[badstue]

Hi,

I'm close to give up, but here goes.

After many hours of searching on google I've come to this forum, read a single topic about this issue... and decided to try you out.
Maybe you have some tips I havent tried. I Hope!



My problem:
********************
Every minute my active window gets deselected, precisely every minute. If im lucky its gone the next time I start/boot or the desktop wakes up from sleep.

Software I've tried:
********************
* Format c: /(quick)
* Reinstall of Win7
* Combofix (clean)
* Malwarebytes full scan (clean)
* Search & Destroy full scan (clean)
* Using Avira Antivir Personal Edition
* chkdsk /r (found some bitmap errors that not seems to be repairable)
* unfocus registry vbs file
* deactivated the firewall (based one some of the tips I've read on the net)
* Reset the bios settings
* Completely uninstalled the keyboard & mouse-drivers within the device-manager

Hardware I've tried:
********************
* Replaced the mouse
* Replaced the keyboard
* Replaced the SATA-cables
* Replaced the RAM (not because of this issue, but an upgrade)
* Conneted the mouse & keyboard to different USB-ports
* Upgraded the bios to the latest version

My question:
********************
What the f*ck have I missed ? Is it my mainboard that has problems ?



:S

[Advertisements]

OTL log:

OTL logfile created on: 24-09-2011 16:20:28 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\rasmus\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

8,00 Gb Total Physical Memory | 6,68 Gb Available Physical Memory | 83,52% Memory free
16,00 Gb Paging File | 14,11 Gb Available in Paging File | 88,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 401,60 Gb Free Space | 86,24% Space Free | Partition Type: NTFS
Drive D: | 176,65 Gb Total Space | 162,65 Gb Free Space | 92,07% Space Free | Partition Type: NTFS
Drive F: | 9,65 Gb Total Space | 9,58 Gb Free Space | 99,22% Space Free | Partition Type: NTFS

Computer Name: RASMUS-PC | User Name: rasmus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-09-24 16:20:05 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\rasmus\Downloads\OTL.exe
PRC - [2011-09-20 19:54:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-09-14 15:24:04 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2011-04-21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011-04-21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011-04-01 08:55:04 | 000,788,992 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe


========== Modules (No Company Name) ==========

MOD - [2011-07-21 11:27:50 | 001,410,048 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
MOD - [2011-04-01 08:55:04 | 000,788,992 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
MOD - [2011-03-31 15:36:56 | 000,128,000 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
MOD - [2011-03-31 15:36:56 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.dll
MOD - [2011-03-31 15:36:46 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-07-28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-07-28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-09-20 19:54:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-04-21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-09-20 19:54:45 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011-09-20 19:54:45 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011-09-18 20:51:02 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)
DRV:64bit: - [2011-09-14 14:46:24 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2011-08-15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011-07-29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011-07-29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-07-28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-06-24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011-06-07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-07-28 05:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 31 95 6B D5 72 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rasmus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rasmus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rasmus\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\rasmus\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rasmus\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Google Update (Enabled) = C:\Users\rasmus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66721385-9D9B-42FA-A45E-7B6F727F341F}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-09-24 15:36:56 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Avira
[2011-09-23 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\rasmus\Documents\My Games
[2011-09-23 17:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 2011
[2011-09-23 16:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo
[2011-09-23 16:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Motor Racing Demo
[2011-09-21 20:48:51 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-09-21 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\Google
[2011-09-20 20:46:28 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011-09-20 20:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011-09-20 20:46:27 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Notepad++
[2011-09-20 20:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011-09-18 21:37:52 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Malwarebytes
[2011-09-18 21:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-09-18 21:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-09-18 21:37:44 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-09-18 21:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-09-18 12:38:52 | 000,000,000 | ---D | C] -- C:\Users\rasmus\Documents\Flight Simulator X Files
[2011-09-18 12:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011-09-18 12:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2011-09-18 12:27:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011-09-18 12:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011-09-18 12:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011-09-18 00:07:01 | 000,000,000 | ---D | C] -- C:\Users\rasmus\Desktop\backup
[2011-09-17 23:24:45 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\dvdcss
[2011-09-16 22:42:14 | 000,000,000 | ---D | C] -- C:\Users\rasmus\VirtualBox VMs
[2011-09-16 22:40:27 | 000,000,000 | ---D | C] -- C:\Users\rasmus\.VirtualBox
[2011-09-16 22:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011-09-16 22:39:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011-09-16 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011-09-16 21:36:43 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\VMware
[2011-09-16 21:36:38 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\VMware
[2011-09-16 21:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2011-09-16 20:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011-09-16 20:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-09-16 19:25:08 | 000,000,000 | ---D | C] -- C:\Users\rasmus\Documents\OnLive App
[2011-09-16 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\OnLive App
[2011-09-16 19:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnLive
[2011-09-16 19:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnLive
[2011-09-16 16:30:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011-09-16 16:30:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011-09-16 16:25:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011-09-16 16:24:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011-09-16 16:21:14 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011-09-16 16:21:05 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011-09-16 08:33:57 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\FileZilla
[2011-09-16 08:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011-09-16 08:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011-09-14 22:38:45 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\vlc
[2011-09-14 22:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011-09-14 22:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011-09-14 22:28:59 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\WinRAR
[2011-09-14 21:57:33 | 000,000,000 | ---D | C] -- C:\Users\rasmus\Documents\Downloads
[2011-09-14 15:46:06 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed
[2011-09-14 15:45:27 | 000,000,000 | ---D | C] -- C:\LFS
[2011-09-14 15:24:05 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Macromedia
[2011-09-14 15:24:05 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Adobe
[2011-09-14 15:24:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011-09-14 14:45:51 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\AMD
[2011-09-14 14:45:43 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\ATI
[2011-09-14 14:45:43 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\ATI
[2011-09-14 14:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011-09-14 14:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011-09-14 14:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011-09-14 14:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011-09-14 14:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011-09-14 14:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011-09-14 14:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011-09-14 14:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011-09-14 14:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011-09-14 14:43:08 | 000,000,000 | ---D | C] -- C:\ATI
[2011-09-14 14:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011-09-14 14:41:46 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011-09-14 14:41:46 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011-09-14 14:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011-09-14 14:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011-09-14 14:32:25 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\TP-LINK
[2011-09-14 14:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2011-09-14 14:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2011-09-14 14:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011-09-14 13:59:53 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011-09-14 13:53:21 | 001,918,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys
[2011-09-14 13:53:21 | 001,918,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys
[2011-09-14 13:53:18 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011-09-14 13:53:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011-09-14 13:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2011-09-14 10:26:44 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011-09-14 00:57:31 | 000,000,000 | R--D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011-09-14 00:57:31 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Searches
[2011-09-14 00:57:31 | 000,000,000 | R--D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011-09-14 00:57:31 | 000,000,000 | -H-D | C] -- C:\Users\rasmus\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011-09-14 00:57:23 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Identities
[2011-09-14 00:57:21 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Contacts
[2011-09-14 00:57:20 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\VirtualStore
[2011-09-14 00:57:08 | 000,000,000 | --SD | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Videos
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Saved Games
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Pictures
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Music
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Links
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Favorites
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Downloads
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Documents
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Desktop
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\AppData\Local\Temporary Internet Files
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Templates
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Start Menu
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\SendTo
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Recent
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\PrintHood
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\NetHood
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Documents\My Videos
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Documents\My Pictures
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Documents\My Music
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\My Documents
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Local Settings
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\AppData\Local\History
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Cookies
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Application Data
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\AppData\Local\Application Data
[2011-09-14 00:57:08 | 000,000,000 | -H-D | C] -- C:\Users\rasmus\AppData
[2011-09-14 00:57:08 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\Temp
[2011-09-14 00:57:08 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\Microsoft
[2011-09-14 00:57:08 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Media Center Programs
[2011-09-14 00:57:02 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011-09-14 00:30:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011-09-14 00:28:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011-09-14 00:28:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011-09-24 15:53:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877683730-4259393956-2839814435-1000UA.job
[2011-09-24 15:37:55 | 000,016,923 | ---- | M] () -- C:\Users\rasmus\Desktop\Untitled.png
[2011-09-24 15:09:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-09-24 12:21:30 | 000,007,633 | ---- | M] () -- C:\Users\rasmus\AppData\Local\Resmon.ResmonCfg
[2011-09-24 10:55:51 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-09-24 10:55:51 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-09-24 10:54:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-09-24 10:54:16 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-09-24 10:54:16 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-09-24 10:48:32 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2011-09-24 07:42:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877683730-4259393956-2839814435-1000Core.job
[2011-09-23 17:06:23 | 000,000,795 | ---- | M] () -- C:\Users\rasmus\Desktop\Farming Simulator 2011 .lnk
[2011-09-21 22:14:01 | 000,000,600 | ---- | M] () -- C:\Users\rasmus\AppData\Local\PUTTY.RND
[2011-09-20 19:54:45 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011-09-20 19:54:45 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011-09-18 20:51:02 | 000,009,600 | ---- | M] () -- C:\Windows\SysNative\drivers\whfltr2k.sys
[2011-09-18 20:41:55 | 000,272,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-09-16 21:15:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011-09-16 21:15:33 | 000,722,382 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-09-16 16:50:22 | 000,001,441 | ---- | M] () -- C:\Users\rasmus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-09-16 16:28:49 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011-09-16 16:28:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011-09-15 19:44:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-09-14 14:31:58 | 000,002,297 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2011-09-14 00:32:52 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011-09-14 00:32:52 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011-09-14 00:30:14 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011-08-31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011-09-24 15:37:55 | 000,016,923 | ---- | C] () -- C:\Users\rasmus\Desktop\Untitled.png
[2011-09-23 17:06:23 | 000,000,795 | ---- | C] () -- C:\Users\rasmus\Desktop\Farming Simulator 2011 .lnk
[2011-09-21 22:07:56 | 000,000,600 | ---- | C] () -- C:\Users\rasmus\AppData\Local\PUTTY.RND
[2011-09-21 20:48:29 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877683730-4259393956-2839814435-1000UA.job
[2011-09-21 20:48:29 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877683730-4259393956-2839814435-1000Core.job
[2011-09-16 21:15:37 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011-09-16 21:15:33 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-09-16 16:28:49 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011-09-16 16:28:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011-09-16 16:21:53 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2011-09-16 16:21:43 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011-09-16 16:20:57 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011-09-16 16:20:51 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011-09-16 16:20:51 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011-09-16 16:20:46 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011-09-16 16:20:46 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011-09-15 19:44:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-09-14 15:39:25 | 000,007,633 | ---- | C] () -- C:\Users\rasmus\AppData\Local\Resmon.ResmonCfg
[2011-09-14 14:31:58 | 000,002,297 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2011-09-14 13:57:00 | 000,001,441 | ---- | C] () -- C:\Users\rasmus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-09-14 13:53:21 | 000,021,215 | ---- | C] () -- C:\Windows\SysNative\netathurx.inf
[2011-09-14 13:53:21 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat
[2011-09-14 00:57:35 | 000,001,413 | ---- | C] () -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011-09-14 00:57:32 | 000,001,447 | ---- | C] () -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011-09-14 00:57:08 | 000,000,290 | ---- | C] () -- C:\Users\rasmus\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011-09-14 00:57:08 | 000,000,272 | ---- | C] () -- C:\Users\rasmus\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011-09-14 00:32:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-09-14 00:32:34 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011-09-14 00:30:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-09-14 00:28:05 | 2146,934,783 | -HS- | C] () -- C:\hiberfil.sys
[2011-08-24 20:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011-03-17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011-09-18 12:23:40 | 000,000,000 | ---D | M] -- C:\Users\rasmus\AppData\Roaming\DAEMON Tools Lite
[2011-09-24 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\rasmus\AppData\Roaming\FileZilla
[2011-09-20 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\rasmus\AppData\Roaming\Notepad++
[2011-09-16 19:23:48 | 000,000,000 | ---D | M] -- C:\Users\rasmus\AppData\Roaming\OnLive App
[2011-09-14 14:33:34 | 000,000,000 | ---D | M] -- C:\Users\rasmus\AppData\Roaming\TP-LINK
[2009-07-14 07:08:49 | 000,008,798 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[badstue]

OTL log:

OTL logfile created on: 24-09-2011 16:20:28 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\rasmus\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

8,00 Gb Total Physical Memory | 6,68 Gb Available Physical Memory | 83,52% Memory free
16,00 Gb Paging File | 14,11 Gb Available in Paging File | 88,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 401,60 Gb Free Space | 86,24% Space Free | Partition Type: NTFS
Drive D: | 176,65 Gb Total Space | 162,65 Gb Free Space | 92,07% Space Free | Partition Type: NTFS
Drive F: | 9,65 Gb Total Space | 9,58 Gb Free Space | 99,22% Space Free | Partition Type: NTFS

Computer Name: RASMUS-PC | User Name: rasmus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-09-24 16:20:05 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\rasmus\Downloads\OTL.exe
PRC - [2011-09-20 19:54:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-09-14 15:24:04 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2011-04-21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011-04-21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011-04-01 08:55:04 | 000,788,992 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe


========== Modules (No Company Name) ==========

MOD - [2011-07-21 11:27:50 | 001,410,048 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
MOD - [2011-04-01 08:55:04 | 000,788,992 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
MOD - [2011-03-31 15:36:56 | 000,128,000 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
MOD - [2011-03-31 15:36:56 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.dll
MOD - [2011-03-31 15:36:46 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-07-28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-07-28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-09-20 19:54:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-04-21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-09-20 19:54:45 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011-09-20 19:54:45 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011-09-18 20:51:02 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)
DRV:64bit: - [2011-09-14 14:46:24 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2011-08-15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011-07-29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011-07-29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-07-28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-06-24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011-06-07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-07-28 05:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 31 95 6B D5 72 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rasmus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rasmus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rasmus\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\rasmus\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rasmus\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Google Update (Enabled) = C:\Users\rasmus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66721385-9D9B-42FA-A45E-7B6F727F341F}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-09-24 15:36:56 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Avira
[2011-09-23 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\rasmus\Documents\My Games
[2011-09-23 17:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 2011
[2011-09-23 16:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo
[2011-09-23 16:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Motor Racing Demo
[2011-09-21 20:48:51 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-09-21 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\Google
[2011-09-20 20:46:28 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011-09-20 20:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011-09-20 20:46:27 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Notepad++
[2011-09-20 20:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011-09-18 21:37:52 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Malwarebytes
[2011-09-18 21:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-09-18 21:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-09-18 21:37:44 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-09-18 21:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-09-18 12:38:52 | 000,000,000 | ---D | C] -- C:\Users\rasmus\Documents\Flight Simulator X Files
[2011-09-18 12:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011-09-18 12:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2011-09-18 12:27:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011-09-18 12:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011-09-18 12:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011-09-18 00:07:01 | 000,000,000 | ---D | C] -- C:\Users\rasmus\Desktop\backup
[2011-09-17 23:24:45 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\dvdcss
[2011-09-16 22:42:14 | 000,000,000 | ---D | C] -- C:\Users\rasmus\VirtualBox VMs
[2011-09-16 22:40:27 | 000,000,000 | ---D | C] -- C:\Users\rasmus\.VirtualBox
[2011-09-16 22:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011-09-16 22:39:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011-09-16 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011-09-16 21:36:43 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\VMware
[2011-09-16 21:36:38 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\VMware
[2011-09-16 21:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2011-09-16 20:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011-09-16 20:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-09-16 19:25:08 | 000,000,000 | ---D | C] -- C:\Users\rasmus\Documents\OnLive App
[2011-09-16 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\OnLive App
[2011-09-16 19:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnLive
[2011-09-16 19:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnLive
[2011-09-16 16:30:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011-09-16 16:30:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011-09-16 16:25:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011-09-16 16:24:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011-09-16 16:21:14 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011-09-16 16:21:05 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011-09-16 08:33:57 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\FileZilla
[2011-09-16 08:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011-09-16 08:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011-09-14 22:38:45 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\vlc
[2011-09-14 22:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011-09-14 22:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011-09-14 22:28:59 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\WinRAR
[2011-09-14 21:57:33 | 000,000,000 | ---D | C] -- C:\Users\rasmus\Documents\Downloads
[2011-09-14 15:46:06 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed
[2011-09-14 15:45:27 | 000,000,000 | ---D | C] -- C:\LFS
[2011-09-14 15:24:05 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Macromedia
[2011-09-14 15:24:05 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Adobe
[2011-09-14 15:24:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011-09-14 14:45:51 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\AMD
[2011-09-14 14:45:43 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\ATI
[2011-09-14 14:45:43 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\ATI
[2011-09-14 14:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011-09-14 14:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011-09-14 14:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011-09-14 14:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011-09-14 14:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011-09-14 14:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011-09-14 14:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011-09-14 14:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011-09-14 14:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011-09-14 14:43:08 | 000,000,000 | ---D | C] -- C:\ATI
[2011-09-14 14:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011-09-14 14:41:46 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011-09-14 14:41:46 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011-09-14 14:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011-09-14 14:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011-09-14 14:32:25 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\TP-LINK
[2011-09-14 14:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2011-09-14 14:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2011-09-14 14:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011-09-14 13:59:53 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011-09-14 13:53:21 | 001,918,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys
[2011-09-14 13:53:21 | 001,918,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys
[2011-09-14 13:53:18 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011-09-14 13:53:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011-09-14 13:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2011-09-14 10:26:44 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011-09-14 00:57:31 | 000,000,000 | R--D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011-09-14 00:57:31 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Searches
[2011-09-14 00:57:31 | 000,000,000 | R--D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011-09-14 00:57:31 | 000,000,000 | -H-D | C] -- C:\Users\rasmus\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011-09-14 00:57:23 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Identities
[2011-09-14 00:57:21 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Contacts
[2011-09-14 00:57:20 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\VirtualStore
[2011-09-14 00:57:08 | 000,000,000 | --SD | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Videos
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Saved Games
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Pictures
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Music
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Links
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Favorites
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Downloads
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Documents
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\Desktop
[2011-09-14 00:57:08 | 000,000,000 | R--D | C] -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\AppData\Local\Temporary Internet Files
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Templates
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Start Menu
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\SendTo
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Recent
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\PrintHood
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\NetHood
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Documents\My Videos
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Documents\My Pictures
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Documents\My Music
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\My Documents
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Local Settings
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\AppData\Local\History
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Cookies
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\Application Data
[2011-09-14 00:57:08 | 000,000,000 | -HSD | C] -- C:\Users\rasmus\AppData\Local\Application Data
[2011-09-14 00:57:08 | 000,000,000 | -H-D | C] -- C:\Users\rasmus\AppData
[2011-09-14 00:57:08 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\Temp
[2011-09-14 00:57:08 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Local\Microsoft
[2011-09-14 00:57:08 | 000,000,000 | ---D | C] -- C:\Users\rasmus\AppData\Roaming\Media Center Programs
[2011-09-14 00:57:02 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011-09-14 00:30:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011-09-14 00:28:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011-09-14 00:28:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011-09-24 15:53:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877683730-4259393956-2839814435-1000UA.job
[2011-09-24 15:37:55 | 000,016,923 | ---- | M] () -- C:\Users\rasmus\Desktop\Untitled.png
[2011-09-24 15:09:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-09-24 12:21:30 | 000,007,633 | ---- | M] () -- C:\Users\rasmus\AppData\Local\Resmon.ResmonCfg
[2011-09-24 10:55:51 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-09-24 10:55:51 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-09-24 10:54:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-09-24 10:54:16 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-09-24 10:54:16 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-09-24 10:48:32 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2011-09-24 07:42:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877683730-4259393956-2839814435-1000Core.job
[2011-09-23 17:06:23 | 000,000,795 | ---- | M] () -- C:\Users\rasmus\Desktop\Farming Simulator 2011 .lnk
[2011-09-21 22:14:01 | 000,000,600 | ---- | M] () -- C:\Users\rasmus\AppData\Local\PUTTY.RND
[2011-09-20 19:54:45 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011-09-20 19:54:45 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011-09-18 20:51:02 | 000,009,600 | ---- | M] () -- C:\Windows\SysNative\drivers\whfltr2k.sys
[2011-09-18 20:41:55 | 000,272,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-09-16 21:15:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011-09-16 21:15:33 | 000,722,382 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-09-16 16:50:22 | 000,001,441 | ---- | M] () -- C:\Users\rasmus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-09-16 16:28:49 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011-09-16 16:28:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011-09-15 19:44:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-09-14 14:31:58 | 000,002,297 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2011-09-14 00:32:52 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011-09-14 00:32:52 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011-09-14 00:30:14 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011-08-31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011-09-24 15:37:55 | 000,016,923 | ---- | C] () -- C:\Users\rasmus\Desktop\Untitled.png
[2011-09-23 17:06:23 | 000,000,795 | ---- | C] () -- C:\Users\rasmus\Desktop\Farming Simulator 2011 .lnk
[2011-09-21 22:07:56 | 000,000,600 | ---- | C] () -- C:\Users\rasmus\AppData\Local\PUTTY.RND
[2011-09-21 20:48:29 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877683730-4259393956-2839814435-1000UA.job
[2011-09-21 20:48:29 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877683730-4259393956-2839814435-1000Core.job
[2011-09-16 21:15:37 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011-09-16 21:15:33 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-09-16 16:28:49 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011-09-16 16:28:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011-09-16 16:21:53 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2011-09-16 16:21:43 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011-09-16 16:20:57 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011-09-16 16:20:51 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011-09-16 16:20:51 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011-09-16 16:20:46 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011-09-16 16:20:46 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011-09-15 19:44:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-09-14 15:39:25 | 000,007,633 | ---- | C] () -- C:\Users\rasmus\AppData\Local\Resmon.ResmonCfg
[2011-09-14 14:31:58 | 000,002,297 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2011-09-14 13:57:00 | 000,001,441 | ---- | C] () -- C:\Users\rasmus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-09-14 13:53:21 | 000,021,215 | ---- | C] () -- C:\Windows\SysNative\netathurx.inf
[2011-09-14 13:53:21 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat
[2011-09-14 00:57:35 | 000,001,413 | ---- | C] () -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011-09-14 00:57:32 | 000,001,447 | ---- | C] () -- C:\Users\rasmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011-09-14 00:57:08 | 000,000,290 | ---- | C] () -- C:\Users\rasmus\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011-09-14 00:57:08 | 000,000,272 | ---- | C] () -- C:\Users\rasmus\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011-09-14 00:32:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-09-14 00:32:34 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011-09-14 00:30:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-09-14 00:28:05 | 2146,934,783 | -HS- | C] () -- C:\hiberfil.sys
[2011-08-24 20:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011-03-17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011-09-18 12:23:40 | 000,000,000 | ---D | M] -- C:\Users\rasmus\AppData\Roaming\DAEMON Tools Lite
[2011-09-24 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\rasmus\AppData\Roaming\FileZilla
[2011-09-20 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\rasmus\AppData\Roaming\Notepad++
[2011-09-16 19:23:48 | 000,000,000 | ---D | M] -- C:\Users\rasmus\AppData\Roaming\OnLive App
[2011-09-14 14:33:34 | 000,000,000 | ---D | M] -- C:\Users\rasmus\AppData\Roaming\TP-LINK
[2009-07-14 07:08:49 | 000,008,798 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[badstue]

Ah a possible breakthrough.. I found an unknown unsigned kernel driver - whfltr2k.sys - USB low level filter. Found it by TDSSKiller (kaspersky) rootkit scanner.

Maybe its an ok driver, I dont know. But my issue seems to be gone after I removed it and restarted.