Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cursor moving and clicking on its own, even when mouse is unplugged


  • Please log in to reply

#1
martyboi82

martyboi82

    New Member

  • Member
  • Pip
  • 4 posts
Hi people!

About 7 days ago i came across this odd issue on my computer:

The cursor disappears just to reappear somewhere else on my screen (even when I unplug the mouse). I'm not sure if it's a specific pattern but it jumps across the screen, left-clicks, right-clicks and such. If I just watch it, it has moved the windows-start-field (I don't know what it's called in english tbh - just the bottom field where the start-icon is and shortcuts etc) from the bottom to left, right and top of my screen - sometimes, it seems just random that it just happens to grab the start-field and moves it, so it doesn't seem to target it. It clicks, but doesn't seem to aim at special things. For instance, it doesn't seem like it's trying to target specific icons or fields on the screen (one would imagine it would try to shut down the computer or try to close or open programs etc), it seems just randomly jumping. It's not jumping at a special pace, sometimes it moves 2 times during a second, and suddendly it stops for a couple of seconds and then it's jumping again. When I'm in a folder and try to click on a file, it doesn't recognize the click at once, maybe after a few tries - like the "script" is at some other kind of level in Windows (like the desktop level) that is actual for the "script". When I left-click it sometimes take it as a right-click. But, it's not active all the time: sometimes it's ok, and a couple of hours later it's crazy again. I haven't been able to check if it's between specific times of the day.

What I have done trying to solve this weird thing:
- I unplugged the mouse - no difference
- I changed the mouse - no difference (it's not disturbed either about a new mouse beeing inserted, so it doesn't seem to reload the "script" just becaus I change the hardware)
- I started Ms Paint and expanded the canvas just to se if it would draw some sort of "pattern" - it didn't
- System restore, restored 10 days back in time - the issue reappeared within a day or two
- I have unplugged the mouse - no difference
- I have downloaded Kaspersky Virus Removal Tool just to do a scan - finds nothing
- My AV is NOD32, always updated and performed a scan - finds nothing
- when I check the processlist I can't find anything unusual

I really need help with this since at times I cant work at all on the computer and I would really appreciate help from people who knows a lot, I need geeks in other words =)


So, I downloaded OTL and did two scans, one when the "script" (or whatever it is) is active and one when the cursor is ok. I'll post them both in case it helps.

Starting when the cursor is crazy:

OTL logfile created on: 2012-01-26 17:41:46 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 68,92% Memory free
8,00 Gb Paging File | 6,69 Gb Available in Paging File | 83,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 48,94 Gb Free Space | 43,82% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 205,81 Gb Free Space | 44,19% Space Free | Partition Type: NTFS
Drive E: | 199,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: VI1337 | User Name: Vi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-01-23 11:54:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vi\Desktop\OTL.exe
PRC - [2012-01-03 22:50:59 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2012-01-03 08:23:11 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011-12-05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Vi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011-11-30 15:06:02 | 002,175,304 | ---- | M] (Voddler) -- C:\Program Files (x86)\voddler\service\voddler.exe
PRC - [2011-11-30 15:05:56 | 000,050,776 | ---- | M] (Voddler) -- C:\Program Files (x86)\voddler\service\VNetManager.exe
PRC - [2011-11-01 15:40:04 | 001,053,056 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2011-10-27 10:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011-10-27 10:33:32 | 000,148,016 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011-10-14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-05-23 20:10:48 | 001,087,384 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2010-11-20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010-06-07 11:35:35 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009-10-30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009-07-08 10:01:54 | 005,782,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009-07-01 19:23:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2009-07-01 19:19:18 | 000,601,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2009-05-14 14:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2008-09-16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-01 15:42:14 | 000,392,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2011-11-01 15:42:12 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2011-11-01 15:42:08 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2011-11-01 15:42:06 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2011-11-01 15:41:38 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2011-11-01 15:41:36 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
MOD - [2011-11-01 15:41:34 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2011-11-01 15:41:32 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2011-11-01 15:41:30 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2011-11-01 15:41:24 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2011-11-01 15:41:22 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2011-11-01 15:41:20 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2011-11-01 15:41:18 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2011-11-01 15:41:16 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2011-11-01 15:41:14 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2011-11-01 15:41:12 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2011-11-01 15:41:10 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2011-11-01 15:41:06 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2011-11-01 15:40:56 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2011-11-01 15:40:54 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2011-11-01 15:40:52 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2011-11-01 15:40:08 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2011-11-01 15:40:00 | 000,438,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2011-11-01 15:39:36 | 001,041,792 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2011-11-01 15:39:06 | 000,740,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2011-11-01 14:57:42 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011-10-12 07:30:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011-10-12 07:29:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011-10-12 07:29:35 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011-10-12 07:29:05 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011-10-12 07:28:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011-06-24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-06-24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010-06-07 11:35:35 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009-07-08 10:01:54 | 005,782,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009-07-01 19:23:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2009-07-01 19:19:18 | 000,601,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
MOD - [2009-02-27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009-02-27 15:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009-01-15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2008-02-25 14:08:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll
MOD - [2007-01-03 21:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll
MOD - [2006-01-10 15:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009-05-14 14:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009-05-14 14:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2011-11-30 15:06:02 | 002,175,304 | ---- | M] (Voddler) [Auto | Running] -- C:\Program Files (x86)\voddler\service\voddler.exe -- (VoddlerNet)
SRV - [2011-10-27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-05-12 13:48:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-09-16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-08-17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011-08-17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011-08-17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011-08-17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011-05-13 15:32:39 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011-05-12 13:30:19 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011-05-10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010-03-12 18:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009-11-09 19:07:22 | 000,787,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28x.sys -- (netr28x)
DRV:64bit: - [2009-08-23 04:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-05-14 14:49:56 | 000,121,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009-05-14 14:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009-05-14 14:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009-05-14 08:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009-07-29 17:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 50 6F E8 96 35 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.personalvetare.nu"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-01-17 18:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-01-17 07:05:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-05-12 13:28:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-11 15:31:09 | 000,000,000 | ---D | M]

[2011-05-12 15:29:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vi\AppData\Roaming\mozilla\Extensions
[2012-01-06 10:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vi\AppData\Roaming\mozilla\Firefox\Profiles\pdwuz9i1.default\extensions
[2012-01-17 18:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-10-15 16:18:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\VI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDWUZ9I1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011-12-21 09:08:47 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011-12-21 06:49:25 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2011-12-21 06:34:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-12-21 06:49:25 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2011-12-21 06:49:25 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2011-12-21 06:49:25 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2011-12-21 06:49:25 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vi\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vi\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vi\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files (x86)\Personal\bin\np_prsnl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Vi\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [VoddlerNet Manager] C:\Program Files (x86)\voddler\service\VNetManager.exe (Voddler)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Vi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Betrodda platser)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.54.122.199 195.54.122.204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4244D31F-6CFF-4EEF-9091-4F82B05B9BF3}: DhcpNameServer = 195.54.122.199 195.54.122.204
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-07-21 00:20:02 | 000,371,881 | R--- | M] () - E:\autorun.aru -- [ UDF ]
O32 - AutoRun File - [2010-08-23 15:41:16 | 002,776,064 | R--- | M] () - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2004-01-25 04:38:48 | 000,023,558 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011-07-21 00:20:04 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{00489701-7c94-11e0-bc79-00261897ac51}\Shell - "" = AutoRun
O33 - MountPoints2\{00489701-7c94-11e0-bc79-00261897ac51}\Shell\AutoRun\command - "" = K:\Installer.exe
O33 - MountPoints2\{9a19ae61-7c8a-11e0-9be7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9a19ae61-7c8a-11e0-9be7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2010-08-23 15:41:16 | 002,776,064 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-01-26 17:41:22 | 000,000,000 | ---D | C] -- C:\Users\Vi\Desktop\gg
[2012-01-23 12:06:24 | 000,000,000 | ---D | C] -- C:\Users\Vi\Desktop\ej igång
[2012-01-23 11:53:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vi\Desktop\OTL.exe
[2012-01-23 10:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012-01-22 11:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012-01-22 11:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012-01-22 11:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012-01-22 11:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012-01-22 11:40:21 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012-01-22 11:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012-01-17 06:57:24 | 000,000,000 | ---D | C] -- C:\Users\Vi\AppData\Roaming\Leadertech
[2012-01-17 06:56:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012-01-17 06:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012-01-17 06:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012-01-17 06:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012-01-17 06:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012-01-17 06:54:21 | 000,000,000 | ---D | C] -- C:\Users\Vi\AppData\Roaming\Logitech
[2012-01-17 06:54:21 | 000,000,000 | ---D | C] -- C:\Users\Vi\AppData\Roaming\Logishrd
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-01-26 17:40:48 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-01-26 17:40:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-01-26 17:04:01 | 000,099,348 | ---- | M] () -- C:\Users\Vi\Desktop\Schemakompokom-201201163.pdf
[2012-01-26 17:00:11 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-310376144-3087298800-2905533210-1000UA.job
[2012-01-26 16:40:01 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-01-26 16:25:49 | 000,018,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-01-26 16:25:49 | 000,018,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-01-26 16:24:34 | 001,442,452 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-01-26 16:24:34 | 000,617,198 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012-01-26 16:24:34 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-01-26 16:24:34 | 000,120,576 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012-01-26 16:24:34 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-01-23 11:54:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vi\Desktop\OTL.exe
[2012-01-22 11:42:32 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012-01-22 11:42:15 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012-01-19 07:06:14 | 000,062,538 | ---- | M] () -- C:\Users\Vi\Desktop\Härlig bild.jpg
[2012-01-17 18:43:06 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-01-06 10:25:36 | 000,518,792 | ---- | M] () -- C:\Users\Vi\Desktop\HRDinbjudan.pdf
[2011-12-30 11:54:06 | 000,065,181 | ---- | M] () -- C:\Users\Vi\Desktop\kompletteringochhrmmne.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-01-26 17:04:01 | 000,099,348 | ---- | C] () -- C:\Users\Vi\Desktop\Schemakompokom-201201163.pdf
[2012-01-22 11:42:32 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012-01-22 11:42:15 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012-01-19 07:06:12 | 000,062,538 | ---- | C] () -- C:\Users\Vi\Desktop\Härlig bild.jpg
[2012-01-17 18:43:06 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-01-06 10:25:34 | 000,518,792 | ---- | C] () -- C:\Users\Vi\Desktop\HRDinbjudan.pdf
[2011-12-30 11:54:05 | 000,065,181 | ---- | C] () -- C:\Users\Vi\Desktop\kompletteringochhrmmne.zip
[2011-10-14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-06-27 09:59:45 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011-05-13 15:34:01 | 000,007,602 | ---- | C] () -- C:\Users\Vi\AppData\Local\Resmon.ResmonCfg
[2011-05-12 15:27:06 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011-05-12 15:27:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011-05-12 13:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-05-12 12:34:51 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011-05-12 12:34:51 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010-12-06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007-12-28 08:22:04 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007-04-27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

========== LOP Check ==========

[2011-07-16 13:50:41 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\abgx360
[2011-06-10 08:08:41 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\DAEMON Tools Lite
[2012-01-26 17:41:04 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\Dropbox
[2011-06-19 20:54:54 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\ImgBurn
[2012-01-17 06:57:24 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\Leadertech
[2011-09-05 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\LolClient
[2011-12-08 08:35:02 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\MAGIX
[2011-12-11 15:38:51 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\PC Suite
[2012-01-17 07:00:45 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\Personal
[2012-01-24 12:17:24 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\Spotify
[2011-12-29 10:07:21 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\uTorrent
[2012-01-23 08:38:44 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



And when the cursor is ok:


OTL logfile created on: 2012-01-23 11:57:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,86% Memory free
8,00 Gb Paging File | 6,71 Gb Available in Paging File | 83,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 49,61 Gb Free Space | 44,42% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 205,81 Gb Free Space | 44,19% Space Free | Partition Type: NTFS
Drive E: | 199,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: VI1337 | User Name: Vi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-01-23 11:54:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vi\Desktop\OTL.exe
PRC - [2012-01-03 08:23:11 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011-12-05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Vi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011-11-30 15:06:02 | 002,175,304 | ---- | M] (Voddler) -- C:\Program Files (x86)\voddler\service\voddler.exe
PRC - [2011-11-30 15:05:56 | 000,050,776 | ---- | M] (Voddler) -- C:\Program Files (x86)\voddler\service\VNetManager.exe
PRC - [2011-11-01 15:40:04 | 001,053,056 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2011-10-27 10:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011-10-27 10:33:32 | 000,148,016 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-10-14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-05-23 20:10:48 | 001,087,384 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2010-11-20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010-06-07 11:35:35 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009-10-30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009-07-08 10:01:54 | 005,782,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009-07-01 19:23:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2009-07-01 19:19:18 | 000,601,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2009-05-14 14:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2008-09-16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-01 15:42:14 | 000,392,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2011-11-01 15:42:12 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2011-11-01 15:42:08 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2011-11-01 15:42:06 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2011-11-01 15:41:38 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2011-11-01 15:41:36 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
MOD - [2011-11-01 15:41:34 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2011-11-01 15:41:32 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2011-11-01 15:41:30 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2011-11-01 15:41:24 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2011-11-01 15:41:22 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2011-11-01 15:41:20 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2011-11-01 15:41:18 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2011-11-01 15:41:16 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2011-11-01 15:41:14 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2011-11-01 15:41:12 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2011-11-01 15:41:10 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2011-11-01 15:41:06 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2011-11-01 15:40:56 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2011-11-01 15:40:54 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2011-11-01 15:40:52 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2011-11-01 15:40:08 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2011-11-01 15:40:00 | 000,438,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2011-11-01 15:39:36 | 001,041,792 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2011-11-01 15:39:06 | 000,740,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2011-11-01 14:57:42 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011-10-12 07:30:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011-10-12 07:29:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011-10-12 07:29:35 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011-10-12 07:29:05 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011-10-12 07:28:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011-06-24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-06-24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010-06-07 11:35:35 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009-07-08 10:01:54 | 005,782,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009-07-01 19:23:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2009-07-01 19:19:18 | 000,601,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
MOD - [2009-03-25 15:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009-02-27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009-02-27 15:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009-01-15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2008-02-25 14:08:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll
MOD - [2007-01-03 21:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll
MOD - [2006-01-10 15:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009-05-14 14:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009-05-14 14:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2011-11-30 15:06:02 | 002,175,304 | ---- | M] (Voddler) [Auto | Running] -- C:\Program Files (x86)\voddler\service\voddler.exe -- (VoddlerNet)
SRV - [2011-10-27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-05-12 13:48:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-09-16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-08-17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011-08-17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011-08-17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011-08-17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011-05-13 15:32:39 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011-05-12 13:30:19 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011-05-10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010-03-12 18:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009-11-09 19:07:22 | 000,787,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28x.sys -- (netr28x)
DRV:64bit: - [2009-08-23 04:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-05-14 14:49:56 | 000,121,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009-05-14 14:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009-05-14 14:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009-05-14 08:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009-07-29 17:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 50 6F E8 96 35 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.personalvetare.nu"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-01-17 18:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-01-17 07:05:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-05-12 13:28:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-11 15:31:09 | 000,000,000 | ---D | M]

[2011-05-12 15:29:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vi\AppData\Roaming\mozilla\Extensions
[2012-01-06 10:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vi\AppData\Roaming\mozilla\Firefox\Profiles\pdwuz9i1.default\extensions
[2012-01-17 18:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-10-15 16:18:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\VI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDWUZ9I1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011-12-21 09:08:47 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011-12-21 06:49:25 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2011-12-21 06:34:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-12-21 06:49:25 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2011-12-21 06:49:25 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2011-12-21 06:49:25 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2011-12-21 06:49:25 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vi\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vi\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vi\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files (x86)\Personal\bin\np_prsnl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Vi\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [VoddlerNet Manager] C:\Program Files (x86)\voddler\service\VNetManager.exe (Voddler)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Vi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Betrodda platser)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.54.122.199 195.54.122.204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4244D31F-6CFF-4EEF-9091-4F82B05B9BF3}: DhcpNameServer = 195.54.122.199 195.54.122.204
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-07-21 00:20:02 | 000,371,881 | R--- | M] () - E:\autorun.aru -- [ UDF ]
O32 - AutoRun File - [2010-08-23 15:41:16 | 002,776,064 | R--- | M] () - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2004-01-25 04:38:48 | 000,023,558 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011-07-21 00:20:04 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{00489701-7c94-11e0-bc79-00261897ac51}\Shell - "" = AutoRun
O33 - MountPoints2\{00489701-7c94-11e0-bc79-00261897ac51}\Shell\AutoRun\command - "" = K:\Installer.exe
O33 - MountPoints2\{9a19ae61-7c8a-11e0-9be7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9a19ae61-7c8a-11e0-9be7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2010-08-23 15:41:16 | 002,776,064 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-01-23 11:53:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vi\Desktop\OTL.exe
[2012-01-23 10:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012-01-22 11:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012-01-22 11:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012-01-22 11:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012-01-22 11:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012-01-22 11:40:21 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012-01-22 11:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012-01-17 06:57:24 | 000,000,000 | ---D | C] -- C:\Users\Vi\AppData\Roaming\Leadertech
[2012-01-17 06:56:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012-01-17 06:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012-01-17 06:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012-01-17 06:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012-01-17 06:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012-01-17 06:54:21 | 000,000,000 | ---D | C] -- C:\Users\Vi\AppData\Roaming\Logitech
[2012-01-17 06:54:21 | 000,000,000 | ---D | C] -- C:\Users\Vi\AppData\Roaming\Logishrd
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-01-23 11:59:00 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-310376144-3087298800-2905533210-1000UA.job
[2012-01-23 11:55:00 | 000,018,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-01-23 11:55:00 | 000,018,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-01-23 11:54:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vi\Desktop\OTL.exe
[2012-01-23 11:53:45 | 001,442,452 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-01-23 11:53:45 | 000,617,198 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012-01-23 11:53:45 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-01-23 11:53:45 | 000,120,576 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012-01-23 11:53:45 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-01-23 11:47:50 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-01-23 11:47:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-01-23 10:40:00 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-01-23 10:32:13 | 115,380,304 | ---- | M] () -- C:\Users\Vi\Desktop\setup_11.0.0.1245.x01_2012_01_23_12_44.exe
[2012-01-22 11:42:32 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012-01-22 11:42:15 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012-01-19 07:06:14 | 000,062,538 | ---- | M] () -- C:\Users\Vi\Desktop\Härlig bild.jpg
[2012-01-17 18:43:06 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-01-06 10:25:36 | 000,518,792 | ---- | M] () -- C:\Users\Vi\Desktop\HRDinbjudan.pdf
[2011-12-30 11:54:06 | 000,065,181 | ---- | M] () -- C:\Users\Vi\Desktop\kompletteringochhrmmne.zip
[2011-12-27 13:59:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-310376144-3087298800-2905533210-1000Core.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-01-23 10:31:49 | 115,380,304 | ---- | C] () -- C:\Users\Vi\Desktop\setup_11.0.0.1245.x01_2012_01_23_12_44.exe
[2012-01-22 11:42:32 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012-01-22 11:42:15 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012-01-19 07:06:12 | 000,062,538 | ---- | C] () -- C:\Users\Vi\Desktop\Härlig bild.jpg
[2012-01-17 18:43:06 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-01-06 10:25:34 | 000,518,792 | ---- | C] () -- C:\Users\Vi\Desktop\HRDinbjudan.pdf
[2011-12-30 11:54:05 | 000,065,181 | ---- | C] () -- C:\Users\Vi\Desktop\kompletteringochhrmmne.zip
[2011-10-14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-06-27 09:59:45 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011-05-13 15:34:01 | 000,007,602 | ---- | C] () -- C:\Users\Vi\AppData\Local\Resmon.ResmonCfg
[2011-05-12 15:27:06 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011-05-12 15:27:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011-05-12 13:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-05-12 12:34:51 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011-05-12 12:34:51 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010-12-06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007-12-28 08:22:04 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007-04-27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

========== LOP Check ==========

[2011-07-16 13:50:41 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\abgx360
[2011-06-10 08:08:41 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\DAEMON Tools Lite
[2012-01-23 11:47:59 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\Dropbox
[2011-06-19 20:54:54 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\ImgBurn
[2012-01-17 06:57:24 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\Leadertech
[2011-09-05 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\LolClient
[2011-12-08 08:35:02 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\MAGIX
[2011-12-11 15:38:51 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\PC Suite
[2012-01-17 07:00:45 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\Personal
[2012-01-22 11:28:08 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\Spotify
[2011-12-29 10:07:21 | 000,000,000 | ---D | M] -- C:\Users\Vi\AppData\Roaming\uTorrent
[2012-01-23 08:38:44 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

I hope that I have explained the problem thoroughly, but just ask if you want to have additional information.

A great thanks in advance!

From
Martin Carlsson, Sweden
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Try and get process explorer logs when it the mouse is crazy and when it's not. That might tell us something.

Also does it act up in Safe Mode with Networking?
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)



I don't see any malware signs but we can run a couple of scans just to be sure:


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (allow it to download and run Avast)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Did you get an Extras log when you first ran OTL? If so please copy and paste it. If not:

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste the Extras log.

Ron
  • 0

#3
martyboi82

martyboi82

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
This is the extrasfile, forgot to paste it. Although this extras log is from when the cursor is ok. And a heeps of thanks RKinner for you trying to help me, it feels great!

At the moment, from yesterday evening and this morning the cursor is ok, but I'll wait for it to appear again.

I have executed the processcan "procexp.exe" and saved a txtfile for when the cursor is ok. I'll post it underneith the OTL extras scan log.

Extras:

OTL Extras logfile created on: 2012-01-23 11:57:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,86% Memory free
8,00 Gb Paging File | 6,71 Gb Available in Paging File | 83,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 49,61 Gb Free Space | 44,42% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 205,81 Gb Free Space | 44,19% Space Free | Partition Type: NTFS
Drive E: | 199,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: VI1337 | User Name: Vi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{66F644DA-4ED8-4D03-83D2-A7156AA562BC}" = ESET NOD32 Antivirus
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision drivrutin 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIAs kontrollpanel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdrivrutin 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision drivrutin för styrenhet 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systemprogramvara 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA-uppdatering 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{277FF4F0-5D16-4199-938D-5F70DCB229F9}" = GPSTrack
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F9FB6DA-AAF4-4CCE-8D36-20217A02B2DC}" = MAGIX Speed 2 (MSI)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7163DF-2116-4B48-A628-4FCD7E06B1B2}" = Voddler
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0015-041D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2007
"{90120000-0015-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007
"{90120000-0016-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007
"{90120000-0018-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-041D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2007
"{90120000-0019-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-041D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2007
"{90120000-001A-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007
"{90120000-001B-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040B-0000-0000000FF1CE}_ENTERPRISE_{8C00DF3E-E8BD-4C6A-B86F-0135E11DAF1C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
"{90120000-001F-041D-0000-0000000FF1CE}_ENTERPRISE_{43722AA8-ACEA-4F54-9B83-2467D376EF8A}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-041D-1000-0000000FF1CE}_ENTERPRISE_{8C2A0B2D-382B-428C-9E8D-247D31B22201}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-041D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Swedish) 2007
"{90120000-0044-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007
"{90120000-006E-041D-0000-0000000FF1CE}_ENTERPRISE_{8C2A0B2D-382B-428C-9E8D-247D31B22201}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2007
"{90120000-00A1-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-041D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Swedish) 2007
"{90120000-00BA-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"abgx360" = abgx360 v1.0.5
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"ImgBurn" = ImgBurn
"Intel® Solid-State Drive Toolbox" = Intel® Solid-State Drive Toolbox
"Mozilla Firefox 9.0.1 (x86 sv-SE)" = Mozilla Firefox 9.0.1 (x86 sv-SE)
"Nokia Suite" = Nokia Suite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Personal" = BankID säkerhetsprogram 4.18
"Samsung ML-1660 Series" = Underhåll Samsung ML-1660 Series
"Spotify" = Spotify
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2012-01-19 15:54:24 | Computer Name = Vi1337 | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet med namn: ssp7msm.exe, version 1.1.0.12,
tidsstämpel 0x4e11d0ae , felet uppstod i modulen med namn: ssp7msm.exe, version
1.1.0.12, tidsstämpel 0x4e11d0ae Undantagskod: 0xc0000005 Felförskjutning: 0x00043bed
Process-ID:
0x1144 Programmets starttid: 0x01ccd6e4237859e9 Sökväg till program: C:\windows\system32\spool\drivers\x64\3\ssp7msm.exe
Sökväg
till modul: C:\windows\system32\spool\drivers\x64\3\ssp7msm.exe Rapport-ID: 627a0221-42d7-11e1-b201-00261897ac51

Error - 2012-01-19 15:55:50 | Computer Name = Vi1337 | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet med namn: ssp7msm.exe, version 1.1.0.12,
tidsstämpel 0x4e11d0ae , felet uppstod i modulen med namn: ssp7msm.exe, version
1.1.0.12, tidsstämpel 0x4e11d0ae Undantagskod: 0xc0000005 Felförskjutning: 0x00043bed
Process-ID:
0x8fc Programmets starttid: 0x01ccd6e4576bc1c5 Sökväg till program: C:\windows\system32\spool\drivers\x64\3\ssp7msm.exe
Sökväg
till modul: C:\windows\system32\spool\drivers\x64\3\ssp7msm.exe Rapport-ID: 95b254a0-42d7-11e1-b201-00261897ac51

Error - 2012-01-21 09:45:49 | Computer Name = Vi1337 | Source = SideBySide | ID = 16842827
Description = Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe. Det finns ett fel i manifest- eller principfilen
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe
på rad 2. Flera element av typen requestedPrivileges stöds inte i manifestet.

Error - 2012-01-21 09:46:22 | Computer Name = Vi1337 | Source = SideBySide | ID = 16842832
Description = Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe. Det finns ett fel i manifest- eller principfilen
på rad . En komponentversion som begärs av programmet står i konflikt med en annan
komponentversion som redan är aktiv. Följande komponenter orsakar konflikten: Komponent
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponent
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 2012-01-22 03:50:07 | Computer Name = Vi1337 | Source = ESENT | ID = 454
Description = Catalog Database (1168) Catalog Database: Det oväntade felet -515
inträffade vid databasåterställningen.

Error - 2012-01-22 03:50:07 | Computer Name = Vi1337 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Tjänsten Cryptographic Services kunde inte initiera katalogdatabasen.
ESENT-felet var: -515.

Error - 2012-01-22 13:35:34 | Computer Name = Vi1337 | Source = SideBySide | ID = 16842827
Description = Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe. Det finns ett fel i manifest- eller principfilen
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe
på rad 2. Flera element av typen requestedPrivileges stöds inte i manifestet.

Error - 2012-01-22 13:36:07 | Computer Name = Vi1337 | Source = SideBySide | ID = 16842832
Description = Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe. Det finns ett fel i manifest- eller principfilen
på rad . En komponentversion som begärs av programmet står i konflikt med en annan
komponentversion som redan är aktiv. Följande komponenter orsakar konflikten: Komponent
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponent
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 2012-01-23 05:10:28 | Computer Name = Vi1337 | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet med namn: ssp7msm.exe, version 1.1.0.12,
tidsstämpel 0x4e11d0ae , felet uppstod i modulen med namn: ssp7msm.exe, version
1.1.0.12, tidsstämpel 0x4e11d0ae Undantagskod: 0xc0000005 Felförskjutning: 0x00043bed
Process-ID:
0xbf0 Programmets starttid: 0x01ccd9aed4fdc871 Sökväg till program: C:\windows\system32\spool\drivers\x64\3\ssp7msm.exe
Sökväg
till modul: C:\windows\system32\spool\drivers\x64\3\ssp7msm.exe Rapport-ID: 17586c35-45a2-11e1-8837-00261897ac51

Error - 2012-01-23 06:55:56 | Computer Name = Vi1337 | Source = Application Hang | ID = 1002
Description = Programmet OTL.exe, version 3.2.31.0, avslutades eftersom det slutade
att samverka med Windows. Ytterligare information kan finnas i problemhistoriken
på kontrollpanelen för Åtgärdscentret och lösningar. Process-ID: 12ac Starttid: 01ccd9bd6486c5a7

Avslutningstid:
10 Programsökväg: C:\Users\Vi\Desktop\OTL.exe Rapport-ID: d17eb259-45b0-11e1-84d2-00261897ac51


[ OSession Events ]
Error - 2011-11-20 07:50:06 | Computer Name = Vi1337 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2012-01-23 05:10:31 | Computer Name = Vi1337 | Source = Service Control Manager | ID = 7000
Description = Tjänsten SSPORT kunde inte startas på grund av följande fel: %%2

Error - 2012-01-23 05:22:16 | Computer Name = Vi1337 | Source = Service Control Manager | ID = 7000
Description = Tjänsten DgiVecp kunde inte startas på grund av följande fel: %%2

Error - 2012-01-23 05:22:16 | Computer Name = Vi1337 | Source = Service Control Manager | ID = 7000
Description = Tjänsten SSPORT kunde inte startas på grund av följande fel: %%2

Error - 2012-01-23 05:22:24 | Computer Name = Vi1337 | Source = Service Control Manager | ID = 7000
Description = Tjänsten SSPORT kunde inte startas på grund av följande fel: %%2

Error - 2012-01-23 05:22:25 | Computer Name = Vi1337 | Source = Service Control Manager | ID = 7000
Description = Tjänsten SSPORT kunde inte startas på grund av följande fel: %%2

Error - 2012-01-23 06:47:49 | Computer Name = Vi1337 | Source = Service Control Manager | ID = 7000
Description = Tjänsten DgiVecp kunde inte startas på grund av följande fel: %%2

Error - 2012-01-23 06:47:50 | Computer Name = Vi1337 | Source = Service Control Manager | ID = 7000
Description = Tjänsten SSPORT kunde inte startas på grund av följande fel: %%2

Error - 2012-01-23 06:47:51 | Computer Name = Vi1337 | Source = sermouse | ID = 1
Description =

Error - 2012-01-23 06:47:58 | Computer Name = Vi1337 | Source = Service Control Manager | ID = 7000
Description = Tjänsten SSPORT kunde inte startas på grund av följande fel: %%2

Error - 2012-01-23 06:47:59 | Computer Name = Vi1337 | Source = Service Control Manager | ID = 7000
Description = Tjänsten SSPORT kunde inte startas på grund av följande fel: %%2


< End of report >



System idle process.txt - cursor ok:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 91.09 0 K 24 K
procexp64.exe 4844 4.10 19 356 K 38 808 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 1.23 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1524 0.87 26 556 K 31 372 K Fönsterhanteraren för skrivbordet Microsoft Corporation
NokiaSuite.exe 1372 0.81 138 996 K 39 056 K Nokia Suite Nokia
voddler.exe 2228 0.74 6 024 K 8 900 K VoddlerNet Service Voddler
System 4 0.33 144 K 1 280 K
csrss.exe 476 0.29 2 864 K 14 844 K Körtidsprocess för klientservern Microsoft Corporation
firefox.exe 4632 0.22 186 500 K 228 116 K Firefox Mozilla Corporation
GoogleDesktop.exe 2512 0.06 10 876 K 6 980 K Google Desktop Google
AppleMobileDeviceService.exe 1952 0.04 2 860 K 9 204 K MobileDeviceService Apple Inc.
explorer.exe 1660 0.04 80 584 K 114 600 K Utforskaren Microsoft Corporation
egui.exe 236 0.04 3 288 K 10 968 K ESET GUI ESET
svchost.exe 696 0.04 4 644 K 10 204 K Värdprocess för Windows-tjänster Microsoft Corporation
SSMMgr.exe 2488 0.02 2 800 K 7 620 K
services.exe 516 0.01 6 168 K 12 848 K Tjänst- och styrenhetsprogram Microsoft Corporation
VNetManager.exe 2632 0.01 38 116 K 41 396 K VNetMan Voddler
Dropbox.exe 2084 0.01 44 144 K 50 828 K Dropbox Dropbox, Inc.
iPodService.exe 3392 0.01 2 880 K 7 216 K iPodService Module (64-bit) Apple Inc.
daemonu.exe 5016 0.01 2 256 K 6 056 K NVIDIA Settings Update Manager NVIDIA Corporation
svchost.exe 460 < 0.01 8 892 K 16 032 K Värdprocess för Windows-tjänster Microsoft Corporation
SearchIndexer.exe 3340 < 0.01 21 648 K 16 316 K Indexerare för Microsoft Windows Search Microsoft Corporation
svchost.exe 1000 < 0.01 23 272 K 40 668 K Värdprocess för Windows-tjänster Microsoft Corporation
Personal.exe 1676 < 0.01 3 856 K 11 876 K Nexus Personal Technology Nexus AB
svchost.exe 1164 < 0.01 10 672 K 14 884 K Värdprocess för Windows-tjänster Microsoft Corporation
cmd.exe 2320 < 0.01 1 684 K 2 176 K Windows Kommandotolken Microsoft Corporation
GoogleToolbarNotifier.exe 2032 < 0.01 2 360 K 956 K GoogleToolbarNotifier Google Inc.
csrss.exe 404 < 0.01 2 012 K 4 416 K Körtidsprocess för klientservern Microsoft Corporation
wmpnetwk.exe 1220 < 0.01 3 908 K 4 088 K Windows Media Player Network Sharing Service Microsoft Corporation
nvvsvc.exe 1068 < 0.01 4 328 K 11 900 K NVIDIA Driver Helper Service, Version 285.62 NVIDIA Corporation
iTunesHelper.exe 2664 < 0.01 3 512 K 11 536 K iTunesHelper Apple Inc.
PhotoshopElementsFileAgent.exe 1824 < 0.01 3 580 K 1 160 K Adobe Photoshop Elements 7.0 (component) Adobe Systems Incorporated
ekrn.exe 1644 < 0.01 72 480 K 77 996 K ESET Service ESET
AiNap.exe 2420 < 0.01 7 200 K 9 980 K
FourEngine.exe 2012 < 0.01 11 596 K 4 920 K
WUDFHost.exe 3784 2 132 K 6 256 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
WmiPrvSE.exe 2196 2 488 K 6 032 K WMI Provider Host Microsoft Corporation
winlogon.exe 636 3 060 K 7 512 K Inloggningsprogram för Windows Microsoft Corporation
wininit.exe 468 1 452 K 4 456 K Startprogrammet i Windows Microsoft Corporation
taskhost.exe 1564 8 128 K 9 948 K Värdprocess för Windows-aktiviteter Microsoft Corporation
taskeng.exe 1848 2 020 K 6 076 K Motor för Schemaläggaren Microsoft Corporation
svchost.exe 3544 5 628 K 33 896 K Värdprocess för Windows-tjänster Microsoft Corporation
svchost.exe 972 10 232 K 19 632 K Värdprocess för Windows-tjänster Microsoft Corporation
svchost.exe 1616 11 452 K 16 536 K Värdprocess för Windows-tjänster Microsoft Corporation
svchost.exe 832 4 312 K 8 476 K Värdprocess för Windows-tjänster Microsoft Corporation
svchost.exe 920 19 884 K 22 500 K Värdprocess för Windows-tjänster Microsoft Corporation
svchost.exe 2152 1 760 K 5 552 K Värdprocess för Windows-tjänster Microsoft Corporation
spoolsv.exe 1488 12 344 K 20 724 K Undersystem för utskriftshanteraren Microsoft Corporation
splwow64.exe 2648 7 516 K 14 068 K Print driver host for 32bit applications Microsoft Corporation
smss.exe 268 440 K 1 096 K Windows Sessionshanteraren Microsoft Corporation
ServiceLayer.exe 3464 2 628 K 7 016 K ServiceLayer Module Nokia
RAVCpl64.exe 1520 8 352 K 10 648 K HD Audio Control Panel Realtek Semiconductor
QFanHelp.exe 2428 1 752 K 6 880 K
procexp.exe 5020 1 932 K 6 840 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
plugin-container.exe 4056 11 628 K 17 460 K Plugin Container for Firefox Mozilla Corporation
plugin-container.exe 4504 7 932 K 11 188 K Plugin Container for Firefox Mozilla Corporation
plugin-container.exe 1388 11 328 K 18 140 K Plugin Container for Firefox Mozilla Corporation
NvXDSync.exe 1056 7 744 K 18 224 K NVIDIA User Experience Driver Component NVIDIA Corporation
nvvsvc.exe 764 2 612 K 7 548 K NVIDIA Driver Helper Service, Version 285.62 NVIDIA Corporation
nvtray.exe 2200 6 464 K 13 192 K NVIDIA Settings NVIDIA Corporation
nvSCPAPISvr.exe 788 2 480 K 5 824 K Stereo Vision Control Panel API Server NVIDIA Corporation
NclUSBSrv64.exe 3684 1 440 K 4 300 K USB Media Server Nokia
NclMSBTSrvEx.exe 4452 1 476 K 5 204 K Microsoft Bluetooth Media Server Nokia
mDNSResponder.exe 1420 2 136 K 5 672 K Bonjour Service Apple Inc.
lsm.exe 548 2 544 K 4 280 K Lokal sessionshanterartjänst Microsoft Corporation
lsass.exe 540 4 104 K 10 968 K Local Security Authority Process Microsoft Corporation
jusched.exe 2524 1 104 K 4 500 K Java™ Update Scheduler Sun Microsystems, Inc.
DTLite.exe 1964 4 584 K 11 428 K DAEMON Tools Lite DT Soft Ltd
dllhost.exe 5060 2 004 K 5 752 K COM Surrogate Microsoft Corporation
caller64.exe 284 1 456 K 4 364 K
audiodg.exe 2116 17 040 K 17 556 K Windows Ljudenhetsgrafisolering Microsoft Corporation
acrotray.exe 2404 1 228 K 4 756 K AcroTray Adobe Systems Inc.


I'll post the system idle process txt when cursor is crazy next time it is, I'll also do the other steps you told me to do when the cursor is crazy again. I'll be away this weeekend so I don't expect to sit by my computer until this monday. I know Google translate exists but feel free to mail me if you want some Swedish words explained if Google translate messes up.

Thanks alot again, I'll keep you posted.

Yours sincerely, Martin

Edited by martyboi82, 28 January 2012 - 04:31 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
Actually I'm fluent in German and worked in Denmark for 6 months once so I can pretty much figure out the events without Google. It helps that I usually know what the events say in English too. Don't worry about delays. I don't keep track. I just check a thread when I get an email that there has been a reply.

I would uninstall
your Samsung printer and this program: Underhåll Samsung ML-1660 Series Most of the alarms I am seeing in your Extras log are from the printer. Check the Samsung website for the latest version of their drivers if you are still using this printer. Then reinstall.

Also uninstall µTorrent. (I believe the forum instructions tell you to uninstall all P2P programs before posting)

Also uninstall the Skype toolbar: Skype Click to Call It is causing problems and Skype will work OK without it. (This is just the annoying (to me) program that changes anything on a webpage it thinks is a phone number into a button so you can click on it and call that number with Skype.)


Acrobat is also having trouble. I assume this is the paid for version. You might want to try uninstalling and reinstalling it. When you reinstall, right click on it and Run As Admin. Sometimes things install better that way.


Error - 2012-01-22 03:50:07 | Computer Name = Vi1337 | Source = ESENT | ID = 454
Description = Catalog Database (1168) Catalog Database: Det oväntade felet -515
inträffade vid databasåterställningen.

Error - 2012-01-22 03:50:07 | Computer Name = Vi1337 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Tjänsten Cryptographic Services kunde inte initiera katalogdatabasen.
ESENT-felet var: -515.


Usually caused by database corruption:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


net  stop  cryptsvc
ren  %systemroot%\system32\catroot2  oldcatroot2
net  start  cryptsvc



There was also a Word error. Sometimes you can fix these by closing Word then doing a search starting with C:\\ including all hidden and system files for normal.dot or normal.dotm.
(These are Word's templates.) Rename any you find to anormal. Then start Word from All Programs not from an existing document and it will recreate the default template. (Any customizations will be lost.) Then make sure Prompt to Save Normal Template is checked in Tools menu, click Options, Save. OK. Make any other changes you like such as fonts or page size or printers and then close Word. You will be prompted to Save the template. Say Yes this time and No any other time unless you have made a change.

Word is also very tightly tied to your printer so this could just be another symptom of the Samsung printer not being happy.


There was one mouse error but unfortunately it did not pick up any description.

Error - 2012-01-23 06:47:51 | Computer Name = Vi1337 | Source = sermouse | ID = 1
Description =


Appears this is normal with this error. I think it means restart unwanted.

Right click on Computer and select Manage (Continue) Device Manager then View, Show Hidden Devices. Look in the right pane and click on the arrow before Mice and other Pointing Devices. Right click on each entry under Mice and Uninstall. When you have done this, go to Action and click on Scan for Hardware Changes to reinstall.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste the Extras log.
  • 0

#5
martyboi82

martyboi82

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here's the system idle process log when the cursor is crazy, and doing the things you asked me to do I think I found the problem, I'll get to that after the log:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 69.50 0 K 24 K
svchost.exe 996 10.62 112 440 K 84 628 K Värdprocess för Windows-tjänster Microsoft Corporation
TrustedInstaller.exe 3100 6.92 3 724 K 9 184 K Windows Modules Installer Microsoft Corporation
voddler.exe 2168 3.63 5 808 K 8 640 K VoddlerNet Service Voddler
procexp64.exe 4604 3.55 21 704 K 41 832 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System 4 1.94 128 K 672 K
Interrupts n/a 1.27 0 K 0 K Hardware Interrupts and DPCs
NokiaSuite.exe 1868 0.94 134 980 K 33 648 K Nokia Suite Nokia
dwm.exe 1448 0.55 24 220 K 30 096 K Fönsterhanteraren för skrivbordet Microsoft Corporation
csrss.exe 476 0.21 2 432 K 10 748 K Körtidsprocess för klientservern Microsoft Corporation
ekrn.exe 1080 0.19 70 460 K 76 076 K ESET Service ESET
nvtray.exe 2888 0.15 5 320 K 11 932 K NVIDIA Settings NVIDIA Corporation
explorer.exe 1540 0.14 72 448 K 96 208 K Utforskaren Microsoft Corporation
egui.exe 1548 0.09 3 296 K 10 736 K ESET GUI ESET
svchost.exe 824 0.08 4 792 K 8 424 K Värdprocess för Windows-tjänster Microsoft Corporation
GoogleDesktop.exe 2400 0.06 7 712 K 9 796 K Google Desktop Google
svchost.exe 1160 0.05 10 716 K 14 492 K Värdprocess för Windows-tjänster Microsoft Corporation
SearchIndexer.exe 1012 0.03 13 232 K 7 796 K Indexerare för Microsoft Windows Search Microsoft Corporation
AppleMobileDeviceService.exe 2032 0.02 2 936 K 9 616 K MobileDeviceService Apple Inc.
nvvsvc.exe 1100 0.02 4 420 K 11 936 K NVIDIA Driver Helper Service, Version 285.62 NVIDIA Corporation
iPodService.exe 3216 0.01 2 780 K 7 132 K iPodService Module (64-bit) Apple Inc.
FourEngine.exe 1988 0.01 11 592 K 22 688 K
svchost.exe 808 < 0.01 9 560 K 16 116 K Värdprocess för Windows-tjänster Microsoft Corporation
csrss.exe 404 < 0.01 1 976 K 4 376 K Körtidsprocess för klientservern Microsoft Corporation
Personal.exe 1856 < 0.01 3 596 K 10 660 K Nexus Personal Technology Nexus AB
cmd.exe 2224 < 0.01 1 688 K 2 176 K Windows Kommandotolken Microsoft Corporation
iTunesHelper.exe 2532 < 0.01 3 680 K 11 584 K iTunesHelper Apple Inc.
svchost.exe 968 < 0.01 10 400 K 19 412 K Värdprocess för Windows-tjänster Microsoft Corporation
AiNap.exe 2284 < 0.01 7 196 K 9 696 K
PhotoshopElementsFileAgent.exe 1796 < 0.01 3 572 K 1 012 K Adobe Photoshop Elements 7.0 (component) Adobe Systems Incorporated
WUDFHost.exe 3140 2 132 K 6 232 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
VNetManager.exe 2508 16 240 K 19 132 K VNetMan Voddler
wmpnetwk.exe 3916 3 744 K 12 436 K Windows Media Player Network Sharing Service Microsoft Corporation
WmiPrvSE.exe 3860 5 136 K 9 884 K WMI Provider Host Microsoft Corporation
WmiPrvSE.exe 4648 2 500 K 6 024 K WMI Provider Host Microsoft Corporation
winlogon.exe 636 3 228 K 7 548 K Inloggningsprogram för Windows Microsoft Corporation
wininit.exe 468 1 568 K 4 532 K Startprogrammet i Windows Microsoft Corporation
taskhost.exe 1504 3 436 K 7 988 K Värdprocess för Windows-aktiviteter Microsoft Corporation
taskeng.exe 1876 2 128 K 6 080 K Motor för Schemaläggaren Microsoft Corporation
taskeng.exe 1484 1 832 K 5 296 K Motor för Schemaläggaren Microsoft Corporation
svchost.exe 700 4 984 K 10 084 K Värdprocess för Windows-tjänster Microsoft Corporation
svchost.exe 900 17 328 K 17 824 K Värdprocess för Windows-tjänster Microsoft Corporation
svchost.exe 3292 5 472 K 9 212 K Värdprocess för Windows-tjänster Microsoft Corporation
svchost.exe 1572 10 408 K 14 704 K Värdprocess för Windows-tjänster Microsoft Corporation
svchost.exe 2116 1 936 K 5 588 K Värdprocess för Windows-tjänster Microsoft Corporation
spoolsv.exe 1472 6 980 K 12 488 K Undersystem för utskriftshanteraren Microsoft Corporation
smss.exe 268 440 K 1 100 K Windows Sessionshanteraren Microsoft Corporation
services.exe 528 7 676 K 13 356 K Tjänst- och styrenhetsprogram Microsoft Corporation
ServiceLayer.exe 2396 2 684 K 7 008 K ServiceLayer Module Nokia
RAVCpl64.exe 1144 8 372 K 10 564 K HD Audio Control Panel Realtek Semiconductor
QFanHelp.exe 2312 1 748 K 6 720 K
procexp.exe 4592 1 952 K 6 832 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
NvXDSync.exe 1088 7 948 K 18 332 K NVIDIA User Experience Driver Component NVIDIA Corporation
nvvsvc.exe 756 2 752 K 7 628 K NVIDIA Driver Helper Service, Version 285.62 NVIDIA Corporation
nvSCPAPISvr.exe 780 2 596 K 5 848 K Stereo Vision Control Panel API Server NVIDIA Corporation
NclUSBSrv64.exe 3128 1 444 K 4 288 K USB Media Server Nokia
NclMSBTSrvEx.exe 4304 1 384 K 5 100 K Microsoft Bluetooth Media Server Nokia
mDNSResponder.exe 1828 2 108 K 5 648 K Bonjour Service Apple Inc.
lsm.exe 544 2 572 K 4 312 K Lokal sessionshanterartjänst Microsoft Corporation
lsass.exe 536 4 128 K 10 684 K Local Security Authority Process Microsoft Corporation
jusched.exe 2428 1 104 K 4 376 K Java™ Update Scheduler Sun Microsystems, Inc.
DTLite.exe 1696 3 604 K 10 456 K DAEMON Tools Lite DT Soft Ltd
Dropbox.exe 2000 44 320 K 50 832 K Dropbox Dropbox, Inc.
audiodg.exe 416 17 128 K 17 264 K Windows Ljudenhetsgrafisolering Microsoft Corporation


So, I entered the device manager and uninstalled the mouse devices, and I noted that "Microsoft serial ballpoint mouse" was there - I took it away as well. This morning I started my computer and the cursor was crazy. I started the process idle scan, then I turned to the device manager and the microsoft serial ballpoint mouse was there again... So I deleted it and the same second I did that - the problem went away. So I googled Microsoft serial ball... and came to: "http://board.homesee...d.php?p=636601" describing the same problem as I have (hopefully had). And I realized, I got this GPS watch and I've had it plugged in since I got it via usb, so I disconnected it and rebooted. I connected it, and rebooted and the Microsoft was trying to install the ballpoint thingy again, altho' this time it didn't do it completely since it had a exclamation mark attached to it. So I took it away again.

As I see it from the light of this is that Microsoft thought the gps was a sort of mouse and as the watch tried to contact the satelites it also gave this weird inputs to the ballpoint driver who adressed this as a mouse movement - also explains why it continued to move when mouse was unplugged.

For now I do hope this was the real issue, and if so I am really glad that you helped me. Without that I wouldn't have deleted the ballpoint driver and then I woudln't have recognized the reinstallation of the driver and the issue reappearing. So thanks a lot!

I'll get back to this thread within a couple of days when I'm sure this was the problem.

Sincerely, Martin
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
Sounds to me like you found the problem so I will give you the cleanup speech now tho wait until you are sure before you remove the tools:

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week. Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#7
martyboi82

martyboi82

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
No problems with the cursor for over a week now - problem solved =)

Thanks a lot for your help Ron! I have done all steps you asked me to as well!

So, thanks again, I really appreciate it!

Have a nice day!

Martin
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP