Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow login, Freezes at startup, random program crashes [Solved]

Started by Ardelo , Jul 18 2012 01:41 PM

  • This topic is locked This topic is locked

#1
Ardelo
Posted 18 July 2012 - 01:41 PM

Ardelo

    Member

  • Member
  • PipPip
  • 20 posts
Greetings!
I've had some problems with my computer for a while now and I'm not quite sure how to tackle them myself, so I thought I'd come here for some help.
On occasion when starting my computer, it freezes up(pointer and all) when I am prompted to login. This usually occurs after defragmentation (using smart defrag).
My browsers (mozilla, internet explorer) are randomly crashing when too many pages are loaded at once, or buffering streams for a longer period of time. I seem to have some problems with java, as I get java errors and runtime errors overall.
I am getting several Exception access violations, all occurring around 0xc0000005

this is my OTL log



OTL logfile created on: 2012-07-18 21:12:49 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Mina dokument\Hämtade filer\Tibia
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 61,12% Memory free
6,34 Gb Paging File | 5,45 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 3326 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 139,73 Gb Total Space | 38,04 Gb Free Space | 27,22% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 27,57 Gb Free Space | 3,95% Space Free | Partition Type: NTFS
Drive F: | 586,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SIMTOR | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-18 21:12:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Mina dokument\Hämtade filer\Tibia\OTL.exe
PRC - [2012-07-18 18:13:58 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\firefox.exe
PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-05-24 20:33:34 | 002,040,616 | ---- | M] (NesterSoft Inc.) -- D:\program\TimeLeft3\TimeLeft.exe
PRC - [2012-05-24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012-05-11 16:19:42 | 001,599,832 | ---- | M] (IObit) -- C:\Program\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012-04-18 21:35:42 | 001,234,808 | ---- | M] (Apple Inc.) -- C:\Program\QuickTime\QuickTimePlayer.exe
PRC - [2012-03-01 01:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-01-18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Delade filer\Java\Java Update\jusched.exe
PRC - [2011-10-27 00:37:15 | 001,191,216 | ---- | M] (Lavasoft Limited) -- D:\program\Adaware\AAWTray.exe
PRC - [2011-10-27 00:37:14 | 002,152,152 | ---- | M] (Lavasoft Limited) -- D:\program\Adaware\AAWService.exe
PRC - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program\Eset\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011-09-22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program\Eset\ESET NOD32 Antivirus\egui.exe
PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program\DAEMON Tools Lite\DTLite.exe
PRC - [2010-01-08 01:26:54 | 002,478,080 | ---- | M] (SEC) -- C:\Program\MagicTune Premium\MagicTune.exe
PRC - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-08-18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007-08-23 16:05:00 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\MagicTuneEngine.exe
PRC - [2006-07-20 20:38:26 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program\Delade filer\LightScribe\LSSrvc.exe
PRC - [2006-03-20 15:37:52 | 005,689,344 | ---- | M] (Gabest) -- C:\Program\Media Player Classic\mplayerc.exe
PRC - [2005-09-24 10:54:15 | 000,050,176 | ---- | M] () -- C:\Program\KatMouse\KatMouse.exe
PRC - [2002-03-19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2000-05-20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012-07-18 18:13:57 | 002,003,424 | ---- | M] () -- C:\Program\Mozilla Firefox\mozjs.dll
MOD - [2012-05-30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program\Delade filer\Apple\Apple Application Support\zlib1.dll
MOD - [2012-05-30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program\Delade filer\Apple\Apple Application Support\libxml2.dll
MOD - [2012-02-20 09:52:41 | 008,358,400 | ---- | M] () -- D:\program\XSplit\avcodec-54.dll
MOD - [2012-02-20 09:52:41 | 001,152,512 | ---- | M] () -- D:\program\XSplit\avformat-54.dll
MOD - [2012-02-20 09:52:41 | 000,333,824 | ---- | M] () -- D:\program\XSplit\swscale-2.dll
MOD - [2012-02-20 09:52:41 | 000,151,040 | ---- | M] () -- D:\program\XSplit\avutil-51.dll
MOD - [2012-02-05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012-02-05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011-09-27 11:28:37 | 000,430,568 | ---- | M] () -- D:\program\Adaware\VipreBridge.dll
MOD - [2011-09-27 11:28:36 | 000,589,184 | ---- | M] () -- D:\program\Adaware\RPAPI.dll
MOD - [2011-09-27 11:27:59 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011-09-05 19:05:00 | 000,300,544 | ---- | M] () -- C:\Program\Delade filer\Adobe\Acrobat\ActiveX\PDFShell.SVE
MOD - [2011-08-19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011-08-18 15:25:12 | 000,308,560 | ---- | M] () -- D:\program\Adaware\Vipre.dll
MOD - [2011-03-29 10:00:00 | 003,663,872 | ---- | M] () -- C:\Program\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2011-03-03 12:40:46 | 000,552,960 | ---- | M] () -- C:\Program\K-Lite Codec Pack\Filters\Haali\splitter.ax
MOD - [2011-03-03 12:40:08 | 000,150,528 | ---- | M] () -- C:\Program\K-Lite Codec Pack\Filters\Haali\mkx.dll
MOD - [2011-03-03 12:35:32 | 000,080,384 | ---- | M] () -- C:\Program\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
MOD - [2011-03-03 12:35:26 | 000,024,576 | ---- | M] () -- C:\Program\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2010-11-08 17:15:40 | 000,296,448 | ---- | M] () -- D:\program\Notepad++\NppShell_04.dll
MOD - [2010-01-08 16:11:12 | 000,077,824 | ---- | M] () -- C:\Program\MagicTune Premium\MagicTuneCore.dll
MOD - [2010-01-08 01:26:48 | 000,065,536 | ---- | M] () -- C:\Program\MagicTune Premium\MTResSwe.dll
MOD - [2010-01-08 01:25:36 | 000,032,768 | ---- | M] () -- C:\Program\MagicTune Premium\HzZone.dll
MOD - [2010-01-08 01:25:34 | 000,040,960 | ---- | M] () -- C:\Program\MagicTune Premium\DProfile.dll
MOD - [2010-01-08 01:25:32 | 000,040,960 | ---- | M] () -- C:\Program\MagicTune Premium\EProfile.dll
MOD - [2010-01-08 01:25:30 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\VESADll.dll
MOD - [2010-01-08 01:25:30 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\IProfile.dll
MOD - [2010-01-08 01:25:28 | 000,040,960 | ---- | M] () -- C:\Program\MagicTune Premium\DeviceInterface.dll
MOD - [2010-01-08 01:25:28 | 000,032,768 | ---- | M] () -- C:\Program\MagicTune Premium\Highlight.dll
MOD - [2008-04-14 18:05:25 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008-04-14 18:04:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007-08-23 16:05:00 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\MagicTuneEngine.exe
MOD - [2006-01-11 14:50:30 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\ctxmagic.dll
MOD - [2005-10-07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program\WinRAR\RarExt.dll
MOD - [2005-09-24 10:54:15 | 000,050,176 | ---- | M] () -- C:\Program\KatMouse\KatMouse.exe
MOD - [2005-09-24 10:52:47 | 000,035,328 | ---- | M] () -- C:\Program\KatMouse\KatMouseS.dll
MOD - [2005-04-19 13:53:44 | 000,013,824 | ---- | M] () -- D:\program\TimeLeft3\trayclock.dll
MOD - [2004-08-04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2002-03-19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001-10-28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [2000-05-20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-07-18 18:13:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-07-12 01:37:22 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012-03-01 01:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-27 00:37:14 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- D:\program\Adaware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program\Eset\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011-08-15 23:19:01 | 000,095,744 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\rnpasswd.exe -- (Passwdrenew)
SRV - [2010-07-04 11:49:14 | 000,075,496 | ---- | M] (tzuk) [On_Demand | Stopped] -- D:\program\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009-10-20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009-06-03 19:39:00 | 003,116,380 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007-09-01 21:04:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007-08-23 16:05:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2006-07-20 20:38:26 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program\Delade filer\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva132.sys -- (XDva132)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Video3D32.sys -- (Video3D)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Senfilt.sys -- (SenFiltService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\nvflash.sys -- (NVR0FLASHDev)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\m5281.sys -- (m5281)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\m5228.sys -- (m5228)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\TEMP\QDV6AA.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\fetnd5.sys -- (FETNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es_07a5le.sys -- (es_07a5le.sys)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPANEL.SYS -- (Cardex)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\asusgsb32.sys -- (asusgsb)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aqztyur5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2011-09-27 11:28:29 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011-09-21 16:55:29 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011-08-18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011-08-09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011-08-04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011-08-04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011-05-15 20:59:10 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011-05-15 20:59:10 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-11-26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010-07-04 11:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- D:\program\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010-02-24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009-10-20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009-08-22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\program\Riva\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009-06-04 14:53:04 | 000,014,080 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2009-03-27 02:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008-06-26 19:18:28 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-04-13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-01-20 09:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008-01-17 11:51:30 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008-01-03 22:34:46 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007-09-05 01:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007-09-04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007-07-02 12:00:50 | 000,466,176 | R--- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2006-12-26 14:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006-12-08 17:06:00 | 000,139,776 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)
DRV - [2006-11-22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006-10-01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006-08-07 16:39:24 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-08-07 16:39:22 | 000,052,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-07-26 08:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006-02-26 17:02:49 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005-12-22 04:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005-06-06 03:44:05 | 000,091,841 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2001-08-17 20:50:18 | 000,198,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv3.sys -- (nv3)
DRV - [2001-06-21 22:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001-06-21 22:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {7E5E24B4-EEF8-434C-BDBC-BCAD9BBF6B5F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{29908A7B-F1DE-4E40-A776-377D25340F4A}: "URL" = http://uk.search.yah...=UTF-8&meta=vc=
IE - HKCU\..\SearchScopes\{63EDF7ED-D3AF-4B6E-A555-7C6C7B120E6B}: "URL" = http://www.virgin.co...d={searchTerms}
IE - HKCU\..\SearchScopes\{76393830-C464-47DC-801D-93451CD56756}: "URL" = http://en.wikipedia....i/{searchTerms}
IE - HKCU\..\SearchScopes\{7E5E24B4-EEF8-434C-BDBC-BCAD9BBF6B5F}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{A0629818-8073-4C5A-AFDB-C3505A1CE593}: "URL" = http://search.micros...q={searchTerms}
IE - HKCU\..\SearchScopes\{EC6631C7-7B86-4ED0-BE3D-A322CFFA7C18}: "URL" = http://www.cnet.co.u...y={searchTerms}
IE - HKCU\..\SearchScopes\{F9633607-1D2D-4AE4-8225-A55307BC5B84}: "URL" = http://search.lycos....hTerms}&cat=loc
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.100530
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.101028
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.5
FF - prefs.js..extensions.enabledItems: {9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1.6
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program\DivX beta\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: d:\program\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: d:\program\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: d:\program\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program\ekort [2009-06-05 16:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-13 17:45:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program\Mozilla Firefox\components [2012-07-18 18:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2012-07-17 17:00:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-03-30 17:37:07 | 000,000,000 | ---D | M]

[2009-06-29 22:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Extensions
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\[email protected]
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (Save Session) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\[email protected]
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\staged
[2012-07-11 20:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\2cihnqmz.default\extensions
[2012-03-19 15:04:30 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\2cihnqmz.default\extensions\[email protected]
[2012-06-14 09:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2012-07-18 09:37:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-06-14 09:13:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\[email protected]
[2012-06-14 09:13:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009-08-06 22:13:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012-07-18 18:13:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program\mozilla firefox\components\browsercomps.dll
[2012-06-13 17:44:40 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program\mozilla firefox\plugins\nprpplugin.dll
[2012-06-17 15:31:23 | 000,001,470 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2012-06-17 15:31:23 | 000,002,252 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\bing.xml
[2012-06-17 15:31:23 | 000,002,670 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2012-06-17 15:31:23 | 000,000,948 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2012-06-17 15:31:23 | 000,001,174 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2012-06-17 15:31:23 | 000,000,951 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010-01-28 13:54:09 | 000,378,851 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 13023 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (EkortBrowserHelper Class) - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\Program\ekort\Bhoekort.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PrivBar) - {300BC64A-BF32-4cc8-8917-91148CEFE700} - C:\WINDOWS\system32\PrivBar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program\Delade filer\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [egui] C:\Program\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\KatMouse.lnk = C:\Program\KatMouse\KatMouse.exe ()
O4 - Startup: C:\Documents and Settings\Simon\Start-meny\Program\Autostart\ERUNT AutoBackup.lnk = C:\Program\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Simon\Start-meny\Program\Autostart\TimeLeft.lnk = D:\program\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = C6 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1264687217000 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193320692211 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341328418640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28A602FC-3462-44CF-BA7B-D2B80B9932EB}: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68EC4009-C1F1-412E-8294-9F60C0B5559A}: NameServer = 148.160.16.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5AA939D-2DB5-4454-96E1-E3CF8CF1B3C7}: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C80C35B6-1CDA-491E-85C4-DA3A3F30B769}: DhcpNameServer = 192.168.0.10
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\winexz32: DllName - (winexz32.dll) - File not found
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Simon\Skrivbord\Firefox-bakgrund.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon\Skrivbord\Firefox-bakgrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-05-20 15:22:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-01-02 19:49:48 | 000,076,591 | ---- | M] () - D:\AutoMouseClicker.zip -- [ NTFS ]
O32 - AutoRun File - [2001-03-16 19:12:14 | 000,000,000 | R--D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2001-02-19 16:44:10 | 000,305,664 | R--- | M] (Blue Byte Software, Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001-01-31 18:49:50 | 000,000,096 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{011bcda2-0736-11dc-8cca-0018f3f5fe24}\Shell - "" = AutoRun
O33 - MountPoints2\{011bcda2-0736-11dc-8cca-0018f3f5fe24}\Shell\AutoRun\command - "" = M:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{1e3d0ad4-127a-11df-a5b8-001a927d4728}\Shell\AutoRun\command - "" = install.exe /AUTORUN
O33 - MountPoints2\{1e3d0ad4-127a-11df-a5b8-001a927d4728}\Shell\configure\command - "" = install.exe
O33 - MountPoints2\{1e3d0ad4-127a-11df-a5b8-001a927d4728}\Shell\install\command - "" = install.exe
O33 - MountPoints2\{3272a740-fd84-11e0-9884-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3272a740-fd84-11e0-9884-806d6172696f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2001-02-19 16:44:10 | 000,305,664 | R--- | M] (Blue Byte Software, Inc.)
O33 - MountPoints2\{d926da0e-138e-11dd-b58f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d926da0e-138e-11dd-b58f-806d6172696f}\Shell\AutoRun\command - "" = X:\autorun.exe
O33 - MountPoints2\{d926da0e-138e-11dd-b58f-806d6172696f}\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2099-05-27 18:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\PCHealth
[2099-05-27 18:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\MigWiz
[2012-07-18 21:06:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012-07-18 09:37:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-07-17 17:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\QuickTime
[2012-07-10 21:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\iTunes
[2012-07-10 21:31:01 | 000,000,000 | ---D | C] -- C:\Program\iPod
[2012-07-10 21:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012-07-10 21:29:51 | 000,000,000 | ---D | C] -- C:\Program\Apple Software Update
[2012-07-10 21:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012-07-10 16:00:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009-03-04 19:21:48 | 000,270,128 | ---- | C] (BitTorrent, Inc.) -- C:\Program\utorrent.exe
[2007-08-04 17:40:15 | 000,098,304 | ---- | C] (Doug Knox) -- C:\Program\xp_remove_hotfix_backup.exe
[2007-05-23 09:39:50 | 000,035,840 | ---- | C] (Twenty One Twelve, Inc.) -- C:\Program\AUTOEJCT.EXE
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-07-18 21:17:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4594A47E-546A-465D-BDA9-39737758D55D}.job
[2012-07-18 21:04:42 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012-07-18 21:04:33 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-113007714-839522115-1004.job
[2012-07-18 21:04:31 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-18 21:04:24 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012-07-18 21:03:53 | 008,405,015 | ---- | M] () -- C:\WINDOWS\hlktmp
[2012-07-18 21:03:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-18 21:03:38 | 3488,141,312 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-18 21:00:00 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\A76A34459055A791.job
[2012-07-18 20:41:01 | 000,187,904 | ---- | M] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-18 20:37:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-07-18 14:56:14 | 000,010,000 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-18 13:11:39 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{07B16E4F-F152-4E8F-8589-4DBC7A88C970}.job
[2012-07-17 11:35:33 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-07-17 11:35:33 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012-07-17 07:19:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-07-15 18:33:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-113007714-839522115-1004.job
[2012-07-14 21:36:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012-07-14 16:20:43 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\Simon\Skrivbord\Dota 2.url
[2012-07-11 21:10:47 | 000,046,416 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012-07-11 07:24:04 | 001,532,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-11 07:01:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-07-10 21:31:59 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Simon\Skrivbord\iTunes.lnk
[2012-07-03 17:26:22 | 000,002,900 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012-06-28 06:29:47 | 000,016,835 | ---- | M] () -- C:\Documents and Settings\Simon\Skrivbord\Skärmklipph.JPG
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-07-14 16:20:43 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\Simon\Skrivbord\Dota 2.url
[2012-07-11 22:07:42 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Simon\Skrivbord\iTunes.lnk
[2012-07-11 21:10:47 | 000,046,416 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012-07-10 21:29:52 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Apple Software Update.lnk
[2012-07-10 21:29:52 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-06-28 06:29:47 | 000,016,835 | ---- | C] () -- C:\Documents and Settings\Simon\Skrivbord\Skärmklipph.JPG
[2012-05-22 18:18:19 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012-05-05 01:28:46 | 000,322,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\WPFFontCache_v0400-System.dat
[2012-04-30 22:28:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012-04-30 22:28:03 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012-04-30 22:28:03 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2012-04-30 22:23:35 | 000,029,366 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2012-04-05 06:36:10 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-05 06:36:10 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-05 06:36:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-05 06:35:14 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-03-28 23:48:13 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2012-02-16 12:39:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-05 18:32:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011-11-17 23:12:06 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011-09-27 13:59:29 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011-08-15 23:18:27 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\rnpasswd.exe
[2011-06-04 17:15:24 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-05-07 05:33:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI
[2011-04-27 05:00:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-04-27 05:00:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-04-22 18:45:27 | 001,193,984 | ---- | C] () -- C:\WINDOWS\is-NMD9K.exe
[2011-02-17 15:56:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\housecall.guid.cache
[2011-01-22 15:13:51 | 000,000,076 | ---- | C] () -- C:\WINDOWS\My Settings.ini
[2010-08-04 19:01:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010-08-01 14:41:07 | 000,002,900 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010-02-21 12:43:32 | 000,004,586 | ---- | C] () -- C:\Documents and Settings\Simon\client.ovpn
[2010-02-21 12:43:32 | 000,002,818 | ---- | C] () -- C:\Documents and Settings\Simon\ca.crt
[2010-02-21 12:43:32 | 000,001,419 | ---- | C] () -- C:\Documents and Settings\Simon\server.crt
[2010-02-21 12:43:32 | 000,001,419 | ---- | C] () -- C:\Documents and Settings\Simon\client.crt
[2010-02-21 12:43:32 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Simon\client.key
[2010-02-15 21:37:11 | 000,034,204 | ---- | C] () -- C:\Documents and Settings\Simon\.ems.cfg
[2009-09-03 21:06:28 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Simon\jagex_runescape_preferences2.dat
[2009-08-06 12:53:38 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\Simon\jagex_runescape_preferences.dat
[2009-05-11 16:58:28 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2009-01-04 14:25:47 | 000,000,106 | ---- | C] () -- C:\Program\path.ini
[2008-05-09 01:44:59 | 000,000,222 | ---- | C] () -- C:\Program\pink.bmp
[2008-04-11 01:13:34 | 000,004,162 | ---- | C] () -- C:\Program\color1.bmp
[2008-02-22 19:59:30 | 000,023,446 | ---- | C] () -- C:\Program\bk2.jpg
[2008-02-22 19:59:30 | 000,019,636 | ---- | C] () -- C:\Program\th_07.jpg
[2008-02-22 19:59:30 | 000,010,528 | ---- | C] () -- C:\Program\else.gif
[2008-02-22 19:59:30 | 000,000,680 | ---- | C] () -- C:\Program\bl_07.jpg
[2007-10-06 11:06:22 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007-07-28 21:00:09 | 000,007,048 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2007-05-21 00:55:08 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-05-20 15:27:46 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\fusioncache.dat

========== LOP Check ==========

[2007-08-04 19:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2007-12-23 15:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2009-01-25 17:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012-04-20 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2011-08-20 16:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2009-06-11 10:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrazyBump
[2011-09-30 17:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011-09-30 18:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011-05-26 20:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DinsCurse
[2011-10-23 22:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011-09-10 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011-10-23 22:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012-03-30 17:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011-03-20 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileServe Limited
[2008-05-24 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2011-10-04 22:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXN
[2011-08-20 16:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010-12-29 20:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009-06-11 10:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\licensecb
[2009-09-03 16:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotionDSP
[2009-06-22 15:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2012-05-02 17:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008-12-27 14:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pqdklkxw
[2012-05-04 23:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SplitMediaLabs
[2012-05-04 23:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-07-05 21:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2012-07-10 21:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-04-20 18:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010-10-07 16:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\.minecraft
[2009-01-04 19:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Atari
[2009-01-25 17:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Autodesk
[2008-11-06 20:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\CopyRed Alert 3
[2012-06-03 23:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\DAEMON Tools Lite
[2011-09-30 18:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\DAEMON Tools Pro
[2008-05-06 22:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Dev-Cpp
[2008-08-31 01:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\DNA
[2010-03-07 16:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\GetRightToGo
[2011-10-04 22:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\go
[2009-12-06 17:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\gtk-2.0
[2012-01-28 23:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\IObit
[2011-05-16 17:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Kalypso Media
[2007-05-21 00:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Leadertech
[2010-05-11 19:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\LolClient
[2009-10-20 20:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010-08-04 18:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Megaupload
[2011-02-01 19:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Moyea
[2011-08-20 15:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\MySQL
[2012-06-08 21:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\NesterSoft
[2012-03-21 16:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Notepad++
[2007-05-20 23:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\OfficeUpdate12
[2009-11-01 14:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Opera
[2012-02-05 18:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\pdfforge
[2008-12-05 16:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Red Alert 3
[2009-03-14 18:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Remere's Map Editor
[2010-08-29 20:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Roads Of Rome
[2009-12-10 19:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\runic games
[2010-07-04 14:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Sierra
[2011-08-22 16:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SmygIP
[2012-05-04 23:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SplitMediaLabs
[2008-09-07 13:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Spore
[2012-04-17 16:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Spotify
[2010-06-14 12:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SystemRequirementsLab
[2012-05-01 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TeamViewer
[2012-01-20 08:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Tibia
[2010-09-09 23:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TibiaAlt
[2010-08-27 10:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TibiaWeirds
[2011-02-20 21:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TS3Client
[2010-07-05 21:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Ubisoft
[2012-04-29 14:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Windows Search
[2009-12-15 01:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Wireshark
[2012-07-18 21:00:00 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\Tasks\A76A34459055A791.job
[2012-07-18 21:04:42 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011-11-18 07:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\script.job
[2012-07-18 21:04:24 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2008-05-24 11:20:32 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\sth.job
[2008-05-24 11:20:40 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\sth2.job
[2012-07-18 13:11:39 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{07B16E4F-F152-4E8F-8589-4DBC7A88C970}.job
[2012-07-18 21:17:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4594A47E-546A-465D-BDA9-39737758D55D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
@Alternate Data Stream - 962 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24721E3C
@Alternate Data Stream - 548 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E41EAF13
@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 269 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BE50C2B
@Alternate Data Stream - 245 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE74317
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

All and any help is deeply appreciated.
  • 0

Advertisements

#2
CompCav
Posted 28 July 2012 - 09:27 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, Ardelo! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

We apologize for the wait. Since it has been a few days we will need new OTL log as well. Please follow the steps below.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt

Give me an update on your computer's issues.
  • 0

#3
Ardelo
Posted 28 July 2012 - 12:14 PM

Ardelo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
In your order

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 19:57:02
-----------------------------
19:57:02.359 OS Version: Windows 5.1.2600 Service Pack 3
19:57:02.359 Number of processors: 2 586 0xF06
19:57:02.375 ComputerName: SIMTOR UserName: Simon
19:57:10.859 Initialize success
19:57:59.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
19:57:59.296 Disk 0 Vendor: WDC_WD1500ADFD-00NLR1 20.07P20 Size: 143089MB BusType: 3
19:57:59.296 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-10
19:57:59.296 Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01107 Size: 715404MB BusType: 3
19:57:59.312 Disk 0 MBR read successfully
19:57:59.312 Disk 0 MBR scan
19:57:59.312 Disk 0 unknown MBR code
19:57:59.312 Disk 0 MBR hidden
19:57:59.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143086 MB offset 63
19:57:59.328 Disk 0 scanning sectors +293041665
19:57:59.359 Disk 0 malicious Win32:MBRoot code @ sector 293041668 !
19:57:59.359 Disk 0 PE file @ sector 293041690 !
19:57:59.359 Disk 0 MBR [Win32:MBRoot] **ROOTKIT**
19:57:59.359 Disk 0 trace - called modules:
19:57:59.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8af874c8]<<
19:57:59.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b002ab8]
19:57:59.359 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000008b[0x8af88f18]
19:57:59.359 5 ACPI.sys[b7e69620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8af87d98]
19:57:59.359 Scan finished successfully
19:58:23.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Simon\Skrivbord\MBR.dat"
19:58:23.640 The log file has been saved successfully to "C:\Documents and Settings\Simon\Skrivbord\aswMBR.txt"

OTL logfile created on: 2012-07-28 20:03:02 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Mina dokument\Hämtade filer\Tibia
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 72,99% Memory free
6,34 Gb Paging File | 5,69 Gb Available in Paging File | 89,78% Paging File free
Paging file location(s): C:\pagefile.sys 3326 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 139,73 Gb Total Space | 36,72 Gb Free Space | 26,28% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 30,18 Gb Free Space | 4,32% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 53,84 Gb Free Space | 72,24% Space Free | Partition Type: NTFS
Drive F: | 586,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 6,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SIMTOR | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-28 19:58:36 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Mina dokument\Hämtade filer\Tibia\OTL(1).exe
PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-05-24 20:33:34 | 002,040,616 | ---- | M] (NesterSoft Inc.) -- D:\program\TimeLeft3\TimeLeft.exe
PRC - [2012-05-24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012-05-11 16:19:42 | 001,599,832 | ---- | M] (IObit) -- C:\Program\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012-03-01 01:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-01-18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Delade filer\Java\Java Update\jusched.exe
PRC - [2011-11-13 03:06:36 | 001,589,248 | ---- | M] (Don HO [email protected]) -- D:\program\Notepad++\notepad++.exe
PRC - [2011-10-27 00:37:15 | 001,191,216 | ---- | M] (Lavasoft Limited) -- D:\program\Adaware\AAWTray.exe
PRC - [2011-10-27 00:37:14 | 002,152,152 | ---- | M] (Lavasoft Limited) -- D:\program\Adaware\AAWService.exe
PRC - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program\Eset\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011-09-22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program\Eset\ESET NOD32 Antivirus\egui.exe
PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program\DAEMON Tools Lite\DTLite.exe
PRC - [2010-01-08 01:26:54 | 002,478,080 | ---- | M] (SEC) -- C:\Program\MagicTune Premium\MagicTune.exe
PRC - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-08-18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007-08-23 16:05:00 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\MagicTuneEngine.exe
PRC - [2006-07-20 20:38:26 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program\Delade filer\LightScribe\LSSrvc.exe
PRC - [2005-09-24 10:54:15 | 000,050,176 | ---- | M] () -- C:\Program\KatMouse\KatMouse.exe
PRC - [2002-03-19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2000-05-20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012-05-30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program\Delade filer\Apple\Apple Application Support\zlib1.dll
MOD - [2012-05-30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program\Delade filer\Apple\Apple Application Support\libxml2.dll
MOD - [2012-03-01 01:58:00 | 000,357,184 | ---- | M] () -- C:\Program\NVIDIA Corporation\nView\nvShell.dll
MOD - [2012-02-05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012-02-05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011-09-27 11:28:37 | 000,430,568 | ---- | M] () -- D:\program\Adaware\VipreBridge.dll
MOD - [2011-09-27 11:28:36 | 000,589,184 | ---- | M] () -- D:\program\Adaware\RPAPI.dll
MOD - [2011-09-27 11:27:59 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011-09-21 22:46:28 | 001,673,728 | ---- | M] () -- D:\program\Notepad++\plugins\NppFTP.dll
MOD - [2011-09-05 19:05:00 | 000,300,544 | ---- | M] () -- C:\Program\Delade filer\Adobe\Acrobat\ActiveX\PDFShell.SVE
MOD - [2011-08-19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011-08-18 15:25:12 | 000,308,560 | ---- | M] () -- D:\program\Adaware\Vipre.dll
MOD - [2011-07-18 23:07:28 | 000,014,336 | ---- | M] () -- D:\program\Notepad++\plugins\NppExport.dll
MOD - [2010-11-08 17:15:40 | 000,296,448 | ---- | M] () -- D:\program\Notepad++\NppShell_04.dll
MOD - [2010-08-15 20:34:24 | 000,204,800 | ---- | M] () -- D:\program\Notepad++\plugins\ComparePlugin.dll
MOD - [2010-01-08 16:11:12 | 000,077,824 | ---- | M] () -- C:\Program\MagicTune Premium\MagicTuneCore.dll
MOD - [2010-01-08 01:26:48 | 000,065,536 | ---- | M] () -- C:\Program\MagicTune Premium\MTResSwe.dll
MOD - [2010-01-08 01:25:36 | 000,032,768 | ---- | M] () -- C:\Program\MagicTune Premium\HzZone.dll
MOD - [2010-01-08 01:25:34 | 000,040,960 | ---- | M] () -- C:\Program\MagicTune Premium\DProfile.dll
MOD - [2010-01-08 01:25:32 | 000,040,960 | ---- | M] () -- C:\Program\MagicTune Premium\EProfile.dll
MOD - [2010-01-08 01:25:30 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\VESADll.dll
MOD - [2010-01-08 01:25:30 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\IProfile.dll
MOD - [2010-01-08 01:25:28 | 000,040,960 | ---- | M] () -- C:\Program\MagicTune Premium\DeviceInterface.dll
MOD - [2010-01-08 01:25:28 | 000,032,768 | ---- | M] () -- C:\Program\MagicTune Premium\Highlight.dll
MOD - [2008-11-11 19:48:40 | 000,074,240 | ---- | M] () -- D:\program\Notepad++\plugins\NppNetNote.dll
MOD - [2008-04-14 18:04:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007-08-23 16:05:00 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\MagicTuneEngine.exe
MOD - [2007-08-05 03:10:52 | 000,250,368 | ---- | M] () -- D:\program\Notepad++\plugins\Config\tidy\libTidy.dll
MOD - [2006-01-11 14:50:30 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\ctxmagic.dll
MOD - [2005-10-07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program\WinRAR\RarExt.dll
MOD - [2005-09-24 10:54:15 | 000,050,176 | ---- | M] () -- C:\Program\KatMouse\KatMouse.exe
MOD - [2005-09-24 10:52:47 | 000,035,328 | ---- | M] () -- C:\Program\KatMouse\KatMouseS.dll
MOD - [2005-04-19 13:53:44 | 000,013,824 | ---- | M] () -- D:\program\TimeLeft3\trayclock.dll
MOD - [2002-03-19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001-10-28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [2000-05-20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-07-27 18:37:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-18 18:13:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012-03-01 01:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-27 00:37:14 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- D:\program\Adaware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program\Eset\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011-08-15 23:19:01 | 000,095,744 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\rnpasswd.exe -- (Passwdrenew)
SRV - [2010-07-04 11:49:14 | 000,075,496 | ---- | M] (tzuk) [On_Demand | Stopped] -- D:\program\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009-10-20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009-06-03 19:39:00 | 003,116,380 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007-09-01 21:04:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007-08-23 16:05:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2006-07-20 20:38:26 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program\Delade filer\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva132.sys -- (XDva132)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Video3D32.sys -- (Video3D)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Senfilt.sys -- (SenFiltService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\nvflash.sys -- (NVR0FLASHDev)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\m5281.sys -- (m5281)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\m5228.sys -- (m5228)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\TEMP\QDV6AA.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\fetnd5.sys -- (FETNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es_07a5le.sys -- (es_07a5le.sys)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPANEL.SYS -- (Cardex)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\TEMP\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\asusgsb32.sys -- (asusgsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ac1jvdzq)
DRV - [2011-09-27 11:28:29 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011-09-21 16:55:29 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011-08-18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011-08-18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- D:\program\Adaware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011-08-09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011-08-04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011-08-04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011-05-15 20:59:10 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011-05-15 20:59:10 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-11-26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010-07-04 11:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- D:\program\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010-02-24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009-10-20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009-08-22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\program\Riva\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009-06-04 14:53:04 | 000,014,080 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2009-03-27 02:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008-06-26 19:18:28 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-04-13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-01-20 09:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008-01-17 11:51:30 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008-01-03 22:34:46 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007-09-05 01:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007-09-04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007-07-02 12:00:50 | 000,466,176 | R--- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2006-12-26 14:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006-12-08 17:06:00 | 000,139,776 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)
DRV - [2006-11-22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006-10-01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006-08-07 16:39:24 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-08-07 16:39:22 | 000,052,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-07-26 08:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006-02-26 17:02:49 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005-12-22 04:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005-06-06 03:44:05 | 000,091,841 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2001-08-17 20:50:18 | 000,198,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv3.sys -- (nv3)
DRV - [2001-06-21 22:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001-06-21 22:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes,DefaultScope = {7E5E24B4-EEF8-434C-BDBC-BCAD9BBF6B5F}
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{29908A7B-F1DE-4E40-A776-377D25340F4A}: "URL" = http://uk.search.yah...=UTF-8&meta=vc=
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{63EDF7ED-D3AF-4B6E-A555-7C6C7B120E6B}: "URL" = http://www.virgin.co...d={searchTerms}
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{76393830-C464-47DC-801D-93451CD56756}: "URL" = http://en.wikipedia....i/{searchTerms}
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{7E5E24B4-EEF8-434C-BDBC-BCAD9BBF6B5F}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{A0629818-8073-4C5A-AFDB-C3505A1CE593}: "URL" = http://search.micros...q={searchTerms}
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{EC6631C7-7B86-4ED0-BE3D-A322CFFA7C18}: "URL" = http://www.cnet.co.u...y={searchTerms}
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{F9633607-1D2D-4AE4-8225-A55307BC5B84}: "URL" = http://search.lycos....hTerms}&cat=loc
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1935655697-113007714-839522115-1022\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.100530
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.101028
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.5
FF - prefs.js..extensions.enabledItems: {9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1.6
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program\DivX beta\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: d:\program\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: d:\program\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: d:\program\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program\ekort [2009-06-05 16:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-13 17:45:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program\Mozilla Firefox\components [2012-07-18 18:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2012-07-17 17:00:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-03-30 17:37:07 | 000,000,000 | ---D | M]

[2009-06-29 22:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Extensions
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\[email protected]
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (Save Session) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\[email protected]
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\staged
[2012-07-26 16:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\2cihnqmz.default\extensions
[2012-03-19 15:04:30 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\2cihnqmz.default\extensions\[email protected]
[2012-06-14 09:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2012-07-18 09:37:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-06-14 09:13:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\[email protected]
[2012-06-14 09:13:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009-08-06 22:13:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012-07-18 18:13:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program\mozilla firefox\components\browsercomps.dll
[2012-06-13 17:44:40 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program\mozilla firefox\plugins\nprpplugin.dll
[2012-06-17 15:31:23 | 000,001,470 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2012-06-17 15:31:23 | 000,002,252 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\bing.xml
[2012-06-17 15:31:23 | 000,002,670 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2012-06-17 15:31:23 | 000,000,948 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2012-06-17 15:31:23 | 000,001,174 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2012-06-17 15:31:23 | 000,000,951 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010-01-28 13:54:09 | 000,378,851 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 13023 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (EkortBrowserHelper Class) - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\Program\ekort\Bhoekort.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PrivBar) - {300BC64A-BF32-4cc8-8917-91148CEFE700} - C:\WINDOWS\system32\PrivBar.dll ()
O3 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program\Delade filer\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [egui] C:\Program\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1935655697-113007714-839522115-1004..\Run: [DAEMON Tools Lite] C:\Program\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1935655697-113007714-839522115-1004..\Run: [NVIDIA nTune] C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1935655697-113007714-839522115-1022..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\KatMouse.lnk = C:\Program\KatMouse\KatMouse.exe ()
O4 - Startup: C:\Documents and Settings\root\Start-meny\Program\Autostart\ERUNT AutoBackup.lnk = C:\Program\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Simon\Start-meny\Program\Autostart\ERUNT AutoBackup.lnk = C:\Program\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Simon\Start-meny\Program\Autostart\TimeLeft.lnk = D:\program\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = C6 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1022\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1022\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1264687217000 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193320692211 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341328418640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28A602FC-3462-44CF-BA7B-D2B80B9932EB}: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68EC4009-C1F1-412E-8294-9F60C0B5559A}: NameServer = 148.160.16.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5AA939D-2DB5-4454-96E1-E3CF8CF1B3C7}: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C80C35B6-1CDA-491E-85C4-DA3A3F30B769}: DhcpNameServer = 192.168.0.10
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\winexz32: DllName - (winexz32.dll) - File not found
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Simon\Skrivbord\Firefox-bakgrund.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon\Skrivbord\Firefox-bakgrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-05-20 15:22:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-01-02 19:49:48 | 000,076,591 | ---- | M] () - D:\AutoMouseClicker.zip -- [ NTFS ]
O32 - AutoRun File - [2001-03-16 19:12:14 | 000,000,000 | R--D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2001-02-19 16:44:10 | 000,305,664 | R--- | M] (Blue Byte Software, Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001-01-31 18:49:50 | 000,000,096 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008-04-01 14:31:10 | 000,000,052 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{011bcda2-0736-11dc-8cca-0018f3f5fe24}\Shell - "" = AutoRun
O33 - MountPoints2\{011bcda2-0736-11dc-8cca-0018f3f5fe24}\Shell\AutoRun\command - "" = M:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{1e3d0ad4-127a-11df-a5b8-001a927d4728}\Shell\AutoRun\command - "" = install.exe /AUTORUN
O33 - MountPoints2\{1e3d0ad4-127a-11df-a5b8-001a927d4728}\Shell\configure\command - "" = install.exe
O33 - MountPoints2\{1e3d0ad4-127a-11df-a5b8-001a927d4728}\Shell\install\command - "" = install.exe
O33 - MountPoints2\{3272a740-fd84-11e0-9884-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3272a740-fd84-11e0-9884-806d6172696f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2001-02-19 16:44:10 | 000,305,664 | R--- | M] (Blue Byte Software, Inc.)
O33 - MountPoints2\{3b5003db-e443-11e0-935f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3b5003db-e443-11e0-935f-806d6172696f}\Shell\AutoRun\command - "" = X:\setup.exe -- [2008-04-07 12:49:39 | 000,095,472 | R--- | M] (Funcom)
O33 - MountPoints2\{d926da0e-138e-11dd-b58f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d926da0e-138e-11dd-b58f-806d6172696f}\Shell\AutoRun\command - "" = X:\autorun.exe
O33 - MountPoints2\{d926da0e-138e-11dd-b58f-806d6172696f}\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2099-05-27 18:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\PCHealth
[2099-05-27 18:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\MigWiz
[2012-07-28 19:57:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Simon\Recent
[2012-07-28 19:20:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012-07-28 19:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\media center programs
[2012-07-28 19:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Funcom
[2012-07-24 07:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Apple
[2012-07-18 21:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\ESET
[2012-07-18 09:37:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-07-17 17:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\QuickTime
[2012-07-10 21:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\iTunes
[2012-07-10 21:31:01 | 000,000,000 | ---D | C] -- C:\Program\iPod
[2012-07-10 21:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012-07-10 21:29:51 | 000,000,000 | ---D | C] -- C:\Program\Apple Software Update
[2012-07-10 21:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012-07-10 16:00:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009-03-04 19:21:48 | 000,270,128 | ---- | C] (BitTorrent, Inc.) -- C:\Program\utorrent.exe
[2007-08-04 17:40:15 | 000,098,304 | ---- | C] (Doug Knox) -- C:\Program\xp_remove_hotfix_backup.exe
[2007-05-23 09:39:50 | 000,035,840 | ---- | C] (Twenty One Twelve, Inc.) -- C:\Program\AUTOEJCT.EXE
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-07-28 20:07:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4594A47E-546A-465D-BDA9-39737758D55D}.job
[2012-07-28 20:00:00 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\A76A34459055A791.job
[2012-07-28 19:58:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Simon\Skrivbord\MBR.dat
[2012-07-28 19:37:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-07-28 19:19:50 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Age of Conan.lnk
[2012-07-28 18:14:38 | 000,190,464 | ---- | M] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-28 17:27:46 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012-07-28 17:27:43 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-28 17:27:04 | 008,405,015 | ---- | M] () -- C:\WINDOWS\hlktmp
[2012-07-28 17:27:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-113007714-839522115-1004.job
[2012-07-28 17:26:53 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012-07-28 17:26:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-28 17:26:41 | 3488,141,312 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-27 21:47:01 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{07B16E4F-F152-4E8F-8589-4DBC7A88C970}.job
[2012-07-27 18:37:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-07-27 18:37:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-07-27 11:27:36 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-07-27 11:27:36 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012-07-25 14:56:12 | 000,010,000 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-24 07:19:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-07-23 18:49:55 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012-07-22 18:33:03 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-113007714-839522115-1004.job
[2012-07-11 21:10:47 | 000,046,416 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012-07-11 07:24:04 | 001,532,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-10 21:31:59 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Simon\Skrivbord\iTunes.lnk
[2012-07-03 17:26:22 | 000,002,900 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-07-28 19:58:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Simon\Skrivbord\MBR.dat
[2012-07-28 19:19:50 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Age of Conan.lnk
[2012-07-23 18:49:55 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012-07-11 22:07:42 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Simon\Skrivbord\iTunes.lnk
[2012-07-11 21:10:47 | 000,046,416 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012-07-10 21:29:52 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Apple Software Update.lnk
[2012-07-10 21:29:52 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-05-22 18:18:19 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012-05-05 01:28:46 | 000,322,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\WPFFontCache_v0400-System.dat
[2012-04-30 22:28:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012-04-30 22:28:03 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012-04-30 22:28:03 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2012-04-30 22:23:35 | 000,029,366 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2012-04-05 06:36:10 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-05 06:36:10 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-05 06:36:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-05 06:35:14 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-03-28 23:48:13 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2012-02-16 12:39:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-05 18:32:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011-11-17 23:12:06 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011-09-27 13:59:29 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011-08-15 23:18:27 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\rnpasswd.exe
[2011-06-04 17:15:24 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-05-07 05:33:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI
[2011-04-27 05:00:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-04-27 05:00:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-04-22 18:45:27 | 001,193,984 | ---- | C] () -- C:\WINDOWS\is-NMD9K.exe
[2011-02-17 15:56:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\housecall.guid.cache
[2011-01-22 15:13:51 | 000,000,076 | ---- | C] () -- C:\WINDOWS\My Settings.ini
[2010-08-04 19:01:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010-08-01 14:41:07 | 000,002,900 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010-02-21 12:43:32 | 000,004,586 | ---- | C] () -- C:\Documents and Settings\Simon\client.ovpn
[2010-02-21 12:43:32 | 000,002,818 | ---- | C] () -- C:\Documents and Settings\Simon\ca.crt
[2010-02-21 12:43:32 | 000,001,419 | ---- | C] () -- C:\Documents and Settings\Simon\server.crt
[2010-02-21 12:43:32 | 000,001,419 | ---- | C] () -- C:\Documents and Settings\Simon\client.crt
[2010-02-21 12:43:32 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Simon\client.key
[2010-02-15 21:37:11 | 000,034,204 | ---- | C] () -- C:\Documents and Settings\Simon\.ems.cfg
[2009-09-03 21:06:28 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Simon\jagex_runescape_preferences2.dat
[2009-08-06 12:53:38 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\Simon\jagex_runescape_preferences.dat
[2009-05-11 16:58:28 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2009-01-04 14:25:47 | 000,000,106 | ---- | C] () -- C:\Program\path.ini
[2008-05-09 01:44:59 | 000,000,222 | ---- | C] () -- C:\Program\pink.bmp
[2008-04-11 01:13:34 | 000,004,162 | ---- | C] () -- C:\Program\color1.bmp
[2008-02-22 19:59:30 | 000,023,446 | ---- | C] () -- C:\Program\bk2.jpg
[2008-02-22 19:59:30 | 000,019,636 | ---- | C] () -- C:\Program\th_07.jpg
[2008-02-22 19:59:30 | 000,010,528 | ---- | C] () -- C:\Program\else.gif
[2008-02-22 19:59:30 | 000,000,680 | ---- | C] () -- C:\Program\bl_07.jpg
[2007-10-06 11:06:22 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007-07-28 21:00:09 | 000,007,048 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2007-05-21 00:55:08 | 000,190,464 | ---- | C] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-05-20 15:27:46 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\fusioncache.dat

========== LOP Check ==========

[2007-08-04 19:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2007-12-23 15:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2009-01-25 17:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012-04-20 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2011-08-20 16:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2009-06-11 10:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrazyBump
[2011-09-30 17:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011-09-30 18:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011-05-26 20:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DinsCurse
[2011-10-23 22:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011-09-10 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011-10-23 22:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012-03-30 17:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011-03-20 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileServe Limited
[2008-05-24 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2011-10-04 22:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXN
[2011-08-20 16:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010-12-29 20:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009-06-11 10:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\licensecb
[2009-09-03 16:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotionDSP
[2009-06-22 15:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2012-05-02 17:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008-12-27 14:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pqdklkxw
[2012-05-04 23:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SplitMediaLabs
[2012-05-04 23:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-07-05 21:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2012-07-10 21:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-04-20 18:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011-09-21 17:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\DAEMON Tools Lite
[2010-01-28 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Dev-Cpp
[2008-04-01 16:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\itchwait
[2007-10-26 18:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Leadertech
[2009-05-08 16:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Notepad++
[2008-04-23 10:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\OfficeUpdate12
[2007-09-02 16:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Tibia
[2007-10-26 20:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Uniblue
[2009-01-01 01:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Windows Live Writer
[2010-10-07 16:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\.minecraft
[2009-01-04 19:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Atari
[2009-01-25 17:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Autodesk
[2008-11-06 20:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\CopyRed Alert 3
[2012-06-03 23:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\DAEMON Tools Lite
[2011-09-30 18:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\DAEMON Tools Pro
[2008-05-06 22:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Dev-Cpp
[2008-08-31 01:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\DNA
[2010-03-07 16:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\GetRightToGo
[2011-10-04 22:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\go
[2009-12-06 17:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\gtk-2.0
[2012-01-28 23:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\IObit
[2011-05-16 17:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Kalypso Media
[2007-05-21 00:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Leadertech
[2010-05-11 19:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\LolClient
[2009-10-20 20:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010-08-04 18:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Megaupload
[2011-02-01 19:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Moyea
[2011-08-20 15:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\MySQL
[2012-06-08 21:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\NesterSoft
[2012-03-21 16:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Notepad++
[2007-05-20 23:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\OfficeUpdate12
[2009-11-01 14:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Opera
[2012-02-05 18:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\pdfforge
[2008-12-05 16:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Red Alert 3
[2009-03-14 18:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Remere's Map Editor
[2010-08-29 20:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Roads Of Rome
[2009-12-10 19:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\runic games
[2010-07-04 14:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Sierra
[2011-08-22 16:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SmygIP
[2012-05-04 23:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SplitMediaLabs
[2008-09-07 13:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Spore
[2012-04-17 16:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Spotify
[2010-06-14 12:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SystemRequirementsLab
[2012-05-01 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TeamViewer
[2012-01-20 08:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Tibia
[2010-09-09 23:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TibiaAlt
[2010-08-27 10:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TibiaWeirds
[2011-02-20 21:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TS3Client
[2010-07-05 21:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Ubisoft
[2012-04-29 14:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Windows Search
[2009-12-15 01:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Wireshark
[2012-07-28 20:00:00 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\Tasks\A76A34459055A791.job
[2012-07-28 17:27:46 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011-11-18 07:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\script.job
[2012-07-28 17:26:53 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2008-05-24 11:20:32 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\sth.job
[2008-05-24 11:20:40 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\sth2.job
[2012-07-27 21:47:01 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{07B16E4F-F152-4E8F-8589-4DBC7A88C970}.job
[2012-07-28 20:07:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4594A47E-546A-465D-BDA9-39737758D55D}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008-12-28 14:18:31 | 484,521,741 | ---- | M] (Macrovision Corporation) -- C:\Conquer_v5087.exe
[2007-11-07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=74BB7DCD2BFDCC0E52869DB3582CA781 -- C:\WINDOWS\explorer.exe
[2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=74BB7DCD2BFDCC0E52869DB3582CA781 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=74BB7DCD2BFDCC0E52869DB3582CA781 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007-06-13 15:12:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=75CF621935A2138BB0DD354BB72548FC -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004-08-04 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=87A3C8EAD27CF3591713D629D8BCB990 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2006-04-04 11:00:00 | 000,007,131 | ---- | M] () MD5=E64717F6967459C8ADC50F74CB4DFA1F -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009-02-09 11:55:31 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=056EDFF8EFA8D44CA9C322BA9B10ECFF -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2004-08-04 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=0DF00535E2F5AEFAEAD3A800F75137AF -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-02-09 12:11:08 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=3B41CF1E48524775796C0A4AAA92E26B -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009-02-09 13:19:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=5DD875F92626DC3C8F46AB3E6CC1C98E -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-02-09 13:27:07 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=8870B0C4A094C1CE80CEA6F85FA38FF2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009-02-09 13:27:07 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=8870B0C4A094C1CE80CEA6F85FA38FF2 -- C:\WINDOWS\system32\dllcache\services.exe
[2009-02-09 13:27:07 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=8870B0C4A094C1CE80CEA6F85FA38FF2 -- C:\WINDOWS\system32\services.exe
[2008-04-14 18:05:18 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=9436FEE6DF0F12AABDE97BEA8501B538 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SERVICES.MSC >
[2004-08-04 14:00:00 | 000,033,069 | ---- | M] () MD5=3BC34A0485D0B7D36F3901A3402C42EC -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2010-01-26 10:32:22 | 000,032,863 | ---- | M] () MD5=D9E2E068E22BF03F10E23AB2B614423A -- C:\Program\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2004-08-04 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8A75754B7B9ECC4753E3C09A56B18 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008-04-14 18:05:21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=6CCEF19D7301D9861F90E299C798AD3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008-04-14 18:05:21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=6CCEF19D7301D9861F90E299C798AD3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008-04-14 18:05:21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=6CCEF19D7301D9861F90E299C798AD3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008-04-14 18:05:22 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=317799A2E42B5EA048A8A70F482CBA9F -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011-12-01 01:51:06 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=317799A2E42B5EA048A8A70F482CBA9F -- C:\WINDOWS\system32\dllcache\userinit.exe
[2011-12-01 01:51:06 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=317799A2E42B5EA048A8A70F482CBA9F -- C:\WINDOWS\system32\userinit.exe
[2004-08-04 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=452202227D7A5020D058D49106C0B872 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004-08-04 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=3E080D3D4F81B0638766CCC4D7707D10 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 18:05:23 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ABD2D070BE76A9386A0A283A332E3862 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 18:05:23 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ABD2D070BE76A9386A0A283A332E3862 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-14 18:05:23 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ABD2D070BE76A9386A0A283A332E3862 -- C:\WINDOWS\system32\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
@Alternate Data Stream - 962 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24721E3C
@Alternate Data Stream - 548 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E41EAF13
@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 269 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BE50C2B
@Alternate Data Stream - 245 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE74317
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


OTL Extras logfile created on: 2012-07-28 20:03:02 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Mina dokument\Hämtade filer\Tibia
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 72,99% Memory free
6,34 Gb Paging File | 5,69 Gb Available in Paging File | 89,78% Paging File free
Paging file location(s): C:\pagefile.sys 3326 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 139,73 Gb Total Space | 36,72 Gb Free Space | 26,28% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 30,18 Gb Free Space | 4,32% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 53,84 Gb Free Space | 72,24% Space Free | Partition Type: NTFS
Drive F: | 586,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 6,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SIMTOR | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"58130:TCP" = 58130:TCP:*:Enabled:Pando Media Booster
"58130:UDP" = 58130:UDP:*:Enabled:Pando Media Booster
"57886:TCP" = 57886:TCP:*:Enabled:Pando Media Booster
"57886:UDP" = 57886:UDP:*:Enabled:Pando Media Booster
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"58018:TCP" = 58018:TCP:*:Enabled:Pando Media Booster
"58018:UDP" = 58018:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"58130:TCP" = 58130:TCP:*:Enabled:Pando Media Booster
"58130:UDP" = 58130:UDP:*:Enabled:Pando Media Booster
"57886:TCP" = 57886:TCP:*:Enabled:Pando Media Booster
"57886:UDP" = 57886:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"58018:TCP" = 58018:TCP:*:Enabled:Pando Media Booster
"58018:UDP" = 58018:UDP:*:Enabled:Pando Media Booster
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - kompatibilitetsläge (HTTP-in)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\D-disk\Spel\Tibicam2\TibiCAM\TibiCAM.exe" = C:\D-disk\Spel\Tibicam2\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM
"C:\Program\uTorrent\utorrent.exe" = C:\Program\uTorrent\utorrent.exe:*:Enabled:µTorrent
"C:\D-disk\Spel\Tibicam\TibiCam\TibiCAM.exe" = C:\D-disk\Spel\Tibicam\TibiCam\TibiCAM.exe:*:Enabled:TibiCAM
"C:\D-disk\Spel\World of Warcraft\BackgroundDownloader.exe" = C:\D-disk\Spel\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Spel\Tibicam2\TibiCAM\TibiCAM.exe" = C:\Spel\Tibicam2\TibiCAM\TibiCAM.exe:*:Disabled:TibiCAM
"C:\Program\MSN Messenger\livecall.exe" = C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Mina dokument\Hämtade filer\Conquer_P2P_20101212.exe" = C:\Mina dokument\Hämtade filer\Conquer_P2P_20101212.exe:*:Enabled:Conquer_P2P_20101212.exe
"C:\Mina dokument\Hämtade filer\Tibia\Conquer_v5567_P2P_20120110.exe" = C:\Mina dokument\Hämtade filer\Tibia\Conquer_v5567_P2P_20120110.exe:*:Enabled:Conquer_v5567_P2P_20120110.exe
"C:\Program\Pando Networks\Media Booster\PMB.exe" = C:\Program\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ElectricSheep.scr" = C:\WINDOWS\system32\ElectricSheep.scr:*:Enabled:ElectricSheep
"C:\Spel\Warcraft III\Frozen Throne.exe" = C:\Spel\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne
"C:\Program\uTorrent\utorrent.exe" = C:\Program\uTorrent\utorrent.exe:*:Enabled:µTorrent
"C:\Spel\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Spel\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9
"C:\Spel\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Spel\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10
"C:\Spel\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Spel\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update
"C:\Spel\Age of Conan\ConanPatcher.exe" = C:\Spel\Age of Conan\ConanPatcher.exe:*:Enabled:Age of Conan
"D:\Spel\Ubisoft\THE SETTLERS - Rise of an Empire Demo\base\bin\Settlers6Demo.exe" = D:\Spel\Ubisoft\THE SETTLERS - Rise of an Empire Demo\base\bin\Settlers6Demo.exe:*:Enabled:THE SETTLERS - Rise of an Empire Demo
"C:\Program\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe" = C:\Program\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire -- (Blue Byte GmbH)
"C:\Program\MSN Messenger\livecall.exe" = C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program\Delade filer\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe" = C:\Program\Delade filer\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe:LocalSubNet:Enabled:XNA Game Studio 3.0 Transport
"C:\Program\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaLiveProxy.exe" = C:\Program\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows - LIVE
"D:\program\openVpn\bin\openvpn.exe" = D:\program\openVpn\bin\openvpn.exe:*:Enabled:openvpn
"D:\program\Spotify\spotify.exe" = D:\program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"D:\Spel\League of Legends\Air\LolClient.exe" = D:\Spel\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Spel\League of Legends\Game\League of Legends.exe" = D:\Spel\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\Spel\League of Legends\Riot Games\League of Legends\air\LolClient.exe" = D:\Spel\League of Legends\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Spel\League of Legends\Riot Games\League of Legends\game\League of Legends.exe" = D:\Spel\League of Legends\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"D:\program\Crazybump\cb.exe" = D:\program\Crazybump\cb.exe:*:Enabled:crazybump
"C:\Mina dokument\Hämtade filer\Conquer_P2P_20101212.exe" = C:\Mina dokument\Hämtade filer\Conquer_P2P_20101212.exe:*:Enabled:Conquer_P2P_20101212.exe
"C:\Program\Skype\Plugin Manager\skypePM.exe" = C:\Program\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"D:\program\VentriloNy\Ventrilo.exe" = D:\program\VentriloNy\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Mina dokument\Hämtade filer\Tibia\Conquer_v5567_P2P_20120110.exe" = C:\Mina dokument\Hämtade filer\Tibia\Conquer_v5567_P2P_20120110.exe:*:Enabled:Conquer_v5567_P2P_20120110.exe
"C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program\Pando Networks\Media Booster\PMB.exe" = C:\Program\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Mina dokument\Hämtade filer\Tibia\Diablo-III-8370-enGB-Installer-downloader.exe" = C:\Mina dokument\Hämtade filer\Tibia\Diablo-III-8370-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program\MagicTune Premium\MagicTune.exe" = C:\Program\MagicTune Premium\MagicTune.exe:*:Disabled:MagicTune -- (SEC)
"C:\Spel\Steam\Steam\steamapps\common\age of empires online\AOEOnline.exe" = C:\Spel\Steam\Steam\steamapps\common\age of empires online\AOEOnline.exe:*:Enabled:Age of Empires Online -- (Microsoft Studios)
"C:\Program\Delade filer\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program\Delade filer\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001041D-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0004041D-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 CD 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4 Rush Hour
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0691B876-15B2-451B-AEA4-5653E40899C4}" = Windows Presentation Foundation Language Pack (SVE)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08AB56DB-F5B6-4477-A2FD-38398F06C378}" = Microsoft .NET Framework 3.0 Swedish Language Pack
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medeltiden Pirater och Adel
"{0CC46434-C9F1-4091-9F45-DBCCF929543F}" = Opera 11.51
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10631C28-62E5-477C-9B40-40C5EA8219BE}" = Black & White® 2 Battle of the Gods
"{116D1725-3193-49AF-8999-036D385F701E}" = Desktop Restore
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{17014473-0098-4DF0-827D-7D582697C78C}" = Microsoft .NET Framework 2.0 Language Pack - SVE
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25B473C3-2C62-482B-858F-94ED76880F79}" = Patrician IV
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28F451B0-44E5-48C0-8706-84114249F5B4}" = LightScribe 1.4.109.1
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29C22873-B939-4EF9-B6E3-1EFE7FA392D1}" = ASUS nVidia Driver
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BAC066E-F2E9-11D2-A171-00C04F6C9FA4}" = Microsoft Office HTML-filter 2.1
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{47D528F7-5DB1-48C3-A782-7189609B4B49}" = Conquer1.0
"{489778E4-C59A-4000-8719-3D09B9130DFB}" = vbTool
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B590FA8-A4F0-4933-AF3E-071000000101}" = Patrician IV - Rise of a Dynasty
"{4B590FA8-A4F0-4933-AF3E-071000000102}" = Patrician IV - Rise of a Dynasty
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A74371F-993C-4AEF-8EA0-B5A8A9472050}" = Command & Conquer™ Red Alert™ 3 Worldbuilder
"{5B119660-1788-11D8-8EB8-0050BF643EE7}" = digestIT 2004
"{5C9D5D8C-9245-45B4-B017-0AD03DA2EEAA}_is1" = Patrician 4 - Patch 1.3.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64029508-2587-4D39-AB83-2AC722FBFCC2}" = XSplit
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B99E90E-2AC4-4D72-8D88-39030783172B}" = e-kort
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B51FD5-DA3F-4B48-8F3F-4E4068F25D89}_is1" = Conquer Online 2.0
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{793C456F-EB0A-4164-BE77-B6D901F2C7E3}" = Windows Workflow Foundation SV Language Pack
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7D9EA2FA-FD8F-4063-9371-2E7E5DB66BF6}" = Command & Conquer™ Red Alert™ 3 Worldbuilder
"{7FF90D04-A60F-42A0-8F78-88623F99DCAC}" = S810
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medeltiden
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85DD724B-15E5-4572-81BF-CF9031D83848}" = Ventrilo Server
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}" = Microsoft .NET Framework 1.1 Swedish Language Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBE7AA1-AFA8-4D76-8FC2-1FDFD9BD3371}" = Windows Live Mail
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D71329D-95A5-4297-8F79-DCDBD156420A}" = Windows Live Essentials
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A0E6A4F4-AD26-4F4C-A6BB-46AD2FC3D9A3}" = Path of Exile
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Svenska
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIAs kontrollpanel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdrivrutin 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systemprogramvara 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA-uppdatering 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA9632CB-2B93-4FD6-905C-BB325CE1C4DD}" = e-kort
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF476E33-ED16-4C5A-8DFB-ABCA8A47AD61}" = Windows Communication Foundation Language Pack - SVE
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41DABFE-49B1-4B24-9DF0-6DF70B485737}" = Mega Manager
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{D55F88FD-4263-4DCF-B0DF-3149D04DB034}" = Patrician IV - Rise of a Dynasty
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F13225E2-6533-4923-A657-083A151E667E}" = Windows Live Messenger
"{F710751F-1789-4437-835D-54013BCDE160}" = ESET NOD32 Antivirus
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"{FE4270D7-A642-49C1-9A40-854DA3F13FB2}_is1" = Moyea FLV Player version: 2.0.2.96
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"AutoHotkey" = AutoHotkey 1.0.48.05
"awxDTools_is1" = arniWORX awxDTools - Daemon-Tools ShellExtension - 1.0.6.0
"Bonniers Trafikskola 4.0" = Bonniers Trafikskola 4.0
"Capsized_is1" = Capsized
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"Context Magic" = Context Magic 1.1 beta5
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Crazybump" = Crazybump (remove only)
"Creative PD0630" = Creative WebCam Live! Driver (1.02.03.0606)
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Live! User's Guide English" = Creative WebCam Live! User's Guide (English)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Dink Smallwood HD" = Dink Smallwood HD (remove only)
"Din's Curse - Demon War Expansion1.024" = Din's Curse - Demon War Expansion
"DX-Ball 1.07" = DX-Ball 1.07
"ElfBot NG_is1" = ElfBot NG 4.5.9
"ERUNT_is1" = ERUNT 1.1j
"FileZilla" = FileZilla (remove only)
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"FreeUndelete" = FreeUndelete
"Game Booster_is1" = Game Booster
"hon" = Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"KatMouse" = KatMouse (remove only)
"Kings Legacy1.0" = Kings Legacy
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Basic)
"Magic ISO Maker v5.3 (build 0216)" = Magic ISO Maker v5.3 (build 0216)
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - SVE" = Microsoft .NET Framework 2.0 Language Pack - SVE
"Microsoft .NET Framework 3.0 Swedish Language Pack" = Microsoft .NET Framework 3.0 Swedish Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 sv-SE)" = Mozilla Firefox 14.0.1 (x86 sv-SE)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 15.0" = RealPlayer
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Roads of Rome_is1" = Roads of Rome
"S3 Gold" = The Settlers III Gold Edition
"S4Uninst" = The Settlers IV
"Sandboxie" = Sandboxie 3.46
"Smart Defrag 2_is1" = Smart Defrag 2
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 105430" = Age of Empires Online
"Tasker_is1" = Tasker version 3.14
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tibia_is1" = Tibia
"TIMELEFT3_is1" = TimeLeft
"Tweak UI 2.10" = Tweak UI
"WampServer 2_is1" = WampServer 2.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"VentriloMIX" = VentriloMIX
"ViceVersa - FREE!" = ViceVersa - FREE!
"Windows Lemmings" = Lemmings for Windows 95
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHex" = WinHex
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.2.4
"VLC media player" = VideoLAN VLC media player 0.8.2
"vReveal" = vReveal
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Game Organizer" = GameXN GO
"Spotify" = Spotify
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-07-23 17:37:01 | Computer Name = SIMTOR | Source = Application Error | ID = 1000
Description = Felaktigt program FlashPlayerUpdateService.exe, version 11.3.300.265,
felaktig modul ntdll.dll, version 5.1.2600.6055, felaktig adress 0x000113c0.

Error - 2012-07-24 05:28:18 | Computer Name = SIMTOR | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2012-07-24 14:37:02 | Computer Name = SIMTOR | Source = Application Error | ID = 1000
Description = Felaktigt program FlashPlayerUpdateService.exe, version 11.3.300.265,
felaktig modul ntdll.dll, version 5.1.2600.6055, felaktig adress 0x000113c0.

Error - 2012-07-25 22:37:02 | Computer Name = SIMTOR | Source = Application Error | ID = 1000
Description = Felaktigt program FlashPlayerUpdateService.exe, version 11.3.300.265,
felaktig modul ntdll.dll, version 5.1.2600.6055, felaktig adress 0x000113c0.

Error - 2012-07-26 20:37:02 | Computer Name = SIMTOR | Source = Application Error | ID = 1000
Description = Felaktigt program FlashPlayerUpdateService.exe, version 11.3.300.265,
felaktig modul ntdll.dll, version 5.1.2600.6055, felaktig adress 0x000113c0.

Error - 2012-07-27 04:37:02 | Computer Name = SIMTOR | Source = Application Error | ID = 1000
Description = Felaktigt program FlashPlayerUpdateService.exe, version 11.3.300.265,
felaktig modul ntdll.dll, version 5.1.2600.6055, felaktig adress 0x000113c0.

Error - 2012-07-27 22:37:02 | Computer Name = SIMTOR | Source = Application Error | ID = 1000
Description = Felaktigt program FlashPlayerUpdateService.exe, version 11.3.300.268,
felaktig modul ntdll.dll, version 5.1.2600.6055, felaktig adress 0x000113c0.

Error - 2012-07-28 00:37:01 | Computer Name = SIMTOR | Source = Application Error | ID = 1000
Description = Felaktigt program FlashPlayerUpdateService.exe, version 11.3.300.268,
felaktig modul ntdll.dll, version 5.1.2600.6055, felaktig adress 0x000113c0.

Error - 2012-07-28 02:37:01 | Computer Name = SIMTOR | Source = Application Error | ID = 1000
Description = Felaktigt program FlashPlayerUpdateService.exe, version 11.3.300.268,
felaktig modul ntdll.dll, version 5.1.2600.6055, felaktig adress 0x000113c0.

Error - 2012-07-28 07:37:01 | Computer Name = SIMTOR | Source = Application Error | ID = 1000
Description = Felaktigt program FlashPlayerUpdateService.exe, version 11.3.300.268,
felaktig modul ntdll.dll, version 5.1.2600.6055, felaktig adress 0x000113c0.

[ System Events ]
Error - 2012-07-28 12:39:00 | Computer Name = SIMTOR | Source = Cdrom | ID = 262151
Description = Det finns ett felaktigt block på enhet \Device\CdRom0.

Error - 2012-07-28 12:39:02 | Computer Name = SIMTOR | Source = Cdrom | ID = 262151
Description = Det finns ett felaktigt block på enhet \Device\CdRom0.

Error - 2012-07-28 12:59:27 | Computer Name = SIMTOR | Source = Cdrom | ID = 262151
Description = Det finns ett felaktigt block på enhet \Device\CdRom0.

Error - 2012-07-28 12:59:29 | Computer Name = SIMTOR | Source = Cdrom | ID = 262151
Description = Det finns ett felaktigt block på enhet \Device\CdRom0.

Error - 2012-07-28 12:59:30 | Computer Name = SIMTOR | Source = Cdrom | ID = 262151
Description = Det finns ett felaktigt block på enhet \Device\CdRom0.

Error - 2012-07-28 12:59:32 | Computer Name = SIMTOR | Source = Cdrom | ID = 262151
Description = Det finns ett felaktigt block på enhet \Device\CdRom0.

Error - 2012-07-28 12:59:33 | Computer Name = SIMTOR | Source = Cdrom | ID = 262151
Description = Det finns ett felaktigt block på enhet \Device\CdRom0.

Error - 2012-07-28 13:27:41 | Computer Name = SIMTOR | Source = Service Control Manager | ID = 7001
Description = Tjänsten Remote Access Connection Manager är beroende av tjänsten
Telephony. Den sistnämnda kunde inte starta på grund av följande fel: %%1058

Error - 2012-07-28 13:27:41 | Computer Name = SIMTOR | Source = Service Control Manager | ID = 7001
Description = Tjänsten Remote Access Connection Manager är beroende av tjänsten
Telephony. Den sistnämnda kunde inte starta på grund av följande fel: %%1058

Error - 2012-07-28 13:56:16 | Computer Name = SIMTOR | Source = Service Control Manager | ID = 7001
Description = Tjänsten Remote Access Connection Manager är beroende av tjänsten
Telephony. Den sistnämnda kunde inte starta på grund av följande fel: %%1058


< End of report >



Bank website does not load properly after logging in
Random program crashes
Browser crashes after buffering X amount of data
Notification that Dwwin.exe does not close properly when shutting down computer

Thank you for your time CompCav, I hope that you can help me solve this.
  • 0

#4
CompCav
Posted 28 July 2012 - 12:28 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Let's get the main problem and then work on the little ones.

Step 1.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete or Copy to Quarantine unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This infection will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Step 3.

Please post:

TDSSKiller log
ComboFix.txt

Update me on your computer issues.
  • 1

#5
Ardelo
Posted 28 July 2012 - 01:32 PM

Ardelo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
20:38:31.0468 0996 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:38:31.0843 0996 ============================================================
20:38:31.0843 0996 Current date / time: 2012/07/28 20:38:31.0843
20:38:31.0843 0996 SystemInfo:
20:38:31.0843 0996
20:38:31.0843 0996 OS Version: 5.1.2600 ServicePack: 3.0
20:38:31.0843 0996 Product type: Workstation
20:38:31.0843 0996 ComputerName: SIMTOR
20:38:31.0843 0996 UserName: Simon
20:38:31.0843 0996 Windows directory: C:\WINDOWS
20:38:31.0843 0996 System windows directory: C:\WINDOWS
20:38:31.0843 0996 Processor architecture: Intel x86
20:38:31.0843 0996 Number of processors: 2
20:38:31.0843 0996 Page size: 0x1000
20:38:31.0843 0996 Boot type: Normal boot
20:38:31.0843 0996 ============================================================
20:38:33.0609 0996 Drive \Device\Harddisk0\DR0 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:38:33.0625 0996 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:38:33.0625 0996 Drive \Device\Harddisk2\DR4 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:38:33.0625 0996 ============================================================
20:38:33.0625 0996 \Device\Harddisk0\DR0:
20:38:33.0625 0996 MBR partitions:
20:38:33.0625 0996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x117775C2
20:38:33.0625 0996 \Device\Harddisk1\DR1:
20:38:33.0625 0996 MBR partitions:
20:38:33.0625 0996 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
20:38:33.0625 0996 \Device\Harddisk2\DR4:
20:38:33.0625 0996 MBR partitions:
20:38:33.0625 0996 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
20:38:33.0625 0996 ============================================================
20:38:33.0656 0996 C: <-> \Device\Harddisk0\DR0\Partition0
20:38:33.0687 0996 D: <-> \Device\Harddisk1\DR1\Partition0
20:38:33.0703 0996 E: <-> \Device\Harddisk2\DR4\Partition0
20:38:33.0703 0996 ============================================================
20:38:33.0703 0996 Initialize success
20:38:33.0703 0996 ============================================================
20:38:40.0171 2288 ============================================================
20:38:40.0171 2288 Scan started
20:38:40.0171 2288 Mode: Manual; SigCheck; TDLFS;
20:38:40.0171 2288 ============================================================
20:38:40.0859 2288 Abiosdsk - ok
20:38:40.0859 2288 abp480n5 - ok
20:38:40.0890 2288 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
20:38:41.0046 2288 acedrv11 - ok
20:38:41.0078 2288 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:38:41.0187 2288 ACPI - ok
20:38:41.0218 2288 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:38:41.0296 2288 ACPIEC - ok
20:38:41.0343 2288 ADIDTSFiltService (ee97365199d656ddf3197ffdb091eadf) C:\WINDOWS\system32\drivers\adidts.sys
20:38:41.0375 2288 ADIDTSFiltService - ok
20:38:41.0421 2288 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:38:41.0437 2288 ADIHdAudAddService - ok
20:38:41.0500 2288 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:38:41.0531 2288 AdobeFlashPlayerUpdateSvc - ok
20:38:41.0531 2288 adpu160m - ok
20:38:41.0546 2288 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
20:38:41.0562 2288 AEAudio - ok
20:38:41.0640 2288 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:38:41.0734 2288 aec - ok
20:38:41.0781 2288 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:38:41.0812 2288 AFD - ok
20:38:41.0812 2288 Aha154x - ok
20:38:41.0812 2288 aic78u2 - ok
20:38:41.0812 2288 aic78xx - ok
20:38:41.0812 2288 ALCXWDM - ok
20:38:41.0843 2288 Alerter (7e3c83703327499d0b98ae392ff07ede) C:\WINDOWS\system32\alrsvc.dll
20:38:41.0937 2288 Alerter - ok
20:38:41.0968 2288 ALG (5df46f9ad9c1d611a38af2abb9365b5b) C:\WINDOWS\System32\alg.exe
20:38:42.0031 2288 ALG - ok
20:38:42.0031 2288 AliIde - ok
20:38:42.0031 2288 amsint - ok
20:38:42.0109 2288 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:38:42.0125 2288 Apple Mobile Device - ok
20:38:42.0156 2288 AppMgmt (6912d676607594c3554c2e43f4b1feee) C:\WINDOWS\System32\appmgmts.dll
20:38:42.0218 2288 AppMgmt - ok
20:38:42.0250 2288 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:38:42.0328 2288 Arp1394 - ok
20:38:42.0328 2288 asc - ok
20:38:42.0328 2288 asc3350p - ok
20:38:42.0328 2288 asc3550 - ok
20:38:42.0359 2288 AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys
20:38:42.0359 2288 AsIO ( UnsignedFile.Multi.Generic ) - warning
20:38:42.0359 2288 AsIO - detected UnsignedFile.Multi.Generic (1)
20:38:42.0562 2288 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:38:42.0578 2288 aspnet_state - ok
20:38:42.0578 2288 asusgsb - ok
20:38:42.0593 2288 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:38:42.0671 2288 AsyncMac - ok
20:38:42.0687 2288 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:38:42.0781 2288 atapi - ok
20:38:42.0781 2288 Atdisk - ok
20:38:42.0812 2288 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
20:38:42.0828 2288 atksgt - ok
20:38:42.0843 2288 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:38:43.0109 2288 Atmarpc - ok
20:38:43.0125 2288 AudioSrv (73f7604cfb13a066a93442f431c62c4a) C:\WINDOWS\System32\audiosrv.dll
20:38:43.0218 2288 AudioSrv - ok
20:38:43.0234 2288 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:38:43.0328 2288 audstub - ok
20:38:43.0359 2288 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:38:43.0437 2288 Beep - ok
20:38:43.0625 2288 BITS (9741942a86e579231d3c41aa51de042f) C:\WINDOWS\system32\qmgr.dll
20:38:43.0703 2288 BITS - ok
20:38:43.0765 2288 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program\Bonjour\mDNSResponder.exe
20:38:43.0781 2288 Bonjour Service - ok
20:38:43.0812 2288 Browser (e0d4a1cc49efb58a32b5e9d35798c9dd) C:\WINDOWS\System32\browser.dll
20:38:43.0890 2288 Browser - ok
20:38:43.0906 2288 Cardex - ok
20:38:43.0906 2288 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:38:44.0015 2288 cbidf2k - ok
20:38:44.0046 2288 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:38:44.0140 2288 CCDECODE - ok
20:38:44.0140 2288 cd20xrnt - ok
20:38:44.0187 2288 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:38:44.0281 2288 Cdaudio - ok
20:38:44.0312 2288 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:38:44.0390 2288 Cdfs - ok
20:38:44.0468 2288 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:38:44.0562 2288 Cdrom - ok
20:38:44.0562 2288 Changer - ok
20:38:44.0562 2288 CiSvc (359c676391504438f334478585fd6465) C:\WINDOWS\system32\cisvc.exe
20:38:44.0640 2288 CiSvc - ok
20:38:44.0656 2288 ClipSrv (b8345830c5d789d3da21b91c0c94d086) C:\WINDOWS\system32\clipsrv.exe
20:38:44.0750 2288 ClipSrv - ok
20:38:44.0812 2288 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:44.0875 2288 clr_optimization_v2.0.50727_32 - ok
20:38:44.0921 2288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:38:44.0968 2288 clr_optimization_v4.0.30319_32 - ok
20:38:44.0968 2288 CmdIde - ok
20:38:44.0968 2288 COMSysApp - ok
20:38:44.0984 2288 Cpqarray - ok
20:38:45.0000 2288 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
20:38:45.0015 2288 cpuz132 ( UnsignedFile.Multi.Generic ) - warning
20:38:45.0015 2288 cpuz132 - detected UnsignedFile.Multi.Generic (1)
20:38:45.0046 2288 CryptSvc (04fd6585508a7320b2c7453ced231d6b) C:\WINDOWS\System32\cryptsvc.dll
20:38:45.0125 2288 CryptSvc - ok
20:38:45.0125 2288 dac2w2k - ok
20:38:45.0125 2288 dac960nt - ok
20:38:45.0156 2288 DcomLaunch (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\system32\rpcss.dll
20:38:45.0187 2288 DcomLaunch - ok
20:38:45.0218 2288 Dhcp (0ce3fa1c1a6803b34022d6c47273930d) C:\WINDOWS\System32\dhcpcsvc.dll
20:38:45.0296 2288 Dhcp - ok
20:38:45.0312 2288 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:45.0390 2288 Disk - ok
20:38:45.0390 2288 dmadmin - ok
20:38:45.0437 2288 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
20:38:45.0546 2288 dmboot - ok
20:38:45.0562 2288 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\DRIVERS\dmio.sys
20:38:45.0640 2288 dmio - ok
20:38:45.0656 2288 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:38:45.0750 2288 dmload - ok
20:38:45.0781 2288 dmserver (77db107fd2d8de42b3adc7fce084f653) C:\WINDOWS\System32\dmserver.dll
20:38:45.0843 2288 dmserver - ok
20:38:45.0859 2288 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:38:45.0937 2288 DMusic - ok
20:38:45.0968 2288 Dnscache (efac4d4c80ccd725cc5bd7d3dbf18c74) C:\WINDOWS\System32\dnsrslvr.dll
20:38:46.0031 2288 Dnscache - ok
20:38:46.0046 2288 Dot3svc (c3c6cf67796acdd8329cb0e44367a1eb) C:\WINDOWS\System32\dot3svc.dll
20:38:46.0125 2288 Dot3svc - ok
20:38:46.0125 2288 dpti2o - ok
20:38:46.0125 2288 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:38:46.0203 2288 drmkaud - ok
20:38:46.0203 2288 DS1410D - ok
20:38:46.0218 2288 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
20:38:46.0234 2288 eamon - ok
20:38:46.0234 2288 EapHost (d9cabe63af4bc951302d9e508cb5599a) C:\WINDOWS\System32\eapsvc.dll
20:38:46.0312 2288 EapHost - ok
20:38:46.0343 2288 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
20:38:46.0343 2288 ehdrv - ok
20:38:46.0343 2288 EIO - ok
20:38:46.0453 2288 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
20:38:46.0484 2288 ekrn - ok
20:38:46.0515 2288 ElbyCDFL (075d91e4de09a6f1ede77c341803d454) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
20:38:46.0531 2288 ElbyCDFL - ok
20:38:46.0531 2288 ElbyCDIO (c9c7113f5e15f70fcc576e835c859d56) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
20:38:46.0546 2288 ElbyCDIO - ok
20:38:46.0562 2288 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
20:38:46.0578 2288 ENTECH ( UnsignedFile.Multi.Generic ) - warning
20:38:46.0578 2288 ENTECH - detected UnsignedFile.Multi.Generic (1)
20:38:46.0593 2288 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
20:38:46.0609 2288 epfwtdir - ok
20:38:46.0609 2288 ERSvc (bc5287dc6dc7ebb13aa825caa6482f94) C:\WINDOWS\System32\ersvc.dll
20:38:46.0687 2288 ERSvc - ok
20:38:46.0687 2288 es_07a5le.sys - ok
20:38:46.0718 2288 Eventlog (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe
20:38:46.0734 2288 Eventlog - ok
20:38:46.0781 2288 EventSystem (01cec6de315f1a06ce5aa70009c6979e) C:\WINDOWS\system32\es.dll
20:38:46.0812 2288 EventSystem - ok
20:38:46.0828 2288 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:38:46.0890 2288 Fastfat - ok
20:38:46.0921 2288 FastUserSwitchingCompatibility (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
20:38:46.0968 2288 FastUserSwitchingCompatibility - ok
20:38:46.0984 2288 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:38:47.0062 2288 Fdc - ok
20:38:47.0062 2288 FETNDIS - ok
20:38:47.0078 2288 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
20:38:47.0156 2288 Fips - ok
20:38:47.0187 2288 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:38:47.0234 2288 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:38:47.0234 2288 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:38:47.0234 2288 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:38:47.0312 2288 Flpydisk - ok
20:38:47.0343 2288 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:38:47.0421 2288 FltMgr - ok
20:38:47.0500 2288 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:38:47.0515 2288 FontCache3.0.0.0 - ok
20:38:47.0531 2288 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:38:47.0609 2288 Fs_Rec - ok
20:38:47.0640 2288 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:38:47.0718 2288 Ftdisk - ok
20:38:47.0734 2288 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:38:47.0812 2288 gameenum - ok
20:38:47.0828 2288 GarenaPEngine - ok
20:38:47.0859 2288 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:38:47.0875 2288 GEARAspiWDM - ok
20:38:47.0906 2288 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:38:47.0968 2288 Gpc - ok
20:38:47.0984 2288 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:38:48.0000 2288 hamachi - ok
20:38:48.0046 2288 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
20:38:48.0078 2288 Hardlock - ok
20:38:48.0109 2288 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
20:38:48.0125 2288 Haspnt ( UnsignedFile.Multi.Generic ) - warning
20:38:48.0125 2288 Haspnt - detected UnsignedFile.Multi.Generic (1)
20:38:48.0140 2288 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:38:48.0218 2288 HDAudBus - ok
20:38:48.0265 2288 helpsvc (202c95f334c53a5a8bd0d8465512b3f4) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:38:48.0328 2288 helpsvc - ok
20:38:48.0328 2288 HidServ - ok
20:38:48.0343 2288 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:38:48.0421 2288 HidUsb - ok
20:38:48.0453 2288 hkmsvc (98580e101404565700fd12e03f7ee056) C:\WINDOWS\System32\kmsvc.dll
20:38:48.0515 2288 hkmsvc - ok
20:38:48.0531 2288 hpn - ok
20:38:48.0546 2288 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:38:48.0578 2288 HTTP - ok
20:38:48.0609 2288 HTTPFilter (f504d07cb25d62ab8d079c1f868651ae) C:\WINDOWS\System32\w3ssl.dll
20:38:48.0687 2288 HTTPFilter - ok
20:38:48.0687 2288 i2omgmt - ok
20:38:48.0687 2288 i2omp - ok
20:38:48.0703 2288 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:38:48.0781 2288 i8042prt - ok
20:38:48.0843 2288 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:38:48.0843 2288 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:38:48.0843 2288 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:38:48.0953 2288 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:38:48.0984 2288 idsvc - ok
20:38:49.0000 2288 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:38:49.0078 2288 Imapi - ok
20:38:49.0093 2288 ImapiService (891b69c3de6c55a7868b3bb52bc131aa) C:\WINDOWS\system32\imapi.exe
20:38:49.0171 2288 ImapiService - ok
20:38:49.0187 2288 ini910u - ok
20:38:49.0187 2288 IntelIde - ok
20:38:49.0203 2288 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:38:49.0281 2288 intelppm - ok
20:38:49.0296 2288 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:38:49.0359 2288 Ip6Fw - ok
20:38:49.0390 2288 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:38:49.0468 2288 IpFilterDriver - ok
20:38:49.0484 2288 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:38:49.0562 2288 IpInIp - ok
20:38:49.0578 2288 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:38:49.0640 2288 IpNat - ok
20:38:49.0703 2288 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program\iPod\bin\iPodService.exe
20:38:49.0718 2288 iPod Service - ok
20:38:49.0734 2288 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:38:49.0812 2288 IPSec - ok
20:38:49.0828 2288 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:38:49.0875 2288 IRENUM - ok
20:38:49.0875 2288 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:38:49.0953 2288 isapnp - ok
20:38:50.0046 2288 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program\Java\jre6\bin\jqs.exe
20:38:50.0046 2288 JavaQuickStarterService - ok
20:38:50.0062 2288 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:38:50.0125 2288 Kbdclass - ok
20:38:50.0140 2288 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:38:50.0203 2288 kmixer - ok
20:38:50.0234 2288 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:38:50.0281 2288 KSecDD - ok
20:38:50.0312 2288 lanmanserver (2c633a578d5adaaa821c675d65f959c5) C:\WINDOWS\System32\srvsvc.dll
20:38:50.0328 2288 lanmanserver - ok
20:38:50.0359 2288 LanmanWorkstation (eaa41d225b9da1314e0977c774864430) C:\WINDOWS\System32\wkssvc.dll
20:38:50.0375 2288 LanmanWorkstation - ok
20:38:50.0375 2288 Lavasoft Ad-Aware Service - ok
20:38:50.0375 2288 Lavasoft Kernexplorer - ok
20:38:50.0406 2288 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:38:50.0406 2288 Lbd - ok
20:38:50.0406 2288 lbrtfdc - ok
20:38:50.0484 2288 LightScribeService (c1135ae77cff2623a11da62f982e2a5f) C:\Program\Delade filer\LightScribe\LSSrvc.exe
20:38:50.0484 2288 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:38:50.0484 2288 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:38:50.0500 2288 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
20:38:50.0500 2288 lirsgt - ok
20:38:50.0531 2288 LmHosts (ee155cf65cdc8be1b4effa24a69fc924) C:\WINDOWS\System32\lmhsvc.dll
20:38:50.0609 2288 LmHosts - ok
20:38:50.0609 2288 m5228 - ok
20:38:50.0625 2288 m5281 - ok
20:38:50.0640 2288 MagicTune (f650ead361bcad08d544db5bbe7e8f35) C:\WINDOWS\system32\drivers\MTiCtwl.sys
20:38:50.0656 2288 MagicTune ( UnsignedFile.Multi.Generic ) - warning
20:38:50.0656 2288 MagicTune - detected UnsignedFile.Multi.Generic (1)
20:38:50.0687 2288 MagicTuneEngine (86504fe0759d4dce38e997921062df6b) C:\Program\MagicTune Premium\MagicTuneEngine.exe
20:38:50.0703 2288 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - warning
20:38:50.0703 2288 MagicTuneEngine - detected UnsignedFile.Multi.Generic (1)
20:38:50.0734 2288 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
20:38:50.0734 2288 mcdbus ( UnsignedFile.Multi.Generic ) - warning
20:38:50.0734 2288 mcdbus - detected UnsignedFile.Multi.Generic (1)
20:38:50.0750 2288 Messenger (363e8ebae26bb8b4987c91b4d3ce0f54) C:\WINDOWS\System32\msgsvc.dll
20:38:50.0812 2288 Messenger - ok
20:38:50.0843 2288 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:38:50.0921 2288 mnmdd - ok
20:38:50.0937 2288 mnmsrvc (2bc41300b822562ac0a524dcdd2da027) C:\WINDOWS\system32\mnmsrvc.exe
20:38:51.0015 2288 mnmsrvc - ok
20:38:51.0046 2288 mod7700 (941ef2e9da124dabb4a41cce5b4158ed) C:\WINDOWS\system32\Drivers\dvb7700all.sys
20:38:51.0062 2288 mod7700 ( UnsignedFile.Multi.Generic ) - warning
20:38:51.0062 2288 mod7700 - detected UnsignedFile.Multi.Generic (1)
20:38:51.0078 2288 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
20:38:51.0156 2288 Modem - ok
20:38:51.0156 2288 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:38:51.0234 2288 Mouclass - ok
20:38:51.0250 2288 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:38:51.0328 2288 mouhid - ok
20:38:51.0328 2288 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:38:51.0390 2288 MountMgr - ok
20:38:51.0421 2288 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program\Mozilla Maintenance Service\maintenanceservice.exe
20:38:51.0453 2288 MozillaMaintenance - ok
20:38:51.0468 2288 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:38:51.0546 2288 MPE - ok
20:38:51.0546 2288 mraid35x - ok
20:38:51.0562 2288 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:38:51.0640 2288 MRxDAV - ok
20:38:51.0671 2288 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:38:51.0718 2288 MRxSmb - ok
20:38:51.0750 2288 MSDTC (7a73fdeef6cf45d27edd73220eaf1c8f) C:\WINDOWS\system32\msdtc.exe
20:38:51.0828 2288 MSDTC - ok
20:38:51.0843 2288 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:38:51.0906 2288 Msfs - ok
20:38:51.0906 2288 MSIServer - ok
20:38:51.0921 2288 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:38:52.0000 2288 MSKSSRV - ok
20:38:52.0015 2288 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:38:52.0343 2288 MSPCLOCK - ok
20:38:52.0359 2288 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:38:52.0437 2288 MSPQM - ok
20:38:52.0453 2288 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:38:52.0531 2288 mssmbios - ok
20:38:52.0546 2288 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:38:52.0625 2288 MSTEE - ok
20:38:52.0656 2288 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
20:38:52.0703 2288 MTsensor - ok
20:38:52.0734 2288 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:38:52.0765 2288 Mup - ok
20:38:52.0781 2288 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:38:52.0859 2288 NABTSFEC - ok
20:38:52.0906 2288 napagent (28d11a2ecdfcb280624bd7006d85c38e) C:\WINDOWS\System32\qagentrt.dll
20:38:52.0984 2288 napagent - ok
20:38:53.0015 2288 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:38:53.0093 2288 NDIS - ok
20:38:53.0109 2288 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:38:53.0171 2288 NdisIP - ok
20:38:53.0187 2288 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:38:53.0218 2288 NdisTapi - ok
20:38:53.0218 2288 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:38:53.0296 2288 Ndisuio - ok
20:38:53.0312 2288 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:38:53.0375 2288 NdisWan - ok
20:38:53.0390 2288 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:38:53.0421 2288 NDProxy - ok
20:38:53.0421 2288 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:38:53.0515 2288 NetBIOS - ok
20:38:53.0531 2288 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:38:53.0593 2288 NetBT - ok
20:38:53.0625 2288 NetDDE (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe
20:38:53.0703 2288 NetDDE - ok
20:38:53.0703 2288 NetDDEdsdm (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe
20:38:53.0781 2288 NetDDEdsdm - ok
20:38:53.0796 2288 Netlogon (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
20:38:53.0859 2288 Netlogon - ok
20:38:53.0875 2288 Netman (7f791c1c9d3fec5d3f519c9db19465d3) C:\WINDOWS\System32\netman.dll
20:38:53.0953 2288 Netman - ok
20:38:54.0015 2288 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:38:54.0031 2288 NetTcpPortSharing - ok
20:38:54.0046 2288 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:38:54.0125 2288 NIC1394 - ok
20:38:54.0171 2288 Nla (d080a76f42dfe1e7af0c069ae5bad8fc) C:\WINDOWS\System32\mswsock.dll
20:38:54.0187 2288 Nla - ok
20:38:54.0203 2288 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
20:38:54.0265 2288 nm - ok
20:38:54.0296 2288 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
20:38:54.0312 2288 NPF - ok
20:38:54.0328 2288 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:38:54.0390 2288 Npfs - ok
20:38:54.0390 2288 npggsvc - ok
20:38:54.0421 2288 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:38:54.0500 2288 Ntfs - ok
20:38:54.0515 2288 NtLmSsp (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
20:38:54.0578 2288 NtLmSsp - ok
20:38:54.0609 2288 NtmsSvc (5fd9f539baf23288d131f1b709a62807) C:\WINDOWS\system32\ntmssvc.dll
20:38:54.0703 2288 NtmsSvc - ok
20:38:54.0750 2288 nTuneService - ok
20:38:54.0781 2288 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:38:54.0843 2288 Null - ok
20:38:55.0234 2288 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:38:55.0750 2288 nv - ok
20:38:55.0828 2288 nv3 (fd6d989ad4f14447bc634aa2eba4d169) C:\WINDOWS\system32\DRIVERS\nv3.sys
20:38:55.0890 2288 nv3 - ok
20:38:55.0921 2288 NVENETFD (974551a956f3269f460d4b18101eec46) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:38:55.0937 2288 NVENETFD - ok
20:38:55.0953 2288 nvgts (1f790624ab1619cae0c78597bd33615b) C:\WINDOWS\system32\DRIVERS\nvgts.sys
20:38:55.0984 2288 nvgts - ok
20:38:56.0000 2288 nvnetbus (7fc2baf84006f28cb9f477a167fff9ba) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:38:56.0015 2288 nvnetbus - ok
20:38:56.0031 2288 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
20:38:56.0140 2288 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning
20:38:56.0140 2288 NVR0Dev - detected UnsignedFile.Multi.Generic (1)
20:38:56.0140 2288 NVR0FLASHDev - ok
20:38:56.0171 2288 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
20:38:56.0187 2288 NVSvc - ok
20:38:56.0312 2288 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:38:56.0375 2288 nvUpdatusService - ok
20:38:56.0453 2288 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:38:56.0546 2288 NwlnkFlt - ok
20:38:56.0562 2288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:38:56.0625 2288 NwlnkFwd - ok
20:38:56.0656 2288 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:38:56.0718 2288 ohci1394 - ok
20:38:56.0750 2288 P0630VID (74446252eeae950240972108bbac2fbd) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
20:38:56.0781 2288 P0630VID - ok
20:38:56.0796 2288 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\drivers\Parport.sys
20:38:56.0859 2288 Parport - ok
20:38:56.0875 2288 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:38:56.0953 2288 PartMgr - ok
20:38:56.0968 2288 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
20:38:57.0046 2288 ParVdm - ok
20:38:57.0062 2288 Passwdrenew (63b6c2ee767a2be0d2b2b85879f93db2) C:\WINDOWS\system32\rnpasswd.exe
20:38:57.0078 2288 Passwdrenew ( UnsignedFile.Multi.Generic ) - warning
20:38:57.0078 2288 Passwdrenew - detected UnsignedFile.Multi.Generic (1)
20:38:57.0078 2288 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
20:38:57.0156 2288 PCI - ok
20:38:57.0156 2288 PCIDump - ok
20:38:57.0171 2288 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:38:57.0234 2288 PCIIde - ok
20:38:57.0265 2288 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:38:57.0328 2288 Pcmcia - ok
20:38:57.0328 2288 PDCOMP - ok
20:38:57.0328 2288 PDFRAME - ok
20:38:57.0343 2288 PDRELI - ok
20:38:57.0343 2288 PDRFRAME - ok
20:38:57.0359 2288 perc2 - ok
20:38:57.0359 2288 perc2hib - ok
20:38:57.0390 2288 PlugPlay (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe
20:38:57.0406 2288 PlugPlay - ok
20:38:57.0421 2288 PolicyAgent (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
20:38:57.0484 2288 PolicyAgent - ok
20:38:57.0500 2288 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:38:57.0562 2288 PptpMiniport - ok
20:38:57.0578 2288 ProtectedStorage (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
20:38:57.0640 2288 ProtectedStorage - ok
20:38:57.0640 2288 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:38:57.0718 2288 PSched - ok
20:38:57.0734 2288 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:38:57.0796 2288 Ptilink - ok
20:38:57.0796 2288 ql1080 - ok
20:38:57.0812 2288 Ql10wnt - ok
20:38:57.0812 2288 ql12160 - ok
20:38:57.0812 2288 ql1240 - ok
20:38:57.0812 2288 ql1280 - ok
20:38:57.0828 2288 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:38:57.0906 2288 RasAcd - ok
20:38:57.0937 2288 RasAuto (15d787dffce46cfc4c7f567095ce8323) C:\WINDOWS\System32\rasauto.dll
20:38:58.0000 2288 RasAuto - ok
20:38:58.0015 2288 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:38:58.0093 2288 Rasl2tp - ok
20:38:58.0109 2288 RasMan (1e86de6b0df33953cf9ce449dd6e8442) C:\WINDOWS\System32\rasmans.dll
20:38:58.0187 2288 RasMan - ok
20:38:58.0187 2288 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:38:58.0250 2288 RasPppoe - ok
20:38:58.0250 2288 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:38:58.0328 2288 Raspti - ok
20:38:58.0343 2288 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:38:58.0406 2288 Rdbss - ok
20:38:58.0406 2288 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:38:58.0484 2288 RDPCDD - ok
20:38:58.0500 2288 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:38:58.0562 2288 rdpdr - ok
20:38:58.0593 2288 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:38:58.0640 2288 RDPWD - ok
20:38:58.0656 2288 RDSessMgr (fe7c16fa5cbc560579c9728534fbaf6f) C:\WINDOWS\system32\sessmgr.exe
20:38:58.0734 2288 RDSessMgr - ok
20:38:58.0750 2288 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:38:58.0812 2288 redbook - ok
20:38:58.0843 2288 RemoteAccess (fcd42d82c6f5e0e1506eca01d692dde7) C:\WINDOWS\System32\mprdim.dll
20:38:58.0937 2288 RemoteAccess - ok
20:38:58.0968 2288 RemoteRegistry (66bc81fea0c86632255b696a69ba9827) C:\WINDOWS\system32\regsvc.dll
20:38:59.0031 2288 RemoteRegistry - ok
20:38:59.0031 2288 RivaTuner32 - ok
20:38:59.0093 2288 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program\WinPcap\rpcapd.exe
20:38:59.0109 2288 rpcapd - ok
20:38:59.0140 2288 RpcLocator (2cfb81b412a5d3cbd55cefaccb5e2cee) C:\WINDOWS\system32\locator.exe
20:38:59.0203 2288 RpcLocator - ok
20:38:59.0250 2288 RpcSs (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\system32\rpcss.dll
20:38:59.0265 2288 RpcSs - ok
20:38:59.0296 2288 RSVP (72407e48f912ed57213ae474b8a6798b) C:\WINDOWS\system32\rsvp.exe
20:38:59.0375 2288 RSVP - ok
20:38:59.0390 2288 SamSs (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
20:38:59.0468 2288 SamSs - ok
20:38:59.0468 2288 SbieDrv - ok
20:38:59.0468 2288 SbieSvc - ok
20:38:59.0500 2288 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREdrv.sys
20:38:59.0500 2288 SBRE - ok
20:38:59.0515 2288 SCardSvr (d339f34d824a7d42ff4d61f1d9d06029) C:\WINDOWS\System32\SCardSvr.exe
20:38:59.0593 2288 SCardSvr - ok
20:38:59.0609 2288 SCDEmu (a73ae2510014103a44a5a58845219dcb) C:\WINDOWS\system32\drivers\SCDEmu.sys
20:38:59.0609 2288 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
20:38:59.0609 2288 SCDEmu - detected UnsignedFile.Multi.Generic (1)
20:38:59.0640 2288 Schedule (c7dc69a9d8c9ab2fbca3238c989d598f) C:\WINDOWS\system32\schedsvc.dll
20:38:59.0718 2288 Schedule - ok
20:38:59.0734 2288 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:38:59.0765 2288 Secdrv - ok
20:38:59.0781 2288 seclogon (ed70eb06f13062366b126b1c7475c127) C:\WINDOWS\System32\seclogon.dll
20:38:59.0843 2288 seclogon - ok
20:38:59.0843 2288 SenFiltService - ok
20:38:59.0859 2288 SENS (ea7b436a948c875dc94c6062fcbbc2d9) C:\WINDOWS\system32\sens.dll
20:38:59.0937 2288 SENS - ok
20:38:59.0968 2288 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
20:38:59.0984 2288 Sentinel ( UnsignedFile.Multi.Generic ) - warning
20:38:59.0984 2288 Sentinel - detected UnsignedFile.Multi.Generic (1)
20:39:00.0000 2288 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:39:00.0062 2288 serenum - ok
20:39:00.0093 2288 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\DRIVERS\serial.sys
20:39:00.0156 2288 Serial - ok
20:39:00.0171 2288 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:39:00.0250 2288 Sfloppy - ok
20:39:00.0265 2288 SharedAccess (30e1a46734bdf836c8770949c86b42a4) C:\WINDOWS\System32\ipnathlp.dll
20:39:00.0359 2288 SharedAccess - ok
20:39:00.0390 2288 ShellHWDetection (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
20:39:00.0406 2288 ShellHWDetection - ok
20:39:00.0406 2288 Simbad - ok
20:39:00.0578 2288 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:39:00.0703 2288 Skype C2C Service - ok
20:39:00.0765 2288 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program\Skype\Updater\Updater.exe
20:39:00.0781 2288 SkypeUpdate - ok
20:39:00.0828 2288 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:39:00.0906 2288 SLIP - ok
20:39:00.0921 2288 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
20:39:00.0937 2288 SmartDefragDriver - ok
20:39:00.0953 2288 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
20:39:00.0968 2288 Sntnlusb ( UnsignedFile.Multi.Generic ) - warning
20:39:00.0968 2288 Sntnlusb - detected UnsignedFile.Multi.Generic (1)
20:39:00.0968 2288 Sparrow - ok
20:39:00.0984 2288 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:39:01.0046 2288 splitter - ok
20:39:01.0078 2288 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:39:01.0109 2288 Spooler - ok
20:39:01.0140 2288 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\WINDOWS\System32\Drivers\sptd.sys
20:39:01.0140 2288 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
20:39:01.0140 2288 sptd ( LockedFile.Multi.Generic ) - warning
20:39:01.0140 2288 sptd - detected LockedFile.Multi.Generic (1)
20:39:01.0156 2288 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
20:39:01.0203 2288 sr - ok
20:39:01.0234 2288 srservice (25edb60132f9d82cb1b7961c1d0d13f2) C:\WINDOWS\system32\srsvc.dll
20:39:01.0281 2288 srservice - ok
20:39:01.0296 2288 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:39:01.0343 2288 Srv - ok
20:39:01.0359 2288 SSDPSRV (53ffc29dc150e0107f28f0a622ff8d1a) C:\WINDOWS\System32\ssdpsrv.dll
20:39:01.0390 2288 SSDPSRV - ok
20:39:01.0421 2288 stisvc (5835d4ad35905215e1059a973b022ea1) C:\WINDOWS\system32\wiaservc.dll
20:39:01.0515 2288 stisvc - ok
20:39:01.0531 2288 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:39:01.0609 2288 streamip - ok
20:39:01.0625 2288 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:39:01.0687 2288 swenum - ok
20:39:01.0703 2288 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:39:01.0765 2288 swmidi - ok
20:39:01.0781 2288 SwPrv - ok
20:39:01.0781 2288 symc810 - ok
20:39:01.0781 2288 symc8xx - ok
20:39:01.0796 2288 sym_hi - ok
20:39:01.0796 2288 sym_u3 - ok
20:39:01.0812 2288 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:39:01.0890 2288 sysaudio - ok
20:39:01.0921 2288 SysmonLog (71a08eec00a703445a2cbc0e91ef0952) C:\WINDOWS\system32\smlogsvc.exe
20:39:01.0984 2288 SysmonLog - ok
20:39:02.0000 2288 tap0801 (0c82061920a2de35d33c2c2bb83b1e98) C:\WINDOWS\system32\DRIVERS\tap0801.sys
20:39:02.0015 2288 tap0801 ( UnsignedFile.Multi.Generic ) - warning
20:39:02.0015 2288 tap0801 - detected UnsignedFile.Multi.Generic (1)
20:39:02.0031 2288 TapiSrv (18261106524f7a93ceceacdc03a5b989) C:\WINDOWS\System32\tapisrv.dll
20:39:02.0093 2288 TapiSrv - ok
20:39:02.0125 2288 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:39:02.0156 2288 Tcpip - ok
20:39:02.0203 2288 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:39:02.0281 2288 TDPIPE - ok
20:39:02.0296 2288 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:39:02.0359 2288 TDTCP - ok
20:39:02.0375 2288 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:39:02.0453 2288 TermDD - ok
20:39:02.0468 2288 TermService (f89c53d455420df4d66e45842fb3a46e) C:\WINDOWS\System32\termsrv.dll
20:39:02.0546 2288 TermService - ok
20:39:02.0578 2288 Themes (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
20:39:02.0578 2288 Themes - ok
20:39:02.0609 2288 TlntSvr (cc4c1aae22088304c715ac9d26f2d4c1) C:\WINDOWS\system32\tlntsvr.exe
20:39:02.0671 2288 TlntSvr - ok
20:39:02.0671 2288 TosIde - ok
20:39:02.0671 2288 TrkWks (548867e040cb81a82b5df09d074f95f8) C:\WINDOWS\system32\trkwks.dll
20:39:02.0750 2288 TrkWks - ok
20:39:02.0781 2288 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
20:39:02.0859 2288 uagp35 - ok
20:39:02.0875 2288 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:39:02.0953 2288 Udfs - ok
20:39:02.0953 2288 ultra - ok
20:39:02.0968 2288 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:39:03.0046 2288 Update - ok
20:39:03.0062 2288 upnphost (b1222a2302480d56a32c5343150bb16d) C:\WINDOWS\System32\upnphost.dll
20:39:03.0109 2288 upnphost - ok
20:39:03.0125 2288 UPS (7b07af3d4545ad6fee34b5f2eb247c8f) C:\WINDOWS\System32\ups.exe
20:39:03.0187 2288 UPS - ok
20:39:03.0218 2288 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:39:03.0218 2288 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
20:39:03.0218 2288 USBAAPL - detected UnsignedFile.Multi.Generic (1)
20:39:03.0250 2288 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:39:03.0312 2288 usbehci - ok
20:39:03.0328 2288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:39:03.0390 2288 usbhub - ok
20:39:03.0406 2288 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:39:03.0468 2288 usbohci - ok
20:39:03.0500 2288 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:39:03.0593 2288 usbprint - ok
20:39:03.0593 2288 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:39:03.0656 2288 USBSTOR - ok
20:39:03.0671 2288 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:39:03.0750 2288 usbuhci - ok
20:39:03.0765 2288 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:39:03.0828 2288 VgaSave - ok
20:39:03.0828 2288 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:39:03.0906 2288 ViaIde - ok
20:39:03.0906 2288 Video3D - ok
20:39:03.0937 2288 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
20:39:04.0015 2288 VolSnap - ok
20:39:04.0031 2288 VSS (940950dc9e34b05986bbbb1d1a33b74f) C:\WINDOWS\System32\vssvc.exe
20:39:04.0078 2288 VSS - ok
20:39:04.0109 2288 W32Time (4bf06a1dcd6a91c482e79340fee527ca) C:\WINDOWS\system32\w32time.dll
20:39:04.0187 2288 W32Time - ok
20:39:04.0203 2288 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:39:04.0265 2288 Wanarp - ok
20:39:04.0312 2288 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:39:04.0343 2288 Wdf01000 - ok
20:39:04.0343 2288 WDICA - ok
20:39:04.0359 2288 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:39:04.0437 2288 wdmaud - ok
20:39:04.0484 2288 WebClient (e6dfcadf5089a68ecd288e9a803a892c) C:\WINDOWS\System32\webclnt.dll
20:39:04.0562 2288 WebClient - ok
20:39:04.0640 2288 winmgmt (cf4e2a27495f7ea6b3128d9a731b3716) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:39:04.0703 2288 winmgmt - ok
20:39:04.0765 2288 WinRM (5d1aae4d253f9ae0df48bf62f0fd13ae) C:\WINDOWS\system32\WsmSvc.dll
20:39:04.0828 2288 WinRM - ok
20:39:04.0953 2288 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:39:05.0000 2288 wlidsvc - ok
20:39:05.0046 2288 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:39:05.0078 2288 WmdmPmSN - ok
20:39:05.0125 2288 Wmi (b5ff0001533be01dfbd995d7a60a7daa) C:\WINDOWS\System32\advapi32.dll
20:39:05.0171 2288 Wmi - ok
20:39:05.0203 2288 WmiApSrv (9bfadc02a9e27bfdff59e61302f92517) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:39:05.0281 2288 WmiApSrv - ok
20:39:05.0359 2288 WMPNetworkSvc (de188dd69ca74b1512adc5a7639523b2) C:\Program\Windows Media Player\WMPNetwk.exe
20:39:05.0390 2288 WMPNetworkSvc - ok
20:39:05.0421 2288 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:39:05.0437 2288 WpdUsb - ok
20:39:05.0546 2288 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:39:05.0562 2288 WPFFontCache_v0400 - ok
20:39:05.0593 2288 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:39:05.0671 2288 WS2IFSL - ok
20:39:05.0703 2288 wscsvc (4ac32513fa47c8219448269bf895fc34) C:\WINDOWS\system32\wscsvc.dll
20:39:05.0765 2288 wscsvc - ok
20:39:05.0796 2288 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:39:05.0875 2288 WSTCODEC - ok
20:39:05.0890 2288 wuauserv (4ceaf29d35c2608c6463e80574ddca10) C:\WINDOWS\system32\wuauserv.dll
20:39:05.0968 2288 wuauserv - ok
20:39:05.0984 2288 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:39:06.0015 2288 WudfPf - ok
20:39:06.0015 2288 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:39:06.0046 2288 WudfRd - ok
20:39:06.0062 2288 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:39:06.0078 2288 WudfSvc - ok
20:39:06.0109 2288 WZCSVC (5ec7d7f83640a921b5c616d9650520fd) C:\WINDOWS\System32\wzcsvc.dll
20:39:06.0187 2288 WZCSVC - ok
20:39:06.0187 2288 xcpip - ok
20:39:06.0187 2288 XDva132 - ok
20:39:06.0265 2288 xmlprov (5b3d475aa8629320686fbffbe67ab492) C:\WINDOWS\System32\xmlprov.dll
20:39:06.0343 2288 xmlprov - ok
20:39:06.0359 2288 xpsec - ok
20:39:06.0375 2288 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
20:39:06.0421 2288 xusb21 - ok
20:39:06.0453 2288 yukonwxp (05d48e56ea2612d39a4e7f0ecc17b917) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
20:39:06.0453 2288 yukonwxp ( UnsignedFile.Multi.Generic ) - warning
20:39:06.0453 2288 yukonwxp - detected UnsignedFile.Multi.Generic (1)
20:39:06.0484 2288 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:39:06.0937 2288 \Device\Harddisk0\DR0 - ok
20:39:06.0937 2288 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:39:06.0984 2288 \Device\Harddisk1\DR1 - ok
20:39:07.0000 2288 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR4
20:39:07.0187 2288 \Device\Harddisk2\DR4 - ok
20:39:07.0187 2288 Boot (0x1200) (0ddc27ad70e41d4f8ad35c07d0a2d36e) \Device\Harddisk0\DR0\Partition0
20:39:07.0187 2288 \Device\Harddisk0\DR0\Partition0 - ok
20:39:07.0187 2288 Boot (0x1200) (1bee215ada32ae4fe484b576b4927b9b) \Device\Harddisk1\DR1\Partition0
20:39:07.0203 2288 \Device\Harddisk1\DR1\Partition0 - ok
20:39:07.0218 2288 Boot (0x1200) (e1548a7d95090eba3474ccad9fbb8a79) \Device\Harddisk2\DR4\Partition0
20:39:07.0218 2288 \Device\Harddisk2\DR4\Partition0 - ok
20:39:07.0218 2288 ============================================================
20:39:07.0218 2288 Scan finished
20:39:07.0218 2288 ============================================================
20:39:07.0328 1368 Detected object count: 20
20:39:07.0328 1368 Actual detected object count: 20
20:39:17.0687 1368 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0687 1368 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0687 1368 cpuz132 ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0687 1368 cpuz132 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 mod7700 ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 mod7700 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 Passwdrenew ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 Passwdrenew ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 Sntnlusb ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 Sntnlusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:17.0703 1368 yukonwxp ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:17.0703 1368 yukonwxp ( UnsignedFile.Multi.Generic ) - User select action: Skip


The first time I ran it it located a rootkit, this was 'cured' and then rebooted, I had not pressed save report before it restarted the computer so technically I guess this is the second scan...

ComboFix 12-07-27.03 - Simon 2012-07-28 20:57:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3326.2166 [GMT 2:00]
Körs från: c:\mina dokument\Hõmtade filer\Tibia\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Skapade en ny återställningspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\6BE50C2B.TMP
c:\documents and settings\root\WINDOWS
c:\documents and settings\Simon\Application Data\mIRC\logs\status.log
c:\documents and settings\Simon\WINDOWS
C:\install.exe
c:\program\akl
c:\program\akl\uninstall.exe
c:\program\akl\unsetup.exe
c:\program\Inet Delivery
c:\program\Inet Delivery\intdel.exe
c:\windows\FVProtect.exe
c:\windows\iTunesMusic.exe
c:\windows\iun6002.exe
c:\windows\mslagent
c:\windows\mslagent\uninstall.exe
c:\windows\mssecu.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\akttzn.exe
c:\windows\system32\awtoolb.dll
c:\windows\system32\bdn.com
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dpcproxy.exe
c:\windows\system32\emesx.dll
c:\windows\system32\hoproxy.dll
c:\windows\system32\hxiwlgpm.dat
c:\windows\system32\hxiwlgpm.exe
c:\windows\system32\medup012.dll
c:\windows\system32\medup020.dll
c:\windows\system32\msgp.exe
c:\windows\system32\mssecu.exe
c:\windows\system32\mtr2.exe
c:\windows\system32\mwin32.exe
c:\windows\system32\netode.exe
c:\windows\system32\newsd32.exe
c:\windows\system32\OLD234.tmp
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\ps1.exe
c:\windows\system32\regc64.dll
c:\windows\system32\Rundl1.exe
c:\windows\system32\SET106.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET12D.tmp
c:\windows\system32\SET130.tmp
c:\windows\system32\SET131.tmp
c:\windows\system32\SET133.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET14E.tmp
c:\windows\system32\SET15B.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET164.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E3.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA8.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\SETE1.tmp
c:\windows\system32\SETE5.tmp
c:\windows\system32\SETE9.tmp
c:\windows\system32\SETEA.tmp
c:\windows\system32\SETEC.tmp
c:\windows\system32\SETF7.tmp
c:\windows\system32\smp
c:\windows\system32\smp\msrc.exe
c:\windows\system32\sncntr.exe
c:\windows\system32\ssvchost.com
c:\windows\system32\ssvchost.exe
c:\windows\system32\sysreq.exe
c:\windows\system32\taack.dat
c:\windows\system32\taack.exe
c:\windows\system32\temp#01.exe
c:\windows\system32\thun.dll
c:\windows\system32\VBIEWER.OCX
c:\windows\system32\vcatchpi.dll
c:\windows\system32\winlogonpc.exe
c:\windows\system32\WINWGPX.EXE
c:\windows\userconfig9x.dll
c:\windows\winsystem.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
(((((((((((((((((((((((( Filer skapade från 2012-06-28 till 2012-07-28 ))))))))))))))))))))))))))))))
.
.
2099-05-27 16:44 . 2099-05-27 16:44 -------- d-----w- c:\documents and settings\NetworkService\Lokala inställningar\Application Data\PCHealth
2099-05-27 16:39 . 2011-09-27 09:04 -------- d-----w- c:\documents and settings\Simon\Lokala inställningar\Application Data\MigWiz
2012-07-28 18:32 . 2012-07-28 18:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-28 17:19 . 2012-07-28 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\media center programs
2012-07-24 05:19 . 2012-07-24 05:19 -------- d-----w- c:\documents and settings\NetworkService\Lokala inställningar\Application Data\Apple
2012-07-18 19:45 . 2012-07-18 19:45 -------- d-----w- c:\documents and settings\Simon\Lokala inställningar\Application Data\ESET
2012-07-11 05:24 . 2012-07-11 05:24 -------- d-sh--w- c:\documents and settings\UpdatusUser\IETldCache
2012-07-10 19:31 . 2012-07-10 19:31 -------- d-----w- c:\program\iPod
2012-07-10 19:30 . 2012-07-10 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-07-10 19:29 . 2012-07-10 19:29 -------- d-----w- c:\program\Apple Software Update
2012-07-10 19:26 . 2012-07-10 19:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-07-10 14:00 . 2012-07-10 14:00 -------- d-----w- c:\windows\system32\Adobe
2012-07-05 16:45 . 2012-07-05 16:45 5030088 ----a-w- c:\program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 16:37 . 2012-03-30 15:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 16:37 . 2011-08-22 14:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 07:13 . 2012-06-14 07:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-14 07:13 . 2012-06-14 07:13 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-14 07:13 . 2012-03-30 20:41 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 15:44 . 2007-03-05 23:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-13 13:55 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2009-08-19 15:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2007-07-30 18:18 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-05-20 13:21 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-05-20 13:21 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-05-20 13:21 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-05-20 15:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-05-20 13:21 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-05-20 13:21 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:23 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:23 23064 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-06 17:23 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-05-20 13:21 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-05-20 13:21 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2008-03-24 16:26 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2008-03-24 16:26 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 16:35 . 2012-05-22 16:18 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-05-05 03:14 . 2004-08-04 12:00 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 01:25 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2007-05-20 13:20 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-30 20:28 . 2012-04-30 20:28 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2012-04-30 20:28 . 2012-04-30 20:28 17212 ----a-w- c:\windows\system32\SIntf32.dll
2012-04-30 20:28 . 2012-04-30 20:28 12067 ----a-w- c:\windows\system32\SIntf16.dll
2012-04-30 20:23 . 2012-04-30 20:23 94208 ----a-w- c:\windows\DIIUnin.exe
2012-04-30 20:23 . 2012-04-30 20:23 2829 ----a-w- c:\windows\DIIUnin.pif
2009-03-04 17:21 . 2009-03-04 17:21 270128 ----a-w- c:\program\utorrent.exe
2004-05-29 16:04 . 2007-08-04 15:40 98304 ----a-w- c:\program\xp_remove_hotfix_backup.exe
1997-06-27 22:01 . 2007-05-23 07:39 35840 ----a-w- c:\program\AUTOEJCT.EXE
2012-07-18 16:13 . 2011-09-21 13:36 136672 ----a-w- c:\program\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"DAEMON Tools Lite"="c:\program\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program\Skype\Phone\Skype.exe" [2012-07-03 17417392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"CloneCDTray"="c:\program\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"egui"="c:\program\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program\Delade filer\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="d:\program\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-04-04 44544]
.
c:\documents and settings\root\Start-meny\Program\Autostart\
ERUNT AutoBackup.lnk - c:\program\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\Simon\Start-meny\Program\Autostart\
ERUNT AutoBackup.lnk - c:\program\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
TimeLeft.lnk - d:\program\TimeLeft3\TimeLeft.exe [2012-6-8 2040616]
.
c:\documents and settings\All Users\Start-meny\Program\Autostart\
KatMouse.lnk - c:\program\KatMouse\KatMouse.exe [2005-9-24 50176]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^GammaTray.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
2005-02-01 18:28 1469952 ----a-w- c:\program\DU Meter\DUMeter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN]
2011-09-10 15:14 347008 ----a-w- c:\documents and settings\All Users\Application Data\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news)]
2011-09-10 15:14 347008 ----a-w- c:\documents and settings\All Users\Application Data\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update)]
2011-09-10 15:14 347008 ----a-w- c:\documents and settings\All Users\Application Data\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- d:\program\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0630 STISvc]
2005-06-05 17:01 36864 ----a-r- c:\windows\system32\P0630Pin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program\Delade filer\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-13 15:44 296056 ----a-w- d:\program\Realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"ekrn"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"d:\\program\\Spotify\\spotify.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\program\\VentriloNy\\Ventrilo.exe"=
"c:\\Program\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Mina dokument\\Hämtade filer\\Tibia\\Diablo-III-8370-enGB-Installer-downloader.exe"=
"c:\\Program\\MagicTune Premium\\MagicTune.exe"=
"c:\\Spel\\Steam\\Steam\\steamapps\\common\\age of empires online\\AOEOnline.exe"=
"c:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"d:\\program\\iTunes\\iTunes.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"8394:TCP"= 8394:TCP:League of Legends Launcher
"58130:TCP"= 58130:TCP:Pando Media Booster
"58130:UDP"= 58130:UDP:Pando Media Booster
"57886:TCP"= 57886:TCP:Pando Media Booster
"57886:UDP"= 57886:UDP:Pando Media Booster
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"58018:TCP"= 58018:TCP:Pando Media Booster
"58018:UDP"= 58018:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-08-10 64512]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-05-22 14776]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-08-04 103112]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-29 101720]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
R2 ekrn;ESET Service;c:\program\Eset\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program\Adaware\AAWService.exe [2011-08-18 2152152]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-04-05 2348352]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S0 m5228;m5228;c:\windows\system32\DRIVERS\m5228.sys --> c:\windows\system32\DRIVERS\m5228.sys [?]
S0 m5281;m5281;c:\windows\system32\DRIVERS\m5281.sys --> c:\windows\system32\DRIVERS\m5281.sys [?]
S2 Passwdrenew;Passwdrenew;System32\rnpasswd.exe --> System32\rnpasswd.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 250056]
S3 es_07a5le.sys;es_07a5le.sys;\??\c:\windows\system32\drivers\es_07a5le.sys --> c:\windows\system32\drivers\es_07a5le.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\temp\QDV6AA.tmp --> c:\temp\QDV6AA.tmp [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program\Adaware\kernexplorer.sys [2011-08-18 15232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 nv3;nv3;c:\windows\system32\drivers\nv3.sys [2007-06-15 198144]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2007-07-28 91841]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
S3 XDva132;XDva132;\??\c:\windows\system32\XDva132.sys --> c:\windows\system32\XDva132.sys [?]
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-07-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program\Adaware\Ad-AwareAdmin.exe [2011-08-18 22:37]
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:37]
.
2012-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-113007714-839522115-1004.job
- c:\program\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-07-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-113007714-839522115-1004.job
- c:\program\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2011-11-18 c:\windows\Tasks\script.job
- c:\documents and settings\Simon\Skrivbord\script.bat [2010-01-07 21:16]
.
2012-07-28 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program\IObit\Smart Defrag 2\SmartDefrag.exe [2012-01-28 14:19]
.
2012-07-27 c:\windows\Tasks\User_Feed_Synchronization-{07B16E4F-F152-4E8F-8589-4DBC7A88C970}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
2012-07-28 c:\windows\Tasks\User_Feed_Synchronization-{4594A47E-546A-465D-BDA9-39737758D55D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Extra genomsökning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{68EC4009-C1F1-412E-8294-9F60C0B5559A}: NameServer = 148.160.16.66
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\2cihnqmz.default\
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Notify-winexz32 - winexz32.dll
MSConfigStartUp-ChangeFilterMerit - c:\program\NewSoft\Presto! PVR\ChangeFilterMerit.exe
AddRemove-Final Fantasy VII - c:\spel\Final Fantasy VII\Uninst.isu
AddRemove-RealPlayer 15.0 - d:\program\realplayer\Update\r1puninst.exe
AddRemove-S3 Gold - c:\spel\bluebyte\settlers3\Uninst.isu
AddRemove-uTorrent - c:\program\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-28 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\temp\QDV6AA.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-113007714-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:f1,5c,30,2f,28,3c,39,67,a9,ee,d1,1c,bc,90,d4,f7,e8,81,18,c1,5c,
93,d3,29,ed,41,3a,07,f4,22,08,a4,b1,23,29,1d,8e,db,c0,a6,06,ab,81,52,69,84,\
"rkeysecu"=hex:89,05,8c,74,f4,c0,a4,8e,b9,6e,e1,45,90,37,d8,a4
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'explorer.exe'(468)
c:\program\KatMouse\KatMouseS.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program\Bonjour\mDNSResponder.exe
c:\program\Java\jre6\bin\jqs.exe
c:\program\Delade filer\LightScribe\LSSrvc.exe
c:\program\MagicTune Premium\MagicTuneEngine.exe
c:\program\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wscntfy.exe
c:\program\Delade filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\StartupMonitor.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
d:\program\Adaware\AAWTray.exe
c:\program\MagicTune Premium\MagicTune.exe
.
**************************************************************************
.
Sluttid: 2012-07-28 21:12:47 - datorn startades om.
ComboFix-quarantined-files.txt 2012-07-28 19:12
.
Före genomsökningen: 39 116 488 704 byte ledigt
Efter genomsökningen: 39 169 748 992 byte ledigt
.
WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
.
- - End Of File - - A6DC8BA5AB05DFDAF494B394A05ABFF6

Nod and adaware are on again, I have not yet tried browsing and the program crashes are as before mentioned random, therefore hard to test out.
  • 0

#6
CompCav
Posted 28 July 2012 - 01:48 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
I need you to check a file for me.

To use Virustotal go Here
Posted Image

  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • In the File name box, type, or copy and paste the following and click Open: NOTE.. Only one file per scan
  • c:\windows\system32\drivers\es_07a5le.sys
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button and wait for the reply.
  • Copy and paste the Virustotal link(s) (URL) in your next reply

  • 0

#7
Ardelo
Posted 28 July 2012 - 01:51 PM

Ardelo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I tried, but I do not seem to have that file. I first simply copied your path, which did not work, I then manually went through the folders and the file does not visibly exist there.
  • 0

#8
CompCav
Posted 28 July 2012 - 02:17 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

We need to disable Spybot S&D's "TeaTimer".

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode and then on "Advanced Mode".
    Posted Image
  • You may be presented with a warning dialog. If so, press Yes.
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck these checkboxes:
    Posted Image
  • Close/Exit Spybot Search and Destroy.

After you disable it please uninstall it and reboot. You have Lavasoft's Ad-Aware and do not need two resident antispyware programs.


Step 2.


Please uninstall:

DNA (BitTorrent DNA)
µTorrent

These P2P programs are malware highways into your computer.


Step 3.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva132.sys -- (XDva132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\TEMP\QDV6AA.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es_07a5le.sys -- (es_07a5le.sys)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ac1jvdzq)
[2007-10-06 11:06:22 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008-12-28 14:18:31 | 484,521,741 | ---- | M] (Macrovision Corporation) -- C:\Conquer_v5087.exe
[2007-11-07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe



:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4.

Please open OTL again, select all users and click Quick Scan.

Post the OTL.txt it produces.


Step 5.


Please post:

OTL fix log
OTL.txt

Update me on your computer issues.
  • 0

#9
Ardelo
Posted 28 July 2012 - 05:37 PM

Ardelo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
All processes killed
========== OTL ==========
Service XDva132 stopped successfully!
Service XDva132 deleted successfully!
File C:\WINDOWS\system32\XDva132.sys not found.
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
File C:\TEMP\QDV6AA.tmp not found.
Service es_07a5le.sys stopped successfully!
Service es_07a5le.sys deleted successfully!
File C:\WINDOWS\system32\drivers\es_07a5le.sys not found.
Error: No service named ac1jvdzq was found to stop!
Service\Driver key ac1jvdzq not found.
C:\Documents and Settings\All Users\Application Data\.zreglib moved successfully.
C:\Conquer_v5087.exe moved successfully.
File C:\install.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Mina dokument\Hämtade filer\Tibia\cmd.bat deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: root
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5537862 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15413544 bytes
->Flash cache emptied: 1432 bytes

User: Simon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5114290 bytes
->Java cache emptied: 193680 bytes
->FireFox cache emptied: 951836014 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 43796 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2288877 bytes
%systemroot%\System32 .tmp files removed: 2578 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 309256 bytes
Session Manager Tmp folder emptied: 0 bytes
RecycleBin emptied: 541226 bytes

Total Files Cleaned = 936,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 07292012_012514

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 2012-07-29 01:31:30 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Mina dokument\Hämtade filer\Tibia
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 68,54% Memory free
6,34 Gb Paging File | 5,63 Gb Available in Paging File | 88,87% Paging File free
Paging file location(s): C:\pagefile.sys 3326 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 139,73 Gb Total Space | 37,76 Gb Free Space | 27,03% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 30,16 Gb Free Space | 4,32% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 53,84 Gb Free Space | 72,24% Space Free | Partition Type: NTFS
Drive F: | 586,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 6,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SIMTOR | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-28 19:58:36 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Mina dokument\Hämtade filer\Tibia\OTL(1).exe
PRC - [2012-07-18 18:13:58 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\firefox.exe
PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-05-24 20:33:34 | 002,040,616 | ---- | M] (NesterSoft Inc.) -- D:\program\TimeLeft3\TimeLeft.exe
PRC - [2012-05-24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012-05-11 16:19:42 | 001,599,832 | ---- | M] (IObit) -- C:\Program\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012-03-01 01:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-01-18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Delade filer\Java\Java Update\jusched.exe
PRC - [2011-10-27 00:37:15 | 001,191,216 | ---- | M] (Lavasoft Limited) -- D:\program\Adaware\AAWTray.exe
PRC - [2011-10-27 00:37:14 | 002,152,152 | ---- | M] (Lavasoft Limited) -- D:\program\Adaware\AAWService.exe
PRC - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program\Eset\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011-09-22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program\Eset\ESET NOD32 Antivirus\egui.exe
PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program\DAEMON Tools Lite\DTLite.exe
PRC - [2010-01-08 01:26:54 | 002,478,080 | ---- | M] (SEC) -- C:\Program\MagicTune Premium\MagicTune.exe
PRC - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-08-18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007-08-23 16:05:00 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\MagicTuneEngine.exe
PRC - [2006-07-20 20:38:26 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program\Delade filer\LightScribe\LSSrvc.exe
PRC - [2005-09-24 10:54:15 | 000,050,176 | ---- | M] () -- C:\Program\KatMouse\KatMouse.exe
PRC - [2002-03-19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2000-05-20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012-07-18 18:13:57 | 002,003,424 | ---- | M] () -- C:\Program\Mozilla Firefox\mozjs.dll
MOD - [2012-05-30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program\Delade filer\Apple\Apple Application Support\zlib1.dll
MOD - [2012-05-30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program\Delade filer\Apple\Apple Application Support\libxml2.dll
MOD - [2012-02-20 09:52:41 | 008,358,400 | ---- | M] () -- D:\program\XSplit\avcodec-54.dll
MOD - [2012-02-20 09:52:41 | 001,152,512 | ---- | M] () -- D:\program\XSplit\avformat-54.dll
MOD - [2012-02-20 09:52:41 | 000,333,824 | ---- | M] () -- D:\program\XSplit\swscale-2.dll
MOD - [2012-02-20 09:52:41 | 000,151,040 | ---- | M] () -- D:\program\XSplit\avutil-51.dll
MOD - [2012-02-05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012-02-05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011-09-27 11:28:37 | 000,430,568 | ---- | M] () -- D:\program\Adaware\VipreBridge.dll
MOD - [2011-09-27 11:28:36 | 000,589,184 | ---- | M] () -- D:\program\Adaware\RPAPI.dll
MOD - [2011-09-27 11:27:59 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011-09-05 19:05:00 | 000,300,544 | ---- | M] () -- C:\Program\Delade filer\Adobe\Acrobat\ActiveX\PDFShell.SVE
MOD - [2011-08-19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011-08-18 15:25:12 | 000,308,560 | ---- | M] () -- D:\program\Adaware\Vipre.dll
MOD - [2010-01-08 16:11:12 | 000,077,824 | ---- | M] () -- C:\Program\MagicTune Premium\MagicTuneCore.dll
MOD - [2010-01-08 01:26:48 | 000,065,536 | ---- | M] () -- C:\Program\MagicTune Premium\MTResSwe.dll
MOD - [2010-01-08 01:25:36 | 000,032,768 | ---- | M] () -- C:\Program\MagicTune Premium\HzZone.dll
MOD - [2010-01-08 01:25:34 | 000,040,960 | ---- | M] () -- C:\Program\MagicTune Premium\DProfile.dll
MOD - [2010-01-08 01:25:32 | 000,040,960 | ---- | M] () -- C:\Program\MagicTune Premium\EProfile.dll
MOD - [2010-01-08 01:25:30 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\VESADll.dll
MOD - [2010-01-08 01:25:30 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\IProfile.dll
MOD - [2010-01-08 01:25:28 | 000,040,960 | ---- | M] () -- C:\Program\MagicTune Premium\DeviceInterface.dll
MOD - [2010-01-08 01:25:28 | 000,032,768 | ---- | M] () -- C:\Program\MagicTune Premium\Highlight.dll
MOD - [2008-04-14 18:04:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007-08-23 16:05:00 | 000,045,056 | ---- | M] () -- C:\Program\MagicTune Premium\MagicTuneEngine.exe
MOD - [2005-10-07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program\WinRAR\RarExt.dll
MOD - [2005-09-24 10:54:15 | 000,050,176 | ---- | M] () -- C:\Program\KatMouse\KatMouse.exe
MOD - [2005-09-24 10:52:47 | 000,035,328 | ---- | M] () -- C:\Program\KatMouse\KatMouseS.dll
MOD - [2005-04-19 13:53:44 | 000,013,824 | ---- | M] () -- D:\program\TimeLeft3\trayclock.dll
MOD - [2002-03-19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001-10-28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [2000-05-20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-07-27 18:37:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-18 18:13:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012-03-01 01:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-27 00:37:14 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- D:\program\Adaware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program\Eset\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011-08-15 23:19:01 | 000,095,744 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\rnpasswd.exe -- (Passwdrenew)
SRV - [2010-07-04 11:49:14 | 000,075,496 | ---- | M] (tzuk) [On_Demand | Stopped] -- D:\program\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009-10-20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009-06-03 19:39:00 | 003,116,380 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007-09-01 21:04:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007-08-23 16:05:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2006-07-20 20:38:26 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program\Delade filer\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Video3D32.sys -- (Video3D)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Senfilt.sys -- (SenFiltService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\nvflash.sys -- (NVR0FLASHDev)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\m5281.sys -- (m5281)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\m5228.sys -- (m5228)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\fetnd5.sys -- (FETNDIS)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPANEL.SYS -- (Cardex)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\asusgsb32.sys -- (asusgsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (afjitp3i)
DRV - [2011-09-27 11:28:29 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011-09-21 16:55:29 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011-08-18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011-08-18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\program\Adaware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011-08-09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011-08-04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011-08-04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011-05-15 20:59:10 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011-05-15 20:59:10 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-11-26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010-07-04 11:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- D:\program\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010-02-24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009-10-20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009-08-22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\program\Riva\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009-06-04 14:53:04 | 000,014,080 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2009-03-27 02:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008-06-26 19:18:28 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-04-13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-01-20 09:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008-01-17 11:51:30 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008-01-03 22:34:46 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007-09-05 01:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007-09-04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007-07-02 12:00:50 | 000,466,176 | R--- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2006-12-26 14:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006-12-08 17:06:00 | 000,139,776 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)
DRV - [2006-11-22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006-10-01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006-08-07 16:39:24 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-08-07 16:39:22 | 000,052,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-07-26 08:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006-02-26 17:02:49 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005-12-22 04:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005-06-06 03:44:05 | 000,091,841 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2001-08-17 20:50:18 | 000,198,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv3.sys -- (nv3)
DRV - [2001-06-21 22:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001-06-21 22:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes,DefaultScope = {7E5E24B4-EEF8-434C-BDBC-BCAD9BBF6B5F}
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{29908A7B-F1DE-4E40-A776-377D25340F4A}: "URL" = http://uk.search.yah...=UTF-8&meta=vc=
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{63EDF7ED-D3AF-4B6E-A555-7C6C7B120E6B}: "URL" = http://www.virgin.co...d={searchTerms}
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{76393830-C464-47DC-801D-93451CD56756}: "URL" = http://en.wikipedia....i/{searchTerms}
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{7E5E24B4-EEF8-434C-BDBC-BCAD9BBF6B5F}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{A0629818-8073-4C5A-AFDB-C3505A1CE593}: "URL" = http://search.micros...q={searchTerms}
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{EC6631C7-7B86-4ED0-BE3D-A322CFFA7C18}: "URL" = http://www.cnet.co.u...y={searchTerms}
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\SearchScopes\{F9633607-1D2D-4AE4-8225-A55307BC5B84}: "URL" = http://search.lycos....hTerms}&cat=loc
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1935655697-113007714-839522115-1022\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.100530
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.101028
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.5
FF - prefs.js..extensions.enabledItems: {9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1.6
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program\DivX beta\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: d:\program\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: d:\program\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: d:\program\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program\ekort [2009-06-05 16:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-13 17:45:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program\Mozilla Firefox\components [2012-07-18 18:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2012-07-17 17:00:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-03-30 17:37:07 | 000,000,000 | ---D | M]

[2009-06-29 22:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Extensions
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\[email protected]
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (Save Session) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\[email protected]
[2012-03-19 14:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\OldProfiles\46c4s4oh.default\extensions\staged
[2012-07-26 16:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\2cihnqmz.default\extensions
[2012-03-19 15:04:30 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\2cihnqmz.default\extensions\[email protected]
[2012-06-14 09:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2012-07-18 09:37:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-06-14 09:13:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\46C4S4OH.DEFAULT\EXTENSIONS\[email protected]
[2012-06-14 09:13:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009-08-06 22:13:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012-07-18 18:13:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program\mozilla firefox\components\browsercomps.dll
[2012-06-13 17:44:40 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program\mozilla firefox\plugins\nprpplugin.dll
[2012-06-17 15:31:23 | 000,001,470 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2012-06-17 15:31:23 | 000,002,252 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\bing.xml
[2012-06-17 15:31:23 | 000,002,670 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2012-06-17 15:31:23 | 000,000,948 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2012-06-17 15:31:23 | 000,001,174 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2012-06-17 15:31:23 | 000,000,951 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2012-07-29 01:25:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (EkortBrowserHelper Class) - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\Program\ekort\Bhoekort.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PrivBar) - {300BC64A-BF32-4cc8-8917-91148CEFE700} - C:\WINDOWS\system32\PrivBar.dll ()
O3 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program\Delade filer\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [egui] C:\Program\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1935655697-113007714-839522115-1004..\Run: [DAEMON Tools Lite] C:\Program\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1935655697-113007714-839522115-1004..\Run: [NVIDIA nTune] C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1935655697-113007714-839522115-1022..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\KatMouse.lnk = C:\Program\KatMouse\KatMouse.exe ()
O4 - Startup: C:\Documents and Settings\root\Start-meny\Program\Autostart\ERUNT AutoBackup.lnk = C:\Program\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Simon\Start-meny\Program\Autostart\ERUNT AutoBackup.lnk = C:\Program\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Simon\Start-meny\Program\Autostart\TimeLeft.lnk = D:\program\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1022\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-113007714-839522115-1022\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1264687217000 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193320692211 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341328418640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28A602FC-3462-44CF-BA7B-D2B80B9932EB}: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68EC4009-C1F1-412E-8294-9F60C0B5559A}: NameServer = 148.160.16.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5AA939D-2DB5-4454-96E1-E3CF8CF1B3C7}: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C80C35B6-1CDA-491E-85C4-DA3A3F30B769}: DhcpNameServer = 192.168.0.10
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Simon\Skrivbord\Firefox-bakgrund.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon\Skrivbord\Firefox-bakgrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-05-20 15:22:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-01-02 19:49:48 | 000,076,591 | ---- | M] () - D:\AutoMouseClicker.zip -- [ NTFS ]
O32 - AutoRun File - [2001-03-16 19:12:14 | 000,000,000 | R--D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2001-02-19 16:44:10 | 000,305,664 | R--- | M] (Blue Byte Software, Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001-01-31 18:49:50 | 000,000,096 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008-04-01 14:31:10 | 000,000,052 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2099-05-27 18:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\PCHealth
[2099-05-27 18:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\MigWiz
[2012-07-29 01:25:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-07-29 01:09:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-07-28 21:12:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-07-28 20:55:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-07-28 20:52:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-07-28 20:52:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-07-28 20:52:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-07-28 20:52:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-07-28 20:51:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-07-28 20:32:28 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-07-28 19:57:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Simon\Recent
[2012-07-28 19:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\media center programs
[2012-07-28 19:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Funcom
[2012-07-24 07:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Apple
[2012-07-18 21:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\ESET
[2012-07-18 09:37:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012-07-17 17:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\QuickTime
[2012-07-10 21:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\iTunes
[2012-07-10 21:31:01 | 000,000,000 | ---D | C] -- C:\Program\iPod
[2012-07-10 21:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012-07-10 21:29:51 | 000,000,000 | ---D | C] -- C:\Program\Apple Software Update
[2012-07-10 21:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012-07-10 16:00:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2007-08-04 17:40:15 | 000,098,304 | ---- | C] (Doug Knox) -- C:\Program\xp_remove_hotfix_backup.exe
[2007-05-23 09:39:50 | 000,035,840 | ---- | C] (Twenty One Twelve, Inc.) -- C:\Program\AUTOEJCT.EXE

========== Files - Modified Within 30 Days ==========

[2012-07-29 01:32:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4594A47E-546A-465D-BDA9-39737758D55D}.job
[2012-07-29 01:28:28 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012-07-29 01:28:20 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-29 01:27:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\hlktmp
[2012-07-29 01:27:52 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-113007714-839522115-1004.job
[2012-07-29 01:27:46 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012-07-29 01:27:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-29 01:27:34 | 3488,141,312 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-29 01:25:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-07-29 01:00:12 | 000,443,084 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120729-010203.backup
[2012-07-29 00:37:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-07-28 22:27:43 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{07B16E4F-F152-4E8F-8589-4DBC7A88C970}.job
[2012-07-28 21:15:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-07-28 21:05:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120729-010012.backup
[2012-07-28 20:48:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012-07-28 19:58:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Simon\Skrivbord\MBR.dat
[2012-07-28 19:19:50 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Age of Conan.lnk
[2012-07-28 18:14:38 | 000,190,464 | ---- | M] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-27 11:27:36 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-07-27 11:27:36 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012-07-25 14:56:12 | 000,010,000 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-24 07:19:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-07-23 18:49:55 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012-07-22 18:33:03 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-113007714-839522115-1004.job
[2012-07-11 21:10:47 | 000,046,416 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012-07-11 07:24:04 | 001,532,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-10 21:31:59 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Simon\Skrivbord\iTunes.lnk
[2012-07-03 17:26:22 | 000,002,900 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini

========== Files Created - No Company Name ==========

[2012-07-28 20:55:28 | 000,260,784 | RHS- | C] () -- C:\cmldr
[2012-07-28 20:52:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-07-28 20:52:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-07-28 20:52:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-07-28 20:52:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-07-28 20:52:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-07-28 19:58:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Simon\Skrivbord\MBR.dat
[2012-07-28 19:19:50 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Age of Conan.lnk
[2012-07-23 18:49:55 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012-07-11 22:07:42 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Simon\Skrivbord\iTunes.lnk
[2012-07-11 21:10:47 | 000,046,416 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012-07-10 21:29:52 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Apple Software Update.lnk
[2012-07-10 21:29:52 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-05-22 18:18:19 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012-05-05 01:28:46 | 000,322,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\WPFFontCache_v0400-System.dat
[2012-04-30 22:28:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012-04-30 22:28:03 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012-04-30 22:28:03 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2012-04-30 22:23:35 | 000,029,366 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2012-04-05 06:36:10 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-04-05 06:36:10 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-04-05 06:36:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-04-05 06:35:14 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-03-28 23:48:13 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2012-02-16 12:39:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-05 18:32:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011-11-17 23:12:06 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011-09-27 13:59:29 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011-08-15 23:18:27 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\rnpasswd.exe
[2011-06-04 17:15:24 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-05-07 05:33:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI
[2011-04-27 05:00:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-04-27 05:00:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-04-22 18:45:27 | 001,193,984 | ---- | C] () -- C:\WINDOWS\is-NMD9K.exe
[2011-02-17 15:56:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\housecall.guid.cache
[2011-01-22 15:13:51 | 000,000,076 | ---- | C] () -- C:\WINDOWS\My Settings.ini
[2010-08-04 19:01:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010-08-01 14:41:07 | 000,002,900 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010-02-21 12:43:32 | 000,004,586 | ---- | C] () -- C:\Documents and Settings\Simon\client.ovpn
[2010-02-21 12:43:32 | 000,002,818 | ---- | C] () -- C:\Documents and Settings\Simon\ca.crt
[2010-02-21 12:43:32 | 000,001,419 | ---- | C] () -- C:\Documents and Settings\Simon\server.crt
[2010-02-21 12:43:32 | 000,001,419 | ---- | C] () -- C:\Documents and Settings\Simon\client.crt
[2010-02-21 12:43:32 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Simon\client.key
[2010-02-15 21:37:11 | 000,034,204 | ---- | C] () -- C:\Documents and Settings\Simon\.ems.cfg
[2009-09-03 21:06:28 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Simon\jagex_runescape_preferences2.dat
[2009-08-06 12:53:38 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\Simon\jagex_runescape_preferences.dat
[2009-05-11 16:58:28 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2009-01-04 14:25:47 | 000,000,106 | ---- | C] () -- C:\Program\path.ini
[2008-05-09 01:44:59 | 000,000,222 | ---- | C] () -- C:\Program\pink.bmp
[2008-04-11 01:13:34 | 000,004,162 | ---- | C] () -- C:\Program\color1.bmp
[2008-02-22 19:59:30 | 000,023,446 | ---- | C] () -- C:\Program\bk2.jpg
[2008-02-22 19:59:30 | 000,019,636 | ---- | C] () -- C:\Program\th_07.jpg
[2008-02-22 19:59:30 | 000,010,528 | ---- | C] () -- C:\Program\else.gif
[2008-02-22 19:59:30 | 000,000,680 | ---- | C] () -- C:\Program\bl_07.jpg
[2007-07-28 21:00:09 | 000,007,048 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2007-05-21 00:55:08 | 000,190,464 | ---- | C] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-05-20 15:27:46 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Simon\Lokala inställningar\Application Data\fusioncache.dat

========== LOP Check ==========

[2007-08-04 19:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2007-12-23 15:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2009-01-25 17:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012-04-20 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2011-08-20 16:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2009-06-11 10:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrazyBump
[2011-09-30 17:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011-09-30 18:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011-05-26 20:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DinsCurse
[2011-10-23 22:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011-09-10 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011-10-23 22:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012-03-30 17:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011-03-20 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileServe Limited
[2008-05-24 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2011-10-04 22:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXN
[2011-08-20 16:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010-12-29 20:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009-06-11 10:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\licensecb
[2009-09-03 16:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotionDSP
[2009-06-22 15:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2012-05-02 17:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008-12-27 14:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pqdklkxw
[2012-05-04 23:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SplitMediaLabs
[2010-07-05 21:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2012-07-10 21:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-04-20 18:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011-09-21 17:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\DAEMON Tools Lite
[2010-01-28 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Dev-Cpp
[2008-04-01 16:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\itchwait
[2007-10-26 18:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Leadertech
[2009-05-08 16:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Notepad++
[2008-04-23 10:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\OfficeUpdate12
[2007-09-02 16:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Tibia
[2007-10-26 20:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Uniblue
[2009-01-01 01:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Windows Live Writer
[2010-10-07 16:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\.minecraft
[2009-01-04 19:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Atari
[2009-01-25 17:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Autodesk
[2008-11-06 20:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\CopyRed Alert 3
[2012-06-03 23:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\DAEMON Tools Lite
[2011-09-30 18:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\DAEMON Tools Pro
[2012-07-29 01:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Dev-Cpp
[2010-03-07 16:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\GetRightToGo
[2011-10-04 22:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\go
[2009-12-06 17:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\gtk-2.0
[2012-01-28 23:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\IObit
[2011-05-16 17:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Kalypso Media
[2007-05-21 00:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Leadertech
[2010-05-11 19:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\LolClient
[2009-10-20 20:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010-08-04 18:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Megaupload
[2011-02-01 19:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Moyea
[2011-08-20 15:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\MySQL
[2012-06-08 21:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\NesterSoft
[2012-03-21 16:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Notepad++
[2007-05-20 23:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\OfficeUpdate12
[2009-11-01 14:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Opera
[2012-02-05 18:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\pdfforge
[2008-12-05 16:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Red Alert 3
[2009-03-14 18:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Remere's Map Editor
[2010-08-29 20:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Roads Of Rome
[2009-12-10 19:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\runic games
[2010-07-04 14:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Sierra
[2011-08-22 16:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SmygIP
[2012-05-04 23:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SplitMediaLabs
[2008-09-07 13:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Spore
[2012-04-17 16:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Spotify
[2010-06-14 12:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SystemRequirementsLab
[2012-05-01 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TeamViewer
[2012-01-20 08:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Tibia
[2010-09-09 23:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TibiaAlt
[2010-08-27 10:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TibiaWeirds
[2011-02-20 21:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TS3Client
[2010-07-05 21:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Ubisoft
[2012-04-29 14:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Windows Search
[2009-12-15 01:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Wireshark
[2012-07-29 01:28:28 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011-11-18 07:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\script.job
[2012-07-29 01:27:46 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2012-07-28 22:27:43 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{07B16E4F-F152-4E8F-8589-4DBC7A88C970}.job
[2012-07-29 01:32:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4594A47E-546A-465D-BDA9-39737758D55D}.job

========== Purity Check ==========



< End of report >
  • 0

#10
CompCav
Posted 28 July 2012 - 07:54 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Update me on your computer issues.
  • 0

Advertisements

#11
Ardelo
Posted 29 July 2012 - 06:34 AM

Ardelo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
As far as I can tell, the only thing left is the Dwwin.exe notification that comes up when I shut down the computer. After some research yesterday I thought this had to do with spybot, but that is now removed so maybe I forgot to remove an option there? I'm not sure. Browsing seem quite fine after everything, I've not yet experienced any crashes so that looks good as well. Logging in is a lot smoother now, so as far as I can tell the only 'problem' is the Dwwin.exe notification.

*edit*
The program crashes seem to be gone for sure, and this is really awesome. It's been a knife in my side for quite a while, and it's really awesome that it's fixed. Thanks a lot !

Edited by Ardelo, 29 July 2012 - 08:48 AM.

  • 0

#12
CompCav
Posted 29 July 2012 - 12:47 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks for the update we will work on Dwwin.exe in a few posts. We need to do this first:


Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log

Please give me an update on how your computer is doing!
  • 0

#13
Ardelo
Posted 30 July 2012 - 05:46 PM

Ardelo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
sorry I've been quite preoccupied, I finally have time to continue the steps and will edit in the logs in this post asap
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Databasversion: v2012.07.30.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Simon :: SIMTOR [administratör]

2012-07-31 01:49:24
mbam-log-2012-07-31 (01-49-24).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 233820
Förfluten tid: 6 minut(er), 20 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000DA-0786-4633-87C6-1AA7A4429EF1} (Fake.Dropped.Malware) -> Sattes i karantän och togs bort.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Sattes i karantän och togs bort.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8C0220D-763D-49A4-95F4-61DFDEC66EE6} (Fake.Dropped.Malware) -> Sattes i karantän och togs bort.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Sattes i karantän och togs bort.
HKCU\SOFTWARE\WakeNet (Trojan.Agent) -> Sattes i karantän och togs bort.

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 0
(Inga skadliga poster hittades)

(klar)

Edited by Ardelo, 30 July 2012 - 05:57 PM.

  • 0

#14
CompCav
Posted 30 July 2012 - 05:50 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please do a new post, if you edit I will not be notified that you posted. ;)
  • 0

#15
Ardelo
Posted 31 July 2012 - 08:45 AM

Ardelo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
the folder was never created (c/program files*) however I had eset installed before as antivirus and in that root folder the online scanner was placed, however, there was no log file in it or anything resembling it that I could open with a text editor and view as plain text.

After the nod online scan, I could not enter this site. Now that this site work, other sites I use(fireox tabs) are not working properly, I get errors like 'unable to connect to database', '404 not found' and others like this. After some stuff were removed with nod, it seem to have unleashed something in my computer, not sure what happened..

here's the security check anyway

ter Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Lavasoft Ad-Watch Live! Anti-Virus
ESET NOD32 Antivirus 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SpywareBlaster 4.2
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 11.3.300.268
Adobe Reader X (10.1.1)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP