64bit:[/b] - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:[b]64bit:[/b] - [2010.10.02 09:50:12 | 000,090,112 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:[b]64bit:[/b] - [2010.09.07 16:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2010.08.19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2010.07.21 15:00:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010.07.16 20:42:42 | 007,373,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2010.07.16 20:42:42 | 007,373,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2010.07.16 19:34:40 | 000,267,264 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010.06.25 14:32:34 | 000,144,656 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2010.06.23 08:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010.05.11 11:00:40 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:[b]64bit:[/b] - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:[b]64bit:[/b] - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:[b]64bit:[/b] - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2009.09.30 11:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2009.07.01 10:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:[b]64bit:[/b] - [2009.06.30 04:58:30 | 000,104,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.06.02 16:35:30 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rt61.sys -- (RT61)
DRV:[b]64bit:[/b] - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2009.02.17 17:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:[b]64bit:[/b] - [2009.02.17 17:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV - [2011.01.04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- E:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005.03.09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2005.01.04 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files (x86)\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - E:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-576177594-139507383-1363397478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.no/
IE - HKU\S-1-5-21-576177594-139507383-1363397478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-576177594-139507383-1363397478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = no
IE - HKU\S-1-5-21-576177594-139507383-1363397478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 73 4D 55 55 36 CB 01  [binary data]
IE - HKU\S-1-5-21-576177594-139507383-1363397478-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files (x86)\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-576177594-139507383-1363397478-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - E:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-576177594-139507383-1363397478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-576177594-139507383-1363397478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.a5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.01.14 17:41:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2011.03.11 19:56:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.11 19:56:19 | 000,000,000 | ---D | M]
 
[2010.11.06 15:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions
[2010.11.06 15:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions\[email protected]
[2011.02.28 17:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\t26u804q.default\extensions
[2010.12.11 10:47:27 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\t26u804q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010.12.11 10:47:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\t26u804q.default\extensions\[email protected]
[2011.02.28 17:16:32 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\t26u804q.default\extensions\[email protected]
[2011.02.28 17:16:32 | 000,000,000 | ---D | M] (FireStarter) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\t26u804q.default\extensions\[email protected]
[2010.10.21 18:16:37 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\t26u804q.default\extensions\[email protected]
[2011.02.28 17:16:32 | 000,000,000 | ---D | M] (Illuminations for Developers) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\t26u804q.default\extensions\[email protected]
[2011.01.20 15:42:44 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2011.01.14 17:41:02 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.12.03 19:49:35 | 000,001,525 | ---- | M] () -- E:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.12.03 19:49:35 | 000,000,955 | ---- | M] () -- E:\Program Files (x86)\Mozilla Firefox\searchplugins\bok-NO.xml
[2010.12.03 19:49:35 | 000,000,968 | ---- | M] () -- E:\Program Files (x86)\Mozilla Firefox\searchplugins\qxl-NO.xml
[2010.12.03 19:49:35 | 000,001,203 | ---- | M] () -- E:\Program Files (x86)\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml
[2010.12.03 19:49:35 | 000,001,176 | ---- | M] () -- E:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-NO.xml
[2010.12.03 19:49:35 | 000,001,192 | ---- | M] () -- E:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-NO.xml
 
O1 HOSTS File: ([2010.10.22 15:24:23 | 000,003,114 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1				activate-sea.adobe.com
O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
O1 - Hosts: 127.0.0.1                               125.252.224.90                       
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 28 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files (x86)\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - E:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files (x86)\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - E:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-576177594-139507383-1363397478-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-576177594-139507383-1363397478-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - E:\Program Files (x86)\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-576177594-139507383-1363397478-1000\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - E:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] E:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCDMon] E:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LGDCore] E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LgDeviceAgent] E:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Programfiler\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Programfiler\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] E:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast5] E:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] E:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] E:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-576177594-139507383-1363397478-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-576177594-139507383-1363397478-1000..\Run: [cacaoweb] C:\Users\Steffen\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKU\S-1-5-21-576177594-139507383-1363397478-1000..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-576177594-139507383-1363397478-1000..\Run: [ISUSPM Startup]  File not found
O4 - HKU\S-1-5-21-576177594-139507383-1363397478-1000..\Run: [PlayNC Launcher]  File not found
O4 - HKU\S-1-5-21-576177594-139507383-1363397478-1000..\Run: [Steam] E:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-576177594-139507383-1363397478-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-576177594-139507383-1363397478-1000..\Run: [VeohPlugin] E:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\G19app.lnk = E:\Program Files (x86)\Logitech\g19app\G19app.exe (Colin Raaijmakers)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-576177594-139507383-1363397478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: Legg mål-linken i kø med BID - E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Legg nåværende side til med BID Image Downloader - E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Åpne mål-linken med BID - E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Åpne nåværende side med BID Image Downloader - E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Åpne nåværende side med BID Link Explorer Image Downloader - E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8 - Extra context menu item: Legg mål-linken i kø med BID - E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Legg nåværende side til med BID Image Downloader - E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Åpne mål-linken med BID - E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Åpne nåværende side med BID Image Downloader - E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Åpne nåværende side med BID Link Explorer Image Downloader - E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000010 [] -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-576177594-139507383-1363397478-1000\..Trusted Ranges: Range1979 ([http] in Klarerte områder)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0a404f73-91a8-11df-a168-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0a404f73-91a8-11df-a168-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE
O33 - MountPoints2\{4743fa6b-9e25-11df-b704-485b396c19f0}\Shell - "" = AutoRun
O33 - MountPoints2\{4743fa6b-9e25-11df-b704-485b396c19f0}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{4743fa6b-9e25-11df-b704-485b396c19f0}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{4743fa6b-9e25-11df-b704-485b396c19f0}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{50e46703-9a38-11df-806d-485b396c19f0}\Shell - "" = AutoRun
O33 - MountPoints2\{50e46703-9a38-11df-806d-485b396c19f0}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.03.12 18:28:47 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2011.03.12 18:28:47 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2011.03.12 18:28:47 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2011.03.12 18:28:47 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2011.03.12 18:28:47 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2011.03.12 18:28:47 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2011.03.12 18:28:47 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2011.03.12 18:28:47 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2011.03.12 18:28:47 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2011.03.12 18:28:47 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2011.03.12 18:28:47 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2011.03.12 18:28:47 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2011.03.12 18:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © v2011.build.46 (Feb 12, 2011)
[2011.03.12 18:17:25 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Conduit
[2011.03.12 18:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011.03.12 18:16:27 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Combined Community Codec Pack
[2011.03.11 20:23:22 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\ASIO4ALL v2
[2011.03.11 20:23:22 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011.03.11 20:23:07 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2011.03.11 20:23:07 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\Image-Line
[2011.03.11 20:22:56 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Vstplugins
[2011.03.11 20:22:56 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.03.11 20:22:55 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Outsim
[2011.03.11 20:22:21 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Image-Line
[2011.03.11 20:12:18 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Music Recognition
[2011.03.11 20:12:06 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WIDI Recognition System Standard 4.03
[2011.03.11 20:12:06 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\WIDI 4.0 Std
[2011.03.11 20:10:08 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\eRightSoft
[2011.03.11 20:07:16 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TS-AudioToMIDI 3.30
[2011.03.11 20:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TS-AudioToMIDI 3.30
[2011.03.11 20:07:16 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\TallStick
[2011.03.11 20:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteWorthy Composer 2
[2011.03.11 20:03:44 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Noteworthy Software
[2011.03.11 20:03:44 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Noteworthy Software
[2011.03.11 20:03:44 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\NoteWorthy Composer
[2011.03.11 19:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.11 19:56:10 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\QuickTime
[2011.03.11 17:13:57 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Desktop\mcc
[2011.03.10 18:27:15 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\PFConfig
[2011.03.10 18:00:08 | 000,005,264 | ---- | C] (SysInternals) -- C:\Windows\SysWow64\drivers\PROCEXP.SYS
[2011.03.10 17:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Local Port Scanner
[2011.03.10 17:57:44 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\LPS
[2011.03.10 17:56:55 | 000,049,664 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011.03.10 17:56:52 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Active Ports
[2011.03.10 17:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active Ports
[2011.03.08 15:44:12 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Desktop\cinema 4d
[2011.03.07 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\Watched Threads
[2011.03.01 19:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.03.01 19:50:36 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Google
[2011.02.28 15:09:13 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home-x86
[2011.02.28 15:09:13 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Folding@home
[2011.02.28 15:04:47 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\HFM
[2011.02.28 15:04:47 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\harlam357
[2011.02.28 14:33:33 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\.minecraft
[2011.02.26 14:22:47 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Desktop\minecraft
[2011.02.26 14:20:55 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Minutor
[2011.02.26 14:20:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minutor
[2011.02.26 14:07:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\mts
[2011.02.26 10:38:31 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\miecraftserver
[2011.02.26 10:31:01 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\LogMeIn Hamachi
[2011.02.26 10:30:52 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\LogMeIn Hamachi
[2011.02.26 10:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.02.25 15:01:53 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Publish Providers
[2011.02.25 14:59:53 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\Vegas Movie Studio HD Platinum 10.0 Projects
[2011.02.25 14:59:53 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Sony
[2011.02.25 14:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011.02.25 14:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011.02.25 14:59:24 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Sony
[2011.02.25 14:59:13 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Sony
[2011.02.21 17:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011.02.21 17:17:26 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011.02.21 17:17:26 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2011.02.21 17:17:26 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011.02.21 17:17:26 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.02.21 17:17:24 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\K-Lite Codec Pack
[2011.02.21 16:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
[2011.02.21 16:17:21 | 000,000,000 | ---D | C] -- E:\Program Files\MAXON
[2011.02.21 16:12:11 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\MAXON
[2011.02.21 15:03:42 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\vlc
[2011.02.21 15:03:21 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\VideoLAN
[2011.02.19 12:02:06 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Trend Micro
[2011.02.19 12:02:06 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.02.17 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\Bulk Image Downloader
[2011.02.17 20:46:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\BID
[2011.02.17 20:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Image Downloader
[2011.02.17 20:46:13 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Bulk Image Downloader
[2011.02.17 20:45:52 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Desktop\Bulk_Image_Downloader_v2.22.0.0
[2011.02.16 17:32:35 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\ZoomBrowser EX
[2011.02.16 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Canon
[2011.02.16 17:29:06 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\CANON_INC
[2011.02.16 14:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2011.02.16 14:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011.02.16 14:28:03 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Canon
[2011.02.16 14:27:13 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Common Files\Canon
[2011.02.14 15:52:57 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Nero_AG
[2011.02.12 18:29:19 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\Wizards of the Coast
[2011.02.12 18:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast LLC
[2011.02.12 18:28:01 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Wizards of the Coast LLC
[2011.02.12 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Desktop\Ny mappe
[2006.06.26 06:33:46 | 000,163,840 | ---- | C] (アリスソフト) -- C:\Users\Steffen\AppData\Local\Tempals_inst.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.03.14 14:47:21 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011.03.14 14:35:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-576177594-139507383-1363397478-1000UA.job
[2011.03.14 14:35:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-576177594-139507383-1363397478-1000Core.job
[2011.03.14 14:33:21 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.03.14 14:30:31 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.14 14:30:31 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.14 14:29:18 | 001,362,808 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.14 14:29:18 | 000,654,624 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.14 14:29:18 | 000,494,968 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2011.03.14 14:29:18 | 000,122,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.14 14:29:18 | 000,095,284 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2011.03.14 14:23:35 | 000,001,846 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\G19app.lnk
[2011.03.14 14:23:30 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.14 14:22:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.14 14:22:48 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.12 20:55:00 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.12 13:08:11 | 004,976,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.03.11 20:12:07 | 000,001,017 | ---- | M] () -- C:\Users\Steffen\Desktop\WIDI 4.0 Std.lnk
[2011.03.10 18:00:08 | 000,005,264 | ---- | M] (SysInternals) -- C:\Windows\SysWow64\drivers\PROCEXP.SYS
[2011.03.03 17:05:14 | 000,000,438 | ---- | M] () -- C:\Users\Steffen\Desktop\js.html
[2011.02.26 10:23:27 | 000,270,142 | ---- | M] () -- C:\Users\Steffen\Desktop\Minecraft.exe
[2011.02.22 16:33:28 | 001,387,578 | ---- | M] () -- C:\Users\Steffen\Desktop.mov
[2011.02.19 12:02:06 | 000,002,985 | ---- | M] () -- C:\Users\Steffen\Desktop\HiJackThis.lnk
[2011.02.18 20:48:30 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\PicaLoader.lnk
[2011.02.16 17:36:40 | 000,000,093 | ---- | M] () -- C:\Windows\WFT-E4IIUtility.INI
[2011.02.16 17:36:37 | 000,000,093 | ---- | M] () -- C:\Windows\WFT-E2IIUtility.INI
[2011.02.16 17:36:35 | 000,000,093 | ---- | M] () -- C:\Windows\WFT-E5Utility.INI
[2011.02.16 17:36:32 | 000,000,108 | ---- | M] () -- C:\Windows\WFT-E4Utility.INI
[2011.02.16 17:36:30 | 000,000,108 | ---- | M] () -- C:\Windows\WFT-E3Utility.INI
[2011.02.16 17:36:01 | 000,000,108 | ---- | M] () -- C:\Windows\WFT-E2Utility.INI
[2011.02.16 17:35:51 | 000,000,884 | ---- | M] () -- C:\Users\Steffen\Documents\nprofile.nif
[2011.02.16 17:28:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.02.12 18:28:10 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Magic The Gathering - Duels of the Planeswalkers.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.03.14 14:47:13 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011.03.12 18:28:47 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2011.03.12 18:28:47 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2011.03.12 18:28:47 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2011.03.12 18:28:47 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2011.03.12 18:28:47 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2011.03.12 18:28:47 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2011.03.12 18:28:47 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2011.03.12 18:28:47 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2011.03.11 20:12:07 | 000,001,017 | ---- | C] () -- C:\Users\Steffen\Desktop\WIDI 4.0 Std.lnk
[2011.03.01 19:50:39 | 000,000,994 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.01 19:50:39 | 000,000,990 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.28 17:16:15 | 000,000,438 | ---- | C] () -- C:\Users\Steffen\Desktop\js.html
[2011.02.26 10:23:26 | 000,270,142 | ---- | C] () -- C:\Users\Steffen\Desktop\Minecraft.exe
[2011.02.22 15:51:52 | 001,387,578 | ---- | C] () -- C:\Users\Steffen\Desktop.mov
[2011.02.21 17:17:27 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.02.21 17:17:27 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.02.21 17:17:26 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.02.21 17:17:26 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.21 17:17:26 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.02.21 17:17:26 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011.02.19 12:02:06 | 000,002,985 | ---- | C] () -- C:\Users\Steffen\Desktop\HiJackThis.lnk
[2011.02.16 17:36:40 | 000,000,093 | ---- | C] () -- C:\Windows\WFT-E4IIUtility.INI
[2011.02.16 17:36:37 | 000,000,093 | ---- | C] () -- C:\Windows\WFT-E2IIUtility.INI
[2011.02.16 17:36:35 | 000,000,093 | ---- | C] () -- C:\Windows\WFT-E5Utility.INI
[2011.02.16 17:36:32 | 000,000,108 | ---- | C] () -- C:\Windows\WFT-E4Utility.INI
[2011.02.16 17:36:30 | 000,000,108 | ---- | C] () -- C:\Windows\WFT-E3Utility.INI
[2011.02.16 17:36:01 | 000,000,108 | ---- | C] () -- C:\Windows\WFT-E2Utility.INI
[2011.02.16 17:35:51 | 000,000,884 | ---- | C] () -- C:\Users\Steffen\Documents\nprofile.nif
[2011.02.16 17:28:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.02.12 18:28:10 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Magic The Gathering - Duels of the Planeswalkers.lnk
[2011.01.31 11:15:41 | 000,005,024 | ---- | C] () -- C:\Windows\SysWow64\FilterData.dat
[2011.01.15 13:26:31 | 000,000,173 | ---- | C] () -- C:\Users\Steffen\AppData\Local\msmathematics.qat.Steffen
[2011.01.14 17:49:36 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.12.04 13:16:12 | 000,000,462 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\Current.prx
[2010.12.04 13:15:48 | 000,000,600 | ---- | C] () -- C:\Users\Steffen\AppData\Local\PUTTY.RND
[2010.11.15 12:23:58 | 000,444,283 | ---- | C] () -- E:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2010.10.21 18:15:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.12 15:57:51 | 000,001,456 | ---- | C] () -- C:\Users\Steffen\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.10.03 17:20:55 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.10.02 15:52:25 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010.09.13 14:46:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.09.11 13:41:26 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010.09.04 11:36:45 | 001,380,184 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.20 19:56:14 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.08.17 15:07:18 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys
[2010.08.17 15:07:18 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin
[2010.08.04 18:50:20 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.02 12:47:26 | 000,038,309 | ---- | C] () -- C:\Windows\scunin.dat
[2010.07.20 19:27:54 | 000,001,742 | ---- | C] () -- C:\Users\Steffen\AppData\Local\Tempwconfig.vbs
[2010.07.19 12:07:19 | 000,007,607 | ---- | C] () -- C:\Users\Steffen\AppData\Local\resmon.resmoncfg
[2010.07.17 23:38:17 | 000,001,296 | ---- | C] () -- C:\Windows\disney.ini
[2010.07.17 21:37:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.07.17 15:16:33 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.07.17 15:16:33 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.07.17 15:10:00 | 000,034,430 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.07.17 15:09:36 | 000,023,585 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.07.17 15:01:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.17 14:59:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2010.07.17 14:59:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2010.07.17 14:59:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2010.07.17 14:59:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2010.07.17 14:59:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2010.07.17 14:59:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2010.07.17 14:59:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2010.07.17 14:59:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.06 03:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.11.07 17:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2004.10.11 10:19:00 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSASV2.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011.02.03 20:10:17 | 000,000,000 | -HSD | M] -- C:\Users\Steffen\AppData\Roaming\.#
[2011.02.28 18:15:19 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\.minecraft
[2011.02.09 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Audacity
[2011.02.18 20:56:32 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\BID
[2010.10.21 18:19:41 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\cacaoweb
[2011.02.16 17:29:23 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Canon
[2011.01.31 18:00:54 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Chan Thread Watch
[2010.07.28 12:24:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DAEMON Tools Lite
[2010.10.20 15:44:22 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Downloaded Installations
[2011.02.28 15:10:16 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Folding@home-x86
[2011.02.18 15:44:09 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\FrostWire
[2011.02.03 15:58:57 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GetRightToGo
[2011.02.01 17:06:01 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GlobalSCAPE
[2011.02.28 15:08:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\HFM
[2010.08.26 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\LockHunter
[2010.07.22 15:25:00 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\LolClient
[2011.02.21 16:25:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\MAXON
[2011.03.10 19:07:12 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\miecraftserver
[2011.02.26 14:07:55 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\mts
[2011.03.11 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Music Recognition
[2011.02.01 17:10:35 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Notepad++
[2010.08.19 13:53:02 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Octoshape
[2010.09.11 13:41:26 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\PACE Anti-Piracy
[2011.02.25 15:01:53 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Publish Providers
[2010.09.11 13:41:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011.01.31 11:39:16 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Samsung
[2011.02.25 15:01:52 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Sony
[2011.03.14 14:38:32 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Spotify
[2010.09.11 13:42:41 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.08.12 18:02:35 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Synthesia
[2011.01.16 21:59:15 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TeamViewer
[2011.01.13 16:47:30 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Tunngle
[2010.07.19 16:44:30 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Unity
[2011.03.14 14:43:07 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\uTorrent
[2010.11.15 12:27:47 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\VDownloader
[2010.08.17 15:11:53 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\vghd
[2011.01.03 16:22:32 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\VOWSoft
[2011.01.13 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Windows Live Writer
[2010.12.28 11:53:05 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
(C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????) -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\アリスソフト
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\アリスソフト
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 1297 bytes -> C:\ProgramData\Microsoft:yTbIZIHXP2BRRTNui4HWgtMNV0
@Alternate Data Stream - 1294 bytes -> C:\Users\Steffen\AppData\Local\Temp:edALljPRu3dx4J3w3O7EjdY
@Alternate Data Stream - 1180 bytes -> C:\Users\Steffen\AppData\Local\Temp:ds0kti2gmspwqlRwRUNMcP
@Alternate Data Stream - 1104 bytes -> C:\ProgramData\Microsoft:5sEIyvoVKYXSofivjQnBy

< End of report >

  • 0

#4
Gammo
Posted 14 March 2011 - 10:36 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Your OTL log is clean, so malware isn't causing your problems.

Do this clean-up step first please:

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

After doing that, you can start a new topic here if you want.
  • 0

#5
Gammo
Posted 02 April 2011 - 04:39 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP